| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Show unpermitted parameters as symbols in logs (so they could be copy…
|
| |
| |
| |
| | |
to the code)
|
|/
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
|
|
|
|
|
|
|
|
| |
A few have been left for aesthetic reasons, but have made a pass
and removed most of them.
Note that if the method `foo` returns an array, `foo << 1`
is a regular push, nothing to do with assignments, so
no self required.
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
| |
Looked odd, so completely detached from the other necessary part of
the implementation.
|
|
|
|
|
|
| |
The coder that Psych passes in has a `tag` method we can use to detect
which serialization format we're reviving for. Use it and make it clearer
alongside the `load_tags` fiddling.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we were to serialize an `ActionController::Parameters` on Psych 2.0.8, we'd get:
```yaml
--- !ruby/hash:ActionController::Parameters
key: :value
```
Because 2.0.8 didn't store instance variables, while 2.0.9 did:
https://github.com/tenderlove/psych/commit/8f84ad0fc711a82a1040def861cb121e8985fd4c
That, coupled with 2.0.8 calling `new` instead of `allocate` meant parameters was
deserialized just fine:
https://github.com/tenderlove/psych/commit/af308f8307899cb9e1c0fffea4bce3110a1c3926
However, if users have 2.0.8 serialized parameters, then upgrade to Psych 2.0.9+ and
Rails 5, it would start to blow up because `initialize` will never be called, and thus
`@parameters` will never be assigned. Hello, `NoMethodErrors` on `NilClass`! :)
To fix this we register another variant of the previous serialization format and take
it into account in `init_with`.
I've tested this in our app and previously raising code now deserializes like a champ.
I'm unsure how to test this in our suite because we use Psych 2.0.8 and don't know how
to make us use 2.0.9+ for just one test.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By changing ActionController::Parameter's superclass, Rails 5 also changed
the YAML serialization format.
Since YAML doesn't know how to handle parameters it would fallback to its
routine for the superclass, which in Rails 4.2 was Hash while just Object
in Rails 5. As evident in the tags YAML would spit out:
4.2: !ruby/hash-with-ivars:ActionController::Parameters
5.0: !ruby/object:ActionController::Parameters
Thus when loading parameters YAML from 4.2 in Rails 5, it would parse a
hash dump as it would an Object class.
To fix this we have to provide our own `init_with` to be aware of the past
format as well as the new one. Then we add a `load_tags` mapping, such that
when the YAML parser sees `!ruby/hash-with-ivars:ActionController::Parameters`,
it knows to call our `init_with` function and not try to instantiate it as
a normal hash subclass.
|
|
|
|
|
|
| |
`#initialize_copy` to manually duplicate the underlying parameters hash
It looks like `ActionController::Parameters#dup` is leftover from when the class inherited from `Hash`. We can just trust `#dup`, which already copies the `@permitted` instance variable (confirmed by tests). We still define a `#initialize_copy` to make `@parameters` a copy that can be mutated without affecting the original instance.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `ActionController::Parameters` is duplicated with `#dup`, it doesn't create a duplicate of the instance variables (e.g. `@parameters`) but rather maintains the reference (see <http://ruby-doc.org/core-2.3.1/Object.html>). Given that the parameters object is often manipulated as if it were a hash (e.g. with `#delete` and similar methods), this leads to unexpected behaviour, like the following:
```
params = ActionController::Parameters.new(foo: "bar")
duplicated_params = params.dup
duplicated_params.delete(:foo)
params == duplicated_params
```
This fixes the bug by defining a private `#initialize_copy` method, used internally by `#dup`, which makes a copy of `@parameters`.
|
|
|
|
|
| |
In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will
be permitted by default. The default is +false+."
|
|
|
|
|
|
|
|
|
|
| |
The changes in this commit are twofold:
1. The examples showing `#require` accepting two arguments were wrong - you
have to wrap the arguments (two, or more) in an array.
