| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
`ActionController::Parameters#merge` call `HashWithIndifferentAccess#merge`.
In addition, it calls `HashWithIndifferentAccess#update` from
`HashWithIndifferentAccess#merge`, where it is called the `#to_hash` of argument.
But `ActionController::Parameters#to_hash` is deprecated, warning message is
displayed.
To avoid this, modify to convert object to `Hash`.
Fixes #26415
|
|\
| |
| | |
Show unpermitted parameters as symbols in logs (so they could be copy…
|
| |
| |
| |
| | |
to the code)
|
| |
| |
| |
| |
| |
| |
| |
| | |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
|/
|
|
| |
Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
| |
Screwed up both the left and right hand sides!
|
|
|
|
|
|
|
| |
The tests were written with the common false value seen in Rails apps,
show that intent in the code.
Should also fix the build on 5-0-stable.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we were to serialize an `ActionController::Parameters` on Psych 2.0.8, we'd get:
```yaml
--- !ruby/hash:ActionController::Parameters
key: :value
```
Because 2.0.8 didn't store instance variables, while 2.0.9 did:
https://github.com/tenderlove/psych/commit/8f84ad0fc711a82a1040def861cb121e8985fd4c
That, coupled with 2.0.8 calling `new` instead of `allocate` meant parameters was
deserialized just fine:
https://github.com/tenderlove/psych/commit/af308f8307899cb9e1c0fffea4bce3110a1c3926
However, if users have 2.0.8 serialized parameters, then upgrade to Psych 2.0.9+ and
Rails 5, it would start to blow up because `initialize` will never be called, and thus
`@parameters` will never be assigned. Hello, `NoMethodErrors` on `NilClass`! :)
To fix this we register another variant of the previous serialization format and take
it into account in `init_with`.
I've tested this in our app and previously raising code now deserializes like a champ.
I'm unsure how to test this in our suite because we use Psych 2.0.8 and don't know how
to make us use 2.0.9+ for just one test.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By changing ActionController::Parameter's superclass, Rails 5 also changed
the YAML serialization format.
Since YAML doesn't know how to handle parameters it would fallback to its
routine for the superclass, which in Rails 4.2 was Hash while just Object
in Rails 5. As evident in the tags YAML would spit out:
4.2: !ruby/hash-with-ivars:ActionController::Parameters
5.0: !ruby/object:ActionController::Parameters
Thus when loading parameters YAML from 4.2 in Rails 5, it would parse a
hash dump as it would an Object class.
To fix this we have to provide our own `init_with` to be aware of the past
format as well as the new one. Then we add a `load_tags` mapping, such that
when the YAML parser sees `!ruby/hash-with-ivars:ActionController::Parameters`,
it knows to call our `init_with` function and not try to instantiate it as
a normal hash subclass.
|
|
|
|
|
| |
- Tests for dup'ing params was separately added in a separate file in
https://github.com/rails/rails/pull/25735.
|
|
|
|
|
|
| |
`#initialize_copy` to manually duplicate the underlying parameters hash
It looks like `ActionController::Parameters#dup` is leftover from when the class inherited from `Hash`. We can just trust `#dup`, which already copies the `@permitted` instance variable (confirmed by tests). We still define a `#initialize_copy` to make `@parameters` a copy that can be mutated without affecting the original instance.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `ActionController::Parameters` is duplicated with `#dup`, it doesn't create a duplicate of the instance variables (e.g. `@parameters`) but rather maintains the reference (see <http://ruby-doc.org/core-2.3.1/Object.html>). Given that the parameters object is often manipulated as if it were a hash (e.g. with `#delete` and similar methods), this leads to unexpected behaviour, like the following:
```
params = ActionController::Parameters.new(foo: "bar")
duplicated_params = params.dup
duplicated_params.delete(:foo)
params == duplicated_params
```
This fixes the bug by defining a private `#initialize_copy` method, used internally by `#dup`, which makes a copy of `@parameters`.
|
|\
| |
| | |
Renamed NestedParametersTest to NestedParametersPermitTest
|
| |
| |
| |
| | |
what we are actually testing in this file
|
| |
| |
| |
| |
| | |
In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will
be permitted by default. The default is +false+."
|
|/
|
|
|
|
| |
This brings the behavior more inline with other similar cases, such as
receiving a hash when an array of scalars was expected. Prior to this
commit, the key would be present, but the value would be `nil`
|
|
|
|
|
|
| |
This method will only be added when used with Ruby 2.3.0 or greater.
