Type:
Class
Constants:
NEVER_UNPERMITTED_PARAMS : %w( controller action )

Never raise an UnpermittedParameters exception because of these params are present. They are added by Rails and it's of no concern.

PERMITTED_SCALAR_TYPES : [ String, Symbol, NilClass, Numeric, TrueClass, FalseClass, Date, Time, # DateTimes are Dates, we document the type but avoid the redundant check. StringIO, IO, ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile, ]

This is a white list of permitted scalar types that includes the ones supported in XML and JSON requests.

This list is in particular used to filter ordinary requests, String goes as first element to quickly short-circuit the common case.

If you modify this collection please update the API of permit above.

EMPTY_ARRAY : []

Action Controller Parameters

Allows to choose which attributes should be whitelisted for mass updating and thus prevent accidentally exposing that which shouldn’t be exposed. Provides two methods for this purpose: require and permit. The former is used to mark parameters as required. The latter is used to set the parameter as permitted and limit which attributes should be allowed for mass updating.

params = ActionController::Parameters.new({
  person: {
    name: 'Francesco',
    age:  22,
    role: 'admin'
  }
})

permitted = params.require(:person).permit(:name, :age)
permitted            # => {"name"=>"Francesco", "age"=>22}
permitted.class      # => ActionController::Parameters
permitted.permitted? # => true

Person.first.update!(permitted)
# => #<Person id: 1, name: "Francesco", age: 22, role: "user">

It provides two options that controls the top-level behavior of new instances:

  • permit_all_parameters - If it's true, all the parameters will be permitted by default. The default is false.

  • action_on_unpermitted_parameters - Allow to control the behavior when parameters that are not explicitly permitted are found. The values can be :log to write a message on the logger or :raise to raise ActionController::UnpermittedParameters exception. The default value is :log in test and development environments, false otherwise.

Examples:

params = ActionController::Parameters.new
params.permitted? # => false

ActionController::Parameters.permit_all_parameters = true

params = ActionController::Parameters.new
params.permitted? # => true

params = ActionController::Parameters.new(a: "123", b: "456")
params.permit(:c)
# => {}

ActionController::Parameters.action_on_unpermitted_parameters = :raise

params = ActionController::Parameters.new(a: "123", b: "456")
params.permit(:c)
# => ActionController::UnpermittedParameters: found unpermitted keys: a, b

ActionController::Parameters is inherited from ActiveSupport::HashWithIndifferentAccess, this means that you can fetch values using either :key or "key".

params = ActionController::Parameters.new(key: 'value')
params[:key]  # => "value"
params["key"] # => "value"
permit

permit(*filters) Instance Public methods Returns a new ActionControll

2015-06-20 00:00:00
required

required(key) Instance Public methods Alias of

2015-06-20 00:00:00
fetch

fetch(key, *args) Instance Public methods Returns a parameter for the given

2015-06-20 00:00:00
require

require(key) Instance Public methods Ensures that a parameter is present. If

2015-06-20 00:00:00
permitted?

permitted?() Instance Public methods Returns true if the parameter

2015-06-20 00:00:00
dup

dup() Instance Public methods Returns an exact copy of the ActionCont

2015-06-20 00:00:00
[]

[](key) Instance Public methods Returns a parameter for the given key

2015-06-20 00:00:00
permitted=

permitted=(new_permitted) Instance Protected methods

2015-06-20 00:00:00
slice

slice(*keys) Instance Public methods Returns a new ActionController::Parameters

2015-06-20 00:00:00
new

new(attributes = nil) Class Public methods Returns a new instance of

2015-06-20 00:00:00