64

I have an array field in my model and I'm attempting to update it.

My strong parameter method is below

def post_params
  params["post"]["categories"] = params["post"]["categories"].split(",")

  params.require(:post).permit(:name, :email, :categories)
end

My action in my controller is as follows

def update
  post = Post.find(params[:id]

  if post and post.update_attributes(post_params)
    redirect_to root_url
  else
    redirect_to posts_url
  end
end

However, whenever I submit the update the post, in my development log I see

Unpermitted parameters: categories

The parameters passed through is

  Parameters: {"utf8"=>"✓", "authenticity_token"=>"auth token", "id"=>"10", 

"post"=>{"name"=>"Toni Mitchell", "email"=>"[email protected]", "categories"=>",2"}}

I want to think it has something to do with the fact that the attribute categories is an array since everything else looks fine. Then again, I could be wrong. So, what's wrong with my code and why is not letting me save the categories field when clearly it is permitted to do so? Thanks.

Improve this question
1
  • It might be due to the way you are setting the value of the categories parameter, iirc the params object is not a simple hash, have you tried a simpler example? Commented Jul 25, 2013 at 21:35

6 Answers 6

Reset to default
154

Try this 

params.require(:post).permit(:name, :email, :categories => [])

(Disregard my comment, I don't think that matters)

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

hi,i have a problem Bid(#69846105528920) expected, got String(#8248680)
Hi there, is there a way to find a post depending on the categories in the array, example Post.find_by(tags: 'sports') ?
It would be nice to also explain why this works @slicedpan
46

in rails 4, that would be, 

params.require(:post).permit(:name, :email, {:categories => []})
Improve this answer

1 Comment

This works for me but why does it need to be in a separate hash if we already defined the serialization of that attribute in the model?
10

The permitted scalar types are String, Symbol, NilClass, Numeric, TrueClass, FalseClass, Date, Time, DateTime, StringIO, IO, ActionDispatch::Http::UploadedFile and Rack::Test::UploadedFile.

To declare that the value in params must be an array of permitted scalar values map the key to an empty array:

params.permit(:id => [])

This is what the strong parameters documentation on Github says:

params.require(:post).permit(:name, :email, :categories => [])

I hope this works out for you.

Improve this answer

Comments

3

I had the same problem, but simply adding array to permit was not enough. I had to add type, too. This way:

params.require(:transaction).permit(:name, :tag_ids => [:id])

I am not sure if this is perfect solution, but after that, the 'Unpermitted parameters' log disappeared.

I found hint for that solution from this excellent post: http://patshaughnessy.net/2014/6/16/a-rule-of-thumb-for-strong-parameters

Improve this answer

Comments

2

If there are multiple items and item_array inside parameters like this-

Parameters {"item_1"=>"value 1", "item_2"=> {"key_1"=> "value A1", 
"key_2"=>["val B2", "val C3"]} }

There we have array inside item_2.
That can be permit as below-

params.permit(item_2: [:key_1, :key_2 => [] ])

Above saved my day, may be helpful for you too.

Improve this answer

Comments

1

I had the same problem but in my case I had also to change from:

<input type="checkbox" name="photographer[attending]" value="Baku">

to:

<input type="checkbox" name="photographer[attending][]" value="Baku">

Hope this is helping someone.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.