module StrongerParameters::ControllerSupport::PermittedParameters
Constants
- DEFAULT_PERMITTED
Public Class Methods
included(klass)
click to toggle source
# File lib/stronger_parameters/controller_support/permitted_parameters.rb, line 7 def self.included(klass) klass.extend ClassMethods method = (klass.respond_to?(:before_action) ? :before_action : :before_filter) klass.public_send method, :permit_parameters end
sugar(value)
click to toggle source
# File lib/stronger_parameters/controller_support/permitted_parameters.rb, line 13 def self.sugar(value) case value when Array ActionController::Parameters.array(*value.map { |v| sugar(v) }) when Hash constraints = value.each_with_object({}) do |(key, v), memo| memo[key] = sugar(v) end ActionController::Parameters.map(constraints) else value end end
Private Instance Methods
flat_keys(hash)
click to toggle source
# File lib/stronger_parameters/controller_support/permitted_parameters.rb, line 134 def flat_keys(hash) hash = hash.send(:parameters) if ActionPack::VERSION::MAJOR >= 5 && hash.is_a?(ActionController::Parameters) hash.flat_map { |k, v| v.is_a?(Hash) ? flat_keys(v).map { |x| "#{k}.#{x}" }.push(k) : k } end
permit_parameters()
click to toggle source
# File lib/stronger_parameters/controller_support/permitted_parameters.rb, line 83 def permit_parameters action = params.fetch(:action).to_sym permitted = self.class.permitted_parameters_for(action) return if permitted == :skip # TODO: invalid values should also be logged, but atm only invalid keys are log_unpermitted = self.class.log_unpermitted_parameters permitted_params = without_invalid_parameter_exceptions(log_unpermitted) { params.permit(permitted) } unpermitted_keys = flat_keys(params) - flat_keys(permitted_params) show_unpermitted_keys(unpermitted_keys, log_unpermitted) return if log_unpermitted (ActionPack::VERSION::MAJOR >= 5 ? params.send(:parameters) : params).replace(permitted_params) params.permit! request.params.replace(permitted_params) logged_params = request.send(:parameter_filter).filter(permitted_params) # Removing passwords, etc Rails.logger.info(" Filtered Parameters: #{logged_params.inspect}") end
show_unpermitted_keys(unpermitted_keys, log_unpermitted)
click to toggle source
# File lib/stronger_parameters/controller_support/permitted_parameters.rb, line 105 def show_unpermitted_keys(unpermitted_keys, log_unpermitted) return if unpermitted_keys.empty? log_prefix = (log_unpermitted ? 'Found' : 'Removed') message = "#{log_prefix} restricted keys #{unpermitted_keys.inspect} from parameters according to permitted list" if Rails.configuration.respond_to?(:stronger_parameters_violation_header) header = Rails.configuration.stronger_parameters_violation_header end response.headers[header] = message if response && header Rails.logger.info(" #{message}") end
without_invalid_parameter_exceptions(log) { || ... }
click to toggle source
# File lib/stronger_parameters/controller_support/permitted_parameters.rb, line 120 def without_invalid_parameter_exceptions(log) if log begin old = ActionController::Parameters.action_on_invalid_parameters ActionController::Parameters.action_on_invalid_parameters = :log yield ensure ActionController::Parameters.action_on_invalid_parameters = old end else yield end end