From bdd105d8b91c5d0881ab78e36a65a79fdca4a7fb Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Fri, 12 Oct 2012 00:50:20 -0200 Subject: When executing permit with just a key that points to a hash, DO NOT allow all the hash params.require(:person).permit(:projects_attributes) was returning => {"projects_attributes"=>{"0"=>{"name"=>"Project 1"}}} When should return => {} You should be doing ... params.require(:person).permit(projects_attributes: :name) to get just the projects attributes you want to allow --- actionpack/test/controller/parameters/nested_parameters_test.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'actionpack/test/controller/parameters') diff --git a/actionpack/test/controller/parameters/nested_parameters_test.rb b/actionpack/test/controller/parameters/nested_parameters_test.rb index 41f5b6e127..d287e79cba 100644 --- a/actionpack/test/controller/parameters/nested_parameters_test.rb +++ b/actionpack/test/controller/parameters/nested_parameters_test.rb @@ -15,18 +15,22 @@ class NestedParametersTest < ActiveSupport::TestCase details: { pages: 200, genre: "Tragedy" + }, + id: { + isbn: 'x' } }, magazine: "Mjallo!" }) - permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages } ] + permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages }, :id ] assert permitted.permitted? assert_equal "Romeo and Juliet", permitted[:book][:title] assert_equal "William Shakespeare", permitted[:book][:authors][0][:name] assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name] assert_equal 200, permitted[:book][:details][:pages] + assert_nil permitted[:book][:id] assert_nil permitted[:book][:details][:genre] assert_nil permitted[:book][:authors][0][:born] assert_nil permitted[:magazine] -- cgit v1.2.3