module Tennpipes::ParamsProtection::InstanceMethods
Public Instance Methods
filter_params!(params, allowed_params)
click to toggle source
Filters a hash of parameters leaving only allowed ones and possibly typecasting and processing the others.
@param [Hash] params
Parameters to filter. Warning: this hash will be changed by deleting or replacing its values.
@param [Hash] allowed_params
A hash of allowed keys and value classes or processing procs. Supported scalar classes are: Integer (empty string is cast to nil).
@example
filter_params!( { "a" => "1", "b" => "abc", "d" => "drop" }, { "a" => Integer, "b" => true } ) # => { "a" => 1, "b" => "abc" } filter_params!( { "id" => "", "child" => { "name" => "manny" } }, { "id" => Integer, "child" => { "name" => proc{ |v| v.camelize } } } ) # => { "id" => nil, "child" => { "name" => "Manny" } } filter_params!( { "a" => ["1", "2", "3"] }, { "a" => true } ) # => { "a" => ["1", "2", "3"] } filter_params!( { "persons" => {"p-1" => { "name" => "manny", "age" => "50" }, "p-2" => { "name" => "richard", "age" => "50" } } }, { "persons" => { "name" => true } } ) # => { "persons" => {"p-1" => { "name" => "manny" }, "p-2" => { "name" => "richard" } } }
# File lib/tennpipes-base/application/params_protection.rb, line 97 def filter_params!(params, allowed_params) params.each do |key,value| type = allowed_params[key] next if value.kind_of?(Array) && type case when type.kind_of?(Hash) && value.kind_of?(Hash) if key == key.pluralize && value.values.first.kind_of?(Hash) value.each do |array_index,array_value| value[array_index] = filter_params!(array_value, type) end else params[key] = filter_params!(value, type) end when type == Integer params[key] = value.empty? ? nil : value.to_i when type.kind_of?(Proc) params[key] = type.call(value) when type == true else params.delete(key) end end end
original_params()
click to toggle source
Returns the original unfiltered query parameters hash.
# File lib/tennpipes-base/application/params_protection.rb, line 124 def original_params @original_params || params end