ruby on rails - how to allow all of the attributes of a model when -

-

i migrating rails 3.2 app strong_parameters , don't have experience.

i have model called item has_many attributes. in our item#update i'd able following:

# model class item < activerecord::base   include activemodel::forbiddenattributesprotection   has_many :assets, :as => :assetable, :dependent => :destroy ...  #in items_controller.rb  def update   @item=item.find(params[:id])   if @item.update_attributes(params[:item])  ... private  def item_params   params.require(:item).permit(:assets_attributes).permit! end

how specify item_params allow asset created through update statement?

edit 1

so if pull list of attributes via: 

a=asset.first a.attributes

i get:

{"id"=>4424,  "name"=>nil,  "created_at"=>fri, 24 jan 2014 15:49:17 pst -08:00,  "updated_at"=>fri, 24 jan 2014 15:49:17 pst -08:00,  "asset_file_name"=>"br-3.jpg",  "asset_content_type"=>"image/jpeg",  "asset_file_size"=>198085,  "asset_updated_at"=>fri, 24 jan 2014 15:49:16 pst -08:00,  "menu_item_id"=>nil,  "assetable_id"=>1,  "assetable_type"=>"locationprofilealbum",  "global_id"=>9394,  "description"=>nil,  "associated_global_id"=>9393,  "user_id"=>nil,  "position"=>0.0,  "hash_val"=>nil,  "is_instore"=>false,  "location_id"=>nil,  "filepicker_url"=>nil}

if put in:

  def item_params     params.require(:item).permit(         :assets_attributes[             :id, :name, :created_at, :updated_at , :asset_file_name, :asset_content_type, :asset_file_size, :asset_updated_at, :menu_item_id, :assetable_id, :assetable_type, :global_id, :description, :associated_global_id, :user_id, :position, :hash_val, :is_instore, :location_id, :filepicker_url         ]     )

and add file, error: 

argumenterror (wrong number of arguments (20 1..2)):   app/controllers/items_controller.rb:218:in `[]'   app/controllers/items_controller.rb:218:in `item_params'

first, need specify attributes nested assets allowed, e.g.:

def item_params   params.require(:item).permit(assets_attributes: [:col1, :col2, :col3]) end

then, make sure use private method when updating @item:

@item.update_attributes item_params

eta (based on edit1): paperclip posts actual file, not attributes, would:

params.require(:item).permit(assets_attributes: [:asset])

for future reference can find parameters being passed action in logs. like:

  parameters: {"utf8"=>"✓", "item"=>{"assets_attributes"=>[{"asset"=>#<actiondispatch::http::uploadedfile…>}]}

the logs include notice parameters have been excluded strong params. can helpful determining parameters need permitted.

i want discourage adding parameters permitted list. strong parameters motivated serious security concerns, namely attackers being able edit fields should not have access to. basically, keep in mind anyone access web page able post value parameter in permitted list.


Comments

Post a Comment

Popular posts from this blog

python - pip install -U PySide error -

-
does know how avoid following error when running pip install -u pyside per official website instructions here: https://pypi.python.org/pypi/pyside/#installing-pyside-on-a-mac-os-x-system note have done brew install qt successfully. you using pip version 7.0.3, version 7.1.2 available. should consider upgrading via 'pip install --upgrade pip' command. collecting pyside using cached pyside-1.2.4.tar.gz installing collected packages: pyside running setup.py install pyside complete output command /applications/anaconda/bin/python -c "import setuptools, tokenize;__file__='/private/var/folders/dy/ttgqhqqx3g9bsbsnqnxsk2z80000gq/t/pip-build-cpxemt/pyside/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /var/folders/dy/ttgqhqqx3g9bsbsnqnxsk2z80000gq/t/pip-0r7hri-record/install-record.txt --single-version-externally-managed --compile: ...
Read more

arrays - C++ error: a brace-enclosed initializer is not allowed here before ‘{’ token -

-
simple question: i'm trying initialize array within c++ class declaration: using namespace std; #include <string> class myclass{ public: string myarray[] = {"a","b","c"}; }; and i'm getting error: error: brace-enclosed initializer not allowed here before ‘{’ token no, without complied c++11 compiler, cannot initialize member array in declaration. have initialize array member in constructor. , don't use open array if know number of elements initialize array.
Read more

cytoscape.js - How to add nodes to Dagre layout with Cytoscape -

-
i trying add nodes dagre graph through cityscape.js. problem nodes not painted. code have: cy.add({ group: "nodes", data: { id:"n0",name:"n0",weight: 75 }, }); $.ajax(url).done(function(jsontree){ var newnodes=[]; for(var i=1;i<6;i++){ //var child = jsontree.result[i]; newnodes.push( { group: "nodes", data: { id: "n"+i, name:"n"+i}}, { group: "edges", data: { id: "e"+i, source: "n0", target: "n"+i } } ); } cy.add(newnodes); any ideas? have used loaded function reload graph not work. not know if have use specific function reload graph. thank in advance. you need add positions new nodes. cytoscape.js docs : it important note positions of newly added nodes must defined when calling cy.add(). nodes can not placed in graph without valid position — otherwise not displayed. yo...
Read more