This method has the same behavior as `Hash#dig`, except it will convert
hashes to `ActionController::Parameters`, similar to `#[]` and `#fetch`.
|
|
|
|
| |
- Fixes #23822.
|
| |
|
|
|
|
| |
Creating a protected getter method for `@parameters`.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While iterating an AC::Parameters object, the object will mutate itself
and stick AC::Parameters objects where there used to be hashes:
https://github.com/rails/rails/blob/f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9/actionpack/lib/action_controller/metal/strong_parameters.rb#L632
If you use `permit` after this iteration, the `fields_for_style` method
wouldn't return true because the child objects are now AC::Parameters
objects rather than Hashes.
fixes #23701
|
|
|
|
| |
Now that AC::Parameters is no longer a Hash, it shouldn't look like a hash.
|
|
|
|
| |
`NEVER_UNPERMITTED_PARAMS` is deprecated in Rails 4.2. See #15933.
|
|
|
|
| |
See bug #21032.
|
|\
| |
| | |
test `include?`- fix typo
|
| | |
|
|/
|
|
|
|
| |
Fixes #23026
See discussion at #23026
|
|\
| |
| | |
Fix AC::Parameters#to_unsafe_h to return all unfiltered values
|
| |
| |
| |
| |
| |
| |
| | |
- AC::Parameters#convert_parameters_to_hashes should return filtered or
unfiltered values based on whether it is called from `to_h` or `to_unsafe_h`
instead of always defaulting to `to_h`.
- Fixes #22841
|
|/
|
|
| |
- Test should call `to_unsafe_h` instead of `to_h`
|
|
|
|
| |
Fixes #22818
|
|
|
|
|
|
|
|
| |
When calling `to_h` on an `ActionController::Parameters` instance it would
`deep_dup` its internal parameters.
This inadvertently called `dup` on a passed Active Record model which would
create new models. Fix by only dupping Ruby's Arrays and Hashes.
|
|
|
|
|
|
|
| |
This makes these two methods to be more inline with the previous
behavior of Parameters as Parameters used to be inherited from HWIA.
Fixes #21391
|
| |
|
|
|
|
| |
method_call_assertions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This clears the transaction record state when the transaction finishes
with a `:committed` status.
Considering the following example where `name` is a required attribute.
Before we had `new_record?` returning `true` for a persisted record:
```ruby
author = Author.create! name: 'foo'
author.name = nil
author.save # => false
author.new_record? # => true
```
|
|
|
|
|
|
|
|
|
| |
When executing an `ActionController::Parameters#fetch` with a block
that raises a `KeyError` the raised `KeyError` will be rescued and
converted to an `ActionController::ParameterMissing` exception,
covering up the original exception.
[Jonas Schubert Erlandsson & Roque Pinel]
|
| |
|
|
|
|
|
|
|
|
| |
This is another take at #14384 as we decided to wait until `master` is
targeting Rails 5.0. This commit is implementation-complete, as it
guarantees that all the public methods on the hash-inherited Parameters
are still working (based on test case). We can decide to follow-up later
if we want to remove some methods out from Parameters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current implementation of ActionController::Parameters.const_missing
returns `ActionController::Parameters.always_permitted_parameters` even
if its `super` returns a constant without raising error. This prevents its
subclass in a autoloading module/class from taking advantage of
autoloading constants.
class SomeParameters < ActionController::Parameters
def do_something
DefinedSomewhere.do_something
end
end
In the code above, `DefinedSomewhere` is to be autoloaded with
`Module.const_missing` but `ActionController::Parameters.const_missing`
returns `always_permitted_parameters` instead of the autoloaded
constant.
This pull request fixes the issue respecting `const_missing`'s `super`.
|
|
|
|
|
|
|
|
|
| |
As suggested in #16299([1]), this method should be a new public API for
retrieving unfiltered parameters from `ActionController::Parameters`
object, given that `Parameters#to_hash` will no longer work in Rails
5.0+ as we stop inheriting `Parameters` from `Hash`.
[1]: https://github.com/rails/rails/pull/16299#issuecomment-50220919
|
|
|
|
|
|
|
| |
* `each`
* `each_pair`
* `delete`
* `select!`
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is to make sure that `permitted` status is maintained on the
resulting object.
I found these methods that needs to be redefined by looking for
`self.class.new` in the code.
* extract!
* transform_keys
* transform_values
|