Strong parameters for array of records

Question

Strong parameters has me very confused. I'm writing a form to create several records at once. They are passed in params as an array of attributes:

{ :appointments => [ { :field1 => 'value1'
                     , :field2 => 'value2'
                     }
                   , # next record
                   ]
}

Then in the controller I would like to do something like

params[:appointments].each do |a|
    app = Appointment.create! a
end

But I run into lots of trouble with strong parameters, in the form of ForbiddenAttributeErrors. I've tried using appointment_params and whitelisting attributes, but with no luck. I can't find any good documentation matching my use case. They all assume the array of records should be nested below some owner record but this is not the case here.

Any help would be appreciated.

Answer 1

If you are only using the attributes to create a new Appointment record, you can use the following

Appointment.create!(params.permit(applications: [:field1, :field2])[:applications])

If you really want to iterate over the array, you can do

params[:appointments].each do |a|
  app = Appointment.create!(a.permit(:field1, :field2))
end

Answer 2

Make sure you are white listing your array in addition to the actual model attributes.

It seems like you have used the scaffolded version of the params.require method and not have updated that method when you changed your controller to deal with an array of appointments rather than one appointment at a time.

Something like this should work:

params.require(:appointment).permit(:field1, :field2, appointments: [:field1, field2])

or

params.require(:appointments).permit(:field1, :field2)

Not sure exactly what the rest of yoru code looks like, but it seems like you're not permitting the array itself, the above code samples attempt to white list what I would assume that attribute might be named.