Nested arrays in Strong Parameters in Rails

Question

Faced a strange problem or bug.

i have a route with strong parameters method:

def st_params
  params.permit([:id, logs: [], metric_ids: []])
end

Then i call it with, for example, rspec:

post some_path(format:json, metric_ids:[ [1,0,1], [5,1,4] ])

And when i call a st_params method there is no metric_ids param and i have got message in logs: Unpermitted parameters: metric_ids

But if i change st_params method like this:

def st_params
  p = params.permit([:id, logs: [], metric_ids: []])
  p[:metric_ids] = params[:metric_ids]
  # or just p = params.permit!
  p
end

Now, everything works fine in browser, but it looks strange.

But in rspec i have received nil value for metric_ids in any case :( I have not found any information about the problem. Maybe someone here may help me.

Thanks in advance.

Answer 1

I was facing same problem. Appending as: :json to post solved the problem for me.

Ref: https://github.com/rspec/rspec-rails/issues/1700#issuecomment-304411233

Answer 2

2 things that may be causing your trouble here:

1) The bang method permit! is for accepting an entire hash of parameters and it does not take any arguments. I also am unsure if permit! can be called on the entire params hash, the documentation is unclear on this.

2) Your use of array notation may be causeing the params hash some confusion. (It also may be acceptable, but looks a little unorthodox compared to what I'm used to seeing.) I would write your st_params as

def st_params
  params.permit(:id, :log, :metric_ids)
end

Also, a permit argument like metric_ids: [] as you have written will whitelist any parameters nested inside of params[:metric_ids], based on the way you are passing data to this hash above, I do not think this is your intended usage. It appears that you are storing an array at this level of the hash and there is no further complexity, so no need to whitelist params beyond this scope.

Hope this helps!