行动主计长:铁路公司设定了哪些参数?
原标题:ActionController: Which params are set by Rails?
In a JSON API Controller, I use a before_action to check if any key of params is not allowed for that action and respond with a 400 error in case any of the given keys are not allowed. However, simply iterating over params also yields action, controller and format. Hardcoding these as "always allowed" seems clumsy and I don t know the list to be complete. Is there a way to iterate only user-provided GET and POST params? Is that pollution of params some kind of legacy garbage? We have action_name, controller_name and request.format for the above three.
def check_params
# determine allowed params based on action
allowed_params = case action_name
when ...
...
end
allowed_params.push(:action, :controller, :format)
params.each_key do |key|
return render(json: "key #{key} is not allowed", status: :bad_request) unless key.in?(allowed_params)
end
end
问题回答
There are different entities you can use
https://github.com/rails/rails/blob/097d0f1088e8e62e81741c5a17c24edcfda99334/actionpack/lib/action_controller/metal/strong_parameters.rb#L249-L250
ActionController::Parameters.always_permitted_parameters
# => ["controller", "action"] # default value for strong params, can be changed
Rails.configuration.action_controller.always_permitted_parameters
# => nil # default value to override always permitted params, can be changed in configs
https://github.com/rails/rails/blob/097d0f1088e8e62e81741c5a17c24edcfda99334/actionpack/lib/action_controller/log_subscriber.rb#L7
ActionController::LogSubscriber::INTERNAL_PARAMS
# => ["controller", "action", "format", "_method", "only_path"]
相关问题
rails collection_select vs. select
collection_select and select Rails helpers: Which one should I use?
I can t see a difference in both ways. Both helpers take a collection and generates options tags inside a select tag. Is there a ...
SSL slowness in EC2
We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...
Auth-code with A-Za-z0-9 to use in an URL parameter
As part of a web application I need an auth-code to pass as a URL parameter.
I am currently using (in Rails) :
Digest::SHA1.hexdigest((object_id + rand(255)).to_s)
Which provides long strings like :
...
RubyCAS-Client question: Rails
I ve installed RubyCAS-Client version 2.1.0 as a plugin within a rails app. It s working, but I d like to remove the ?ticket= in the url. Is this possible?
activerecord has_many :through find with one sql call
I have a these 3 models:
class User < ActiveRecord::Base
has_many :permissions, :dependent => :destroy
has_many :roles, :through => :permissions
end
class Permission < ActiveRecord::...
Ordering a hash to xml: Rails
I m building an xml document from a hash. The xml attributes need to be in order. How can this be accomplished?
hash.to_xml
Text Editor for Ruby-on-Rails
guys which text editor is good for Rubyonrails?
i m using Windows and i was using E-Texteditor but its not free n its expired now can anyone plese tell me any free texteditor?
n which one is best an ...
How to get SQL queries for each user where env is production
I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module:
...
