Rails strong parameters: permitting nested attributes

1
votes

Say I have controller params with the following structure:

{
  "foo" => {
    "id" => 123,
    "children" => {
      "0" => {
        "a" => "a"
      },
      "1" => {
        "b" => "b"
      }
    }
  }
}

How can I permit all the data explicitly? I don't want to permit arbitrary data at any point in the hierarchy.

I had expected this work:

params.require(:foo).permit(:id, children: { "0" => [:a], "1" => [:b] })

However, it returns:

{ "id" => 123, "children" => { "0" => {}, "1" => {} } }

How can I whitelist the permitted attributes for each child?

2
ruby-on-railsstrong-parameters
Oddly, I get the expected results when the child keys are non-numeric. Is this a bug?scttnlsn
I'm using Rails 5.1.6scttnlsn

2 Answers

0
votes

Try square brackets instead of braces:

params.require(:foo).permit(
  :id,
  children: [
    "0": [:a],
    "1": [:b]
  ]
)
0
votes

Try this

params.require(:foo).permit(:id, :children => { :"0" => [:a], :"1" => [:b] })