diff options
author | Thomas Drake-Brockman <thom@sfedb.com> | 2013-01-05 15:46:38 +0800 |
---|---|---|
committer | Thomas Drake-Brockman <thom@sfedb.com> | 2013-01-05 15:46:38 +0800 |
commit | 08578bb40a66aa3c73edab8eef795da6647ed694 (patch) | |
tree | 8de50a0484d5b62015f9f0e717b18fc57d5b269e /actionpack/lib/action_controller/metal | |
parent | c9402c0258e85f125ce7cdc292381eb8b9dcbbe0 (diff) | |
download | rails-08578bb40a66aa3c73edab8eef795da6647ed694.tar.gz rails-08578bb40a66aa3c73edab8eef795da6647ed694.tar.bz2 rails-08578bb40a66aa3c73edab8eef795da6647ed694.zip |
Allow developers to enable raising of exception when unexpected params are provided.
Diffstat (limited to 'actionpack/lib/action_controller/metal')
-rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index da380dfbd8..b566dad9eb 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -20,6 +20,20 @@ module ActionController end end + # Raised when a supplied parameter is not expected. + # + # params = ActionController::Parameters.new(a: "123", b: "456") + # params.permit(:c) + # # => ActionController::UnexpectedParameter: found unexpected keys: a, b + class UnexpectedParameters < IndexError + attr_reader :params + + def initialize(params) + @params = params + super("found unexpected keys: #{params.join(", ")}") + end + end + # == Action Controller \Parameters # # Allows to choose which attributes should be whitelisted for mass updating @@ -66,6 +80,7 @@ module ActionController # params["key"] # => "value" class Parameters < ActiveSupport::HashWithIndifferentAccess cattr_accessor :permit_all_parameters, instance_accessor: false + cattr_accessor :raise_on_unexpected, instance_accessor: false # Returns a new instance of <tt>ActionController::Parameters</tt>. # Also, sets the +permitted+ attribute to the default value of @@ -223,6 +238,13 @@ module ActionController end end + if Parameters.raise_on_unexpected + unexpected_keys = self.keys - params.keys + if unexpected_keys.any? + raise ActionController::UnexpectedParameters.new(unexpected_keys) + end + end + params.permit! end |