class Parameters
Ruby on Rails 7.0.10
Since v4.0.13Action Controller Parameters
Allows you to choose which attributes should be permitted for mass updating and thus prevent accidentally exposing that which shouldn’t be exposed. Provides two methods for this purpose: #require and #permit. The former is used to mark parameters as required. The latter is used to set the parameter as permitted and limit which attributes should be allowed for mass updating.
params = ActionController::Parameters.new({ person: { name: "Francesco", age: 22, role: "admin" } }) permitted = params.require(:person).permit(:name, :age) permitted # => #<ActionController::Parameters {"name"=>"Francesco", "age"=>22} permitted: true> permitted.permitted? # => true Person.first.update!(permitted) # => #<Person id: 1, name: "Francesco", age: 22, role: "user">
It provides two options that controls the top-level behavior of new instances:
-
permit_all_parameters- If it’strue, all the parameters will be permitted by default. The default isfalse. -
action_on_unpermitted_parameters- Controls behavior when parameters that are not explicitlypermitted are found. The default value is <tt>:log</tt> in test and development environments, +false+ otherwise. The values can be:
-
falseto take no action. -
:logto emit anActiveSupport::Notifications.instrumentevent on theunpermitted_parameters.action_controllertopic and log at the DEBUG level. -
:raiseto raise an ActionController::UnpermittedParameters exception.
-
Examples:
params = ActionController::Parameters.new params.permitted? # => false ActionController::Parameters.permit_all_parameters = true params = ActionController::Parameters.new params.permitted? # => true params = ActionController::Parameters.new(a: "123", b: "456") params.permit(:c) # => #<ActionController::Parameters {} permitted: true> ActionController::Parameters.action_on_unpermitted_parameters = :raise params = ActionController::Parameters.new(a: "123", b: "456") params.permit(:c) # => ActionController::UnpermittedParameters: found unpermitted keys: a, b
Please note that these options *are not thread-safe*. In a multi-threaded environment they should only be set once at boot-time and never mutated at runtime.
You can fetch values of ActionController::Parameters using either :key or "key".
params = ActionController::Parameters.new(key: "value") params[:key] # => "value" params["key"] # => "value"
Inherits from
Constants
Attributes
Methods (defined here)
- # ==
- # []
- # []=
- # as_json
- # compact
- # compact!
- # compact_blank
- # compact_blank!
- # converted_arrays
- # deep_dup
- # deep_transform_keys
- # deep_transform_keys!
- # delete
- # delete_if
- # dig
- # each
- # each_key
- # each_nested_attribute
- # each_pair
- # each_value
- # empty?
- # eql?
- # except
- # extract!
- # fetch
- # hash
- # has_key?
- # has_value?
- # include?
- # inspect
- # keep_if
- # key?
- # keys
- # member?
- # merge
- # merge!
- # nested_attributes?
- # permit
- # permit!
- # permitted?
- # reject
- # reject!
- # require
- # required
- # reverse_merge
- # reverse_merge!
- # select
- # select!
- # slice
- # slice!
- # to_h
- # to_hash
- # to_param
- # to_query
- # to_s
- # to_unsafe_h
- # to_unsafe_hash
- # transform_keys
- # transform_keys!
- # transform_values
- # transform_values!
- # value?
- # values
- # values_at
- # with_defaults
- # with_defaults!
- self. new
Private methods
(16)
Implementation detail — not part of the public API.
- # array_of_permitted_scalars?
- # convert_hashes_to_parameters
- # convert_parameters_to_hashes
- # convert_value_to_parameters
- # each_element
- # hash_filter
- # initialize_copy
- # new_instance_with_inherited_permitted_status
- # non_scalar?
- # permit_any_in_array
- # permit_any_in_parameters
- # permitted_scalar?
- # permitted_scalar_filter
- # specify_numeric_keys?
- # unpermitted_keys
- # unpermitted_parameters!
Methods (inherited)
From Object (16)
- # acts_like?
- # blank?
- # deep_dup
- # duplicable?
- # html_safe?
- # in?
- # instance_values
- # instance_variable_names
- # presence
- # presence_in
- # present?
- # to_param
- # to_query
- # try
- # try!
- # with_options
From ActiveRecord::TestFixtures (4)
From ActiveSupport::Concern (3)
- # class_methods
- # included
- # prepended