Rails: Unpermitted parameter in Rails 5

Question

First of all I want simply get an object inside the current object that I'm sending to my backend.

I have this simple JSON (generated from a form):

{
  "name": "Project 1",
  "project_criteria": [
    {
      "name": "Criterium 1",
      "type": "Type 1",
      "benefit": "1"
    },
    {
      "name": "Criterium 2",
      "type": "Type 2",
      "benefit": "3"
    }
  ]
}

My classes:

class Project < ApplicationRecord
  has_many :project_criteria
  accepts_nested_attributes_for :project_criteria
end

class ProjectCriterium < ApplicationRecord
  belongs_to :project
end

ProjectsController:

def project_params
  params.require(:project).permit(:name,  project_criteria: [] )
end

But I still can't access project_criteria parameter as you can see below:

Started POST "/projects" for 127.0.0.1 at 2016-08-19 16:24:03 -0300
Processing by ProjectsController#create as HTML
  Parameters: {"project"=>{"name"=>"Project 1", "project_criteria"=>{"0"=>{"benefit"=>"1", "name"=>"Criterium 1", "type"=>"Type 1"}, "1"=>{"benefit"=>"3", "name"=>"Criterium 2", "type"=>"Type 2"}}}}
Unpermitted parameter: project_criteria # <-----------

Note:

By the way, I already tried to use criterium instead of criteria(which - in my opinion - is the correct since it should be pluralized) in has_many and accepts_nested_attributes_for, but it also doesn't work.

Does someone have a solution for this?

Answer 1

It's not the inflection of the word "criteria" that's giving you problems (although you can add a custom inflector to get the singular and plural versions you prefer if you really want).

The issue is that you have to explicitly permit the fields of nested objects.

Change your current params:

params.require(:project).permit(:name,  project_criteria: [] )

To this (for a single nested object):

params.require(:project).permit(:name,  project_criteria: [:name, :type, :benefit] )

Your case is somewhat compounded by the fact that you're dealing with multiple nested objects, so you'll have to pass a hash instead:

params.require(:project).permit(:name,  { project_criteria: [:name, :type, :benefit]} )

Answer 2

I had this issue when working on a Rails 6 application.

My application consists of a User model that has a one-to-one relationship a Personal_Info model

My original code was this:

User Model

class User < ApplicationRecord 
  has_one :personal_info, class_name: 'PersonalInfo', dependent: :destroy
  accepts_nested_attributes_for :personal_info, allow_destroy: true
end

Personal Info Model

class PersonalInfo < ApplicationRecord
  belongs_to :user
end

User Controller

class UsersController < ApplicationController

  def index
    @users = User.all
  end
  .
  .

  def user_params
    params.require(:user).permit(:email, :password, :password_confirmation,
                                 personal_info_attributes: [:first_name,  
                                 :last_name, :phone, :gender, :dob, 
                                 :address, :city, :state, :country])
  end
end

The issue was that I did not add the Personal_Info id to the accepted user params (parameters).

Here's how I fixed it:

I simply had to add the Personal_Info id to the UsersController params this way:

User Controller

class UsersController < ApplicationController

  def index
    @users = User.all
  end
  .
  .

  def user_params
    params.require(:user).permit(:email, :password, :password_confirmation,
                                 personal_info_attributes: [:id, :first_name,  
                                 :last_name, :phone, :gender, :dob, 
                                 :address, :city, :state, :country])
  end
end

Another way is to add the update_only option to the Users Model this way:

class User < ApplicationRecord 
  has_one :personal_info, class_name: 'PersonalInfo', dependent: :destroy
  accepts_nested_attributes_for :personal_info, update_only: true, allow_destroy: true
end

That's all.

I hope this helps