aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorSteve Hull <sdhull@users.noreply.github.com>2018-04-16 12:50:18 -0700
committerSteve Hull <sdhull@users.noreply.github.com>2018-04-16 14:38:20 -0700
commite539f2d5850c00ba40514af9b8f1961b0f208fe6 (patch)
tree06cf768148d5020ac73a7dad5320f2b134bcf3dd /actionpack
parent37b373a8d2a1cd132bbde51cd5a3abd4ecee433b (diff)
downloadrails-e539f2d5850c00ba40514af9b8f1961b0f208fe6.tar.gz
rails-e539f2d5850c00ba40514af9b8f1961b0f208fe6.tar.bz2
rails-e539f2d5850c00ba40514af9b8f1961b0f208fe6.zip
Fixes StrongParameters permit! to work with nested arrays
`permit!` is intended to mark all instances of `ActionController::Parameters` as permitted, however nested arrays of params were not being marked permitted because the method did shallow iteration. This fixes that by flattening the array before calling `permit!` on all each item.
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/CHANGELOG.md7
-rw-r--r--actionpack/lib/action_controller/metal/strong_parameters.rb2
-rw-r--r--actionpack/test/controller/parameters/parameters_permit_test.rb5
3 files changed, 12 insertions, 2 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 152ec3700b..56542b7c87 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,10 @@
+* Fix strong parameters `permit!` with nested arrays
+
+ Strong parameters doesn't support nested arrays, take as example: `[[{ name: 'Leonardo', age: 26 }]]`.
+ This is separate from making `permit(something: [[:key]])` work properly, which is being addressed in #23650
+
+ *Steve Hull*
+
* Move default headers configuration into their own module that can be included in controllers.
*Kevin Deisz*
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 4789252550..5a06bf86e3 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -374,7 +374,7 @@ module ActionController
# Person.new(params) # => #<Person id: nil, name: "Francesco">
def permit!
each_pair do |key, value|
- Array.wrap(value).each do |v|
+ Array.wrap(value).flatten.each do |v|
v.permit! if v.respond_to? :permit!
end
end
diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb
index e60003dc64..2183a46da8 100644
--- a/actionpack/test/controller/parameters/parameters_permit_test.rb
+++ b/actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -353,12 +353,15 @@ class ParametersPermitTest < ActiveSupport::TestCase
assert_equal "Jonas", @params[:person][:family][:brother]
end
- test "permit is recursive" do
+ test "permit! is recursive" do
+ @params[:nested_array] = [[{ x: 2, y: 3 }, { x: 21, y: 42 }]]
@params.permit!
assert_predicate @params, :permitted?
assert_predicate @params[:person], :permitted?
assert_predicate @params[:person][:name], :permitted?
assert_predicate @params[:person][:addresses][0], :permitted?
+ assert_predicate @params[:nested_array][0][0], :permitted?
+ assert_predicate @params[:nested_array][0][1], :permitted?
end
test "permitted takes a default value when Parameters.permit_all_parameters is set" do
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-26 05:30:38 +0000