I'm sending an array of association ids, say foo_ids
to my controller. To permit an array of values, I use:
params.permit(foo_ids: [])
Now, the problem is that if I send an empty array of foo_ids
, the parameter is ignored. Instead of clearing all foos
as an empty array should do, the association is left alone, because foo_ids
isn't permitted.
This may be because an empty array is converted to nil in rails, and that nil value is ignored as strong parameters is looking for an array of scalar values, not a single scalar value.
Can anyone suggest a good way to solve this? Thanks!
Additional info
In an update controller action, I need to be able to handle two cases. I need to be able to set foo_ids
to an empty array. I also need to be able to ignore foo_ids
if I merely want to update another field. Setting foo_ids
to an empty array if nil does not work for this second case.
In the latest major version of Ruby on Rails, Strong Parameters were introduced. The intent of this addition was to enable consistent and reliable parameter checking. Using Strong Parameters is simple and intuitive. It provides a very clean method API to help keep controllers DRY.
TLDR: Strong Params must permit nested arrays last! Strong Parameters, aka Strong Params, are used in many Rails applications to increase the security of data sent through forms. Strong Params allow developers to specify in the controller which parameters are accepted and used.
This issue with Strong Parameters is very specific and can often be avoided by redefining how data is organized and avoiding nested arrays. However, for times when nested Strong Params seems to be the best solution, it is important to remember that nested parameters will be ignored within the Strong Parameters unless they are permitted last.
This is another feature of Strong Parameters. The reason an error occurs is that the author_params method did not specify which parameters could be mass assigned to the Author class. Passing the result of require directly to Author.create will trip this safety measure.
This is quite late, but I just had this problem myself. I solved it by including both the scalar version and array version in the permit statement, like so:
params.require(:photo).permit(:tags, tags: [])
FYI - it has to have both in the same permit statement - if you chain them it'll get thrown out for some reason.
EDIT: I just noticed that an empty array submitted via this method will be turned into nil - I've now got a bunch of fields that should be empty arrays that are nil. So the solution I posted doesn't actually work for me.
EDIT the second: Thought I had already added this, but this problem is related to Rails performing deep_munge on params hashes. This comment explains how to fix it: https://stackoverflow.com/a/25428800/130592
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With