2. `ActionController::Parameters` has an `#inspect` method now (since
https://github.com/rails/rails/pull/23732), and the documentation should
reflect that.
|
|
|
| |
This example code wasn't getting wrapped in a `<code>` tag due to incorrect indentation.
|
| |
|
| |
|
|
|
|
|
|
| |
This brings the behavior more inline with other similar cases, such as
receiving a hash when an array of scalars was expected. Prior to this
commit, the key would be present, but the value would be `nil`
|
|\ |
|
| |
| |
| |
| | |
- Added missing `"`.
|
| |
| |
| |
| | |
[ci-skip]
|
| |
| |
| |
| | |
parameters documentation [skip ci]
|
| | |
|
|/
|
|
|
|
| |
This method will only be added when used with Ruby 2.3.0 or greater.
This method has the same behavior as `Hash#dig`, except it will convert
hashes to `ActionController::Parameters`, similar to `#[]` and `#fetch`.
|
|
|
|
| |
- Fixes #23822.
|
| |
|
|
|
|
| |
Creating a protected getter method for `@parameters`.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While iterating an AC::Parameters object, the object will mutate itself
and stick AC::Parameters objects where there used to be hashes:
https://github.com/rails/rails/blob/f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9/actionpack/lib/action_controller/metal/strong_parameters.rb#L632
If you use `permit` after this iteration, the `fields_for_style` method
wouldn't return true because the child objects are now AC::Parameters
objects rather than Hashes.
fixes #23701
|
|
|
|
| |
Now that AC::Parameters is no longer a Hash, it shouldn't look like a hash.
|
|
|
|
| |
`NEVER_UNPERMITTED_PARAMS` is deprecated in Rails 4.2. See #15933.
|
|
|
| |
and remove unecessary spaces in string interpolation.
|
|
|
|
| |
See bug #21032.
|
| |
|
|
|
| |
It's reasonable to expose different value readers.
|
|
|
|
| |
We can provide a more flexible upgrade experience by warning users they are using unsafe methods instead of forcing the safe API by deprecating before removal. This PR provides this functionality.
|
|
|
|
|
|
| |
Fixes #23026
See discussion at #23026
|
| |
|
|
|
|
|
|
|
| |
- AC::Parameters#convert_parameters_to_hashes should return filtered or
unfiltered values based on whether it is called from `to_h` or `to_unsafe_h`
instead of always defaulting to `to_h`.
- Fixes #22841
|
|
|
|
| |
Fixes #22818
|
|
|
|
|
|
|
|
| |
When calling `to_h` on an `ActionController::Parameters` instance it would
`deep_dup` its internal parameters.
This inadvertently called `dup` on a passed Active Record model which would
create new models. Fix by only dupping Ruby's Arrays and Hashes.
|
|
|
|
|
|
|
| |
This makes these two methods to be more inline with the previous
behavior of Parameters as Parameters used to be inherited from HWIA.
Fixes #21391
|
|
|
|
|
| |
The file [references Rack::Test here](https://github.com/rails/rails/blame/master/actionpack/lib/action_controller/metal/strong_parameters.rb#L671)
so it's better off requiring 'rack/test' in the first place.
|
| |
|
|
|
|
|
| |
AC::Parameters does not inherit from HashWithIndifferentAccess
since #20868 by @sikachu
|
| |
|
| |
|
|
|
|
| |
References #19565.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* A string in the example lacked quotes.
* The tests asserted stuff about :last_name, whereas
test params do not have that key.
* But, the first one passed, why? After hitting my head against
the wall and doing some obscure rituals realized the new
#require had an important typo, wanted to iterate over the
array argument (key), but it ran over its own hash keys
(method #keys).
* Modified the test to prevent the same typo to happen again.
* The second test assigned to an unused variable safe_params
that has been therefore removed.
* Grammar of the second test description.
* Since I was on it, reworded both test descriptions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This PR adds ability to accept arrays which allows you to require multiple values in one method. so instead of this:
```ruby
params.require(:person).require(:first_name)
params.require(:person).require(:last_name)
```
Here it will be one line for each params, so say if I require 10params, it will be 10lines of repeated code which is not dry. So I have added new method which does this in one line:
```ruby
params.require(:person).require([:first_name, :last_name])
```
Comments welcome
|
| |
|
|
|
|
|
|
|
| |
there is no reason to `convert_hashes_to_parameters` with an assignemt
flag. The caller knows whether or not it wants the value assigned. We
should just change the uncommon case (not writing to the underlying
hash) to just call the conversion method and return that value.
|