Understand the require of strong parameters - Rails

Question

I have a filters controller and a integration object that has tags. I'm trying to update the integration object. I'm using strong params that look like this.

def filters_params
  params.require(:filters).permit(:tags)
end

What exactly is the require in strong params? is it the key? And how could I make this work?

Answer 1

The params is a hash object of parameters you have sent with request(text message) to webserver using probably HTML form and web browser. This request message is parsed to a ruby Hash by rack(Rails is an http://rack.github.io/ app). The rails app takes this http://www.rubydoc.info/gems/rack/Rack/Request req.params and routes it to handle by proper controller based on request path. Routing is specified in config/routes.rb file.

Your params are params that you send to rails web app, parsed and turned into code structure named http://apidock.com/rails/ActionController/Parameters You can easily inspect it by putting some binding.pry https://github.com/pry/pry in the controller and inspecting class of this structure. Then you simply hit apidock for answers( There are also dynamic ways of displaying source code from console).

But to answer your question...

Strong parameters are a kind of schema(data structure) specification/validation.

So params.require(:filters).permit(:tags) basically means that it expects a Hash that will look like this: {filters: {tags: []}. If you don't give something that's required then an error is raised. If you give something that's isn't permitted it's ignored.

Strong params are there to allow easy mass assignment but with filtering/whitelisting. Otherwise someone could for example put hash: {user: {is_admin: true, id: 123}}. Instead you can just allow for modification of name and address only for example. More info: http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters

Other viable ruby library to do such validations is http://dry-rb.org/gems/dry-validation/

BTW you can see how it works here: http://apidock.com/rails/ActionController/Parameters/require

    def require(key)
      value = self[key]
      if value.present? || value == false
        value
      else
        raise ParameterMissing.new(key)
      end
    end

http://apidock.com/rails/ActionController/Parameters/permit

    def permit(*filters)
      params = self.class.new

      filters.flatten.each do |filter|
        case filter
        when Symbol, String
          permitted_scalar_filter(params, filter)
        when Hash then
          hash_filter(params, filter)
        end
      end

      unpermitted_parameters!(params) if self.class.action_on_unpermitted_parameters

      params.permit!
    end

and as you can see in this case it's permitted_scalar_filter: http://apidock.com/rails/ActionController/Parameters/permitted_scalar_filter

 def permitted_scalar_filter(params, key)
    if has_key?(key) && permitted_scalar?(self[key])
      params[key] = self[key]
    end

    keys.grep(/\A#{Regexp.escape(key)}\(\d+[if]?\)\z/) do |k|
      if permitted_scalar?(self[k])
        params[k] = self[k]
      end
    end
  end

I hope that armed with this knowledge you can solve your issue ;)