Rails multiple params permit calls

0
votes

I am trying to use multiple permits in a single method similar to the following (psuedocode)

  def index
    model.create(
      params.permit(:b, :c)
    )
    params.permit(:a)
  end

This is my actual code

  def create
    params.permit(:create_special_categories)
    balance_sheet = ::BalanceSheet.create!(
      balance_sheet_params.merge(date: Time.zone.now.to_date, entity: @entity)
    )
    balance_sheet.create_special_categories if params[:create_special_categories]
    render json: balance_sheet, serializer: ::Api::V3::BalanceSheetSerializer
  end

  def balance_sheet_params
    params.permit(
      :id,
      :entity,
      :entity_id,
      :date,
      :name
    )
  end

However, I get the following error... 

ActionController::UnpermittedParameters:
       found unpermitted parameter: :create_special_categories

UPDATE

my solution was to avoid strong parameters all together.

  def create
    balance_sheet = ::BalanceSheet.new(
      date: Time.zone.now.to_date, entity: @entity
    )
    balance_sheet.name = params[:name]
    balance_sheet.save!
    balance_sheet.create_special_categories if params[:create_special_categories]
    render json: balance_sheet, serializer: ::Api::V3::BalanceSheetSerializer
  end
1
ruby-on-railsparameters

1 Answers

1
votes

This line doesn't have any effect, params.permit are not chained or added to a previous permit, you must use the result, that is why it's almost always used in a separate method.

params.permit(:create_special_categories)

What you must do is use what that returns for your following statements

permitted_params = params.permit(:create_special_categories)
Model.create(permitted_params)

...however you really should outsource this to a special method like you already have. You will have to tweak this to your use-case obviously.

def balance_sheet_params
  if params[:create_special_categories]
    params.permit(:id,
        :entity,
        :entity_id,
        :date,
        :name,
        :create_special_categories)
  else
      params.permit(
        :id,
        :entity,
        :entity_id,
        :date,
        :name)
  end
end