Ruby-on-rails Rails 4 - 强参数 - 嵌套对象
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18436741/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Rails 4 - Strong Parameters - Nested Objects
提问by Benjamin M
I've got a pretty simple question. But haven't found a solution so far.
我有一个很简单的问题。但是目前还没有找到解决办法。
So here's the JSON string I send to the server:
所以这是我发送到服务器的 JSON 字符串:
{
"name" : "abc",
"groundtruth" : {
"type" : "Point",
"coordinates" : [ 2.4, 6 ]
}
}
Using the new permit method, I've got:
使用新的许可方法,我有:
params.require(:measurement).permit(:name, :groundtruth)
This throws no errors, but the created database entry contains nullinstead of the groundtruth value.
这不会引发任何错误,但创建的数据库条目包含null而不是 groundtruth 值。
If I just set:
如果我只是设置:
params.require(:measurement).permit!
Everything get's saved as expected, but of course, this kills the security provided by strong parameters.
一切都按预期保存,但是当然,这会破坏强参数提供的安全性。
I've found solutions, how to permit arrays, but not a single example using nested objects. This must be possible somehow, since it should be a pretty common use case. So, how does it work?
我找到了解决方案,如何允许数组,但没有找到使用嵌套对象的单个示例。这一定是可能的,因为它应该是一个非常常见的用例。那么它是怎样工作的?
回答by j03w
As odd as it sound when you want to permit nested attributes you do specify the attributes of nested object within an array. In your case it would be
当您想要允许嵌套属性时,您确实在数组中指定了嵌套对象的属性,这听起来很奇怪。在你的情况下,这将是
Updateas suggested by @RafaelOliveira
更新由@RafaelOliveira的建议
params.require(:measurement)
.permit(:name, :groundtruth => [:type, :coordinates => []])
On the other hand if you want nested of multiple objects then you wrap it inside a hash… like this
另一方面,如果你想要嵌套多个对象,那么你可以将它包装在一个散列中......像这样
params.require(:foo).permit(:bar, {:baz => [:x, :y]})
Rails actually have pretty good documentation on this: http://api.rubyonrails.org/classes/ActionController/Parameters.html#method-i-permit
Rails 实际上对此有很好的文档:http: //api.rubyonrails.org/classes/ActionController/Parameters.html#method-i-permit
For further clarification, you could look at the implementation of permitand strong_parametersitself: https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/strong_parameters.rb#L246-L247
为了进一步说明,您可以查看permit和strong_parameters本身的实现:https: //github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/strong_parameters.rb#L246-L247
回答by M.ElSaka
I found this suggestion useful in my case:
我发现这个建议对我来说很有用:
def product_params
params.require(:product).permit(:name).tap do |whitelisted|
whitelisted[:data] = params[:product][:data]
end
end
Check this linkof Xavier's comment on github.
查看Xavier 在 github 上的评论链接。
This approach whitelists the entire params[:measurement][:groundtruth] object.
这种方法将整个 params[:measurement][:groundtruth] 对象列入白名单。
Using the original questions attributes:
使用原始问题属性:
def product_params
params.require(:measurement).permit(:name, :groundtruth).tap do |whitelisted|
whitelisted[:groundtruth] = params[:measurement][:groundtruth]
end
end
回答by Codiee
Permitting a nested object :
允许嵌套对象:
params.permit( {:school => [:id , :name]},
{:student => [:id,
:name,
:address,
:city]},
{:records => [:marks, :subject]})
回答by user8164115
If it is Rails 5, because of new hash notation:
params.permit(:name, groundtruth: [:type, coordinates:[]])will work fine.
如果它是 Rails 5,由于新的哈希符号:
params.permit(:name, groundtruth: [:type, coordinates:[]])将正常工作。
