Ruby - How to define params for require()?

Question

questions_controller.rb

  def index
    @questions = Question.all(app_params)
  end

  private

  def app_params
    params.require(:questions).permit(:question, :answer)
  end
end

question.rb

class Question < ActiveRecord::Base
end

I am completely new to ruby-on-rails. I was following a guide and it said I should take care of some "loopholes" or "security issues" and it used attr_accessible, but on Rails 4, they suggest strong parameters, so now I'm trying to use them. I'm confused on how to define the :questions params, because I'm currently getting an error saying that :questions param is not found.

:questions is pretty much something that I will define myself as the web developer.

So for example, I will define questions = "How are you?", "What is your name?". I'm basically starting very simply. I want questions that I have created to be displayed on my webpage. Ultimately, I plan to make a website what is basically a list of questions and, with answer options. After the user clicks "submit" I want to store the information into my database.

Am I supposed to even be requiring this as a param? I'm completely lost..

Answer 1

Do you have a dump of the params we could look at? They are shown when your app encounters an error, and typically shows you the params array which rails will pass through

---

Strong Params In Rails 4

Strong Params allow you to allow certain parameters for use in the controller, protecting against any malicious assignment client-side. They replaced attr_accessible in Rails 4.0

Strong Params is only for user-submitted content, as it's designed to protect the params hash. To that end, it's mostly used with the create and find functions:

class PeopleController < ActionController::Base
  # Using "Person.create(params[:person])" would raise an
  # ActiveModel::ForbiddenAttributes exception because it'd
  # be using mass assignment without an explicit permit step.
  # This is the recommended form:
  def create
    Person.create(person_params)
  end

  # This will pass with flying colors as long as there's a person key in the
  # parameters, otherwise it'll raise an ActionController::MissingParameter
  # exception, which will get caught by ActionController::Base and turned
  # into a 400 Bad Request reply.
  def update
    redirect_to current_account.people.find(params[:id]).tap { |person|
      person.update!(person_params)
    }
  end

  private
    # Using a private method to encapsulate the permissible parameters is
    # just a good pattern since you'll be able to reuse the same permit
    # list between create and update. Also, you can specialize this method
    # with per-user checking of permissible attributes.
    def person_params
      params.require(:person).permit(:name, :age)
    end
end

params.require

The params.require function works by taking this params hash:

params{:question => {:question => "1", :answer => "5"}}

That's why people asked what your params hash looks like, because the require function can only work if the :question hash is present.

---

Possible Solutions For You

1. Question.all(app_params)

Regardless of what you're trying to achieve, don't use all. The where function is better for receiving an array of data based on certain values. I believe all is depreciated anyway.

def index
    @questions = Question.where("value = ?", variable)
end

2. What data is being passed?

I will define questions = "How are you?", "What is your name?"

This is okay, but typically in rails, you'd call data by using an ID in the database. If you're defining these questions in a form, you'd use the strong params system; but you'd need a form to submit the data to

---

Further Additions

The rails way is to keep all your data in a database, and use the application to manipulate that data, either by showing it, or allowing people to input more.

The "params" variables are basically there to help the rails controllers & models accept & process data from end users, and consequently allow you to keep the system growing. Instead of having to write custom code to accommodate all sorts of different data, the params give you a rigid structure to work with. Here is a good explaination of how MVC (and params) works for you: How does an MVC system work?

I think you're getting confused with how your app should work

Your "questions" should be stored in a questions table / model, and can be accessed by calling their ID's with the find function. This code would be like this:

#app/controllers/questions_controller.rb
def show
    @question = Question.find(params[:id])
end

If you want to add new questions, you'll be best to add them to the questions table, like this:

#app/controllers/questions_controller.rb
def new 
    @question = Question.new
end

def create
    @question = Question.new(question_params)
    @question.save
end


private
def question_params
    params.require(:question).permit(:question)
end


#app/views/questions/new.html.erb
<%= form_for @question do |f| %>
    <%= f.text_field :question %>
<% end %>

This will give you a central store of your questions, which you'll then be able to access when you need them, either with a helper or with your ".all" call :)