to_hash 和 strong_parameters for Rails 5.1 带有项目数组
to_hash and strong_parameters for Rails 5.1 with an array of items
我有以下参数声明:
def line_item_params
params.require(:line_items).map do |p|
ActionController::Parameters.new(p.to_hash).permit(:quantity, :price, :menu_item_id)
end
end
但出现以下错误:
Method to_hash is deprecated and will be removed in Rails 5.1, as
ActionController::Parameters no longer inherits from hash. Using
this deprecated behavior exposes potential security problems. If you
continue to use this method you may be creating a security
vulnerability in your app that can be exploited. Instead, consider
using one of these documented methods which are not deprecated:
http://api.rubyonrails.org/v5.0.1/classes/ActionController/Parameters.html
我只是发布了一系列项目。这应该如何处理?
def line_item_params
# just to raise ActionController::ParameterMissing if key is missing
params.require(:line_items)
# this is the actual whitelist
params.permit(line_items: [:quantity, :price, :menu_item_id])
end
您可以通过将散列选项传递给 .permit 以及包含嵌套对象白名单键的数组来将对象数组列入白名单。
我有以下参数声明:
def line_item_params
params.require(:line_items).map do |p|
ActionController::Parameters.new(p.to_hash).permit(:quantity, :price, :menu_item_id)
end
end
但出现以下错误:
Method to_hash is deprecated and will be removed in Rails 5.1, as
ActionController::Parametersno longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.1/classes/ActionController/Parameters.html
我只是发布了一系列项目。这应该如何处理?
def line_item_params
# just to raise ActionController::ParameterMissing if key is missing
params.require(:line_items)
# this is the actual whitelist
params.permit(line_items: [:quantity, :price, :menu_item_id])
end
您可以通过将散列选项传递给 .permit 以及包含嵌套对象白名单键的数组来将对象数组列入白名单。