Filter params with strong parameters

[Linus Pettersson]

Hi

I have an hstore field in my database where I store a lot of different fields.

I still want getters, setters and validations for my fields so I've created an array with the fields like this:

DOCUMENT_FIELDS = %w[foo bar baz]

Then I do some meta programming to create getters and setters:

  DOCUMENT_FIELDS.each do |field|

    define_method(field) do

      # ....

    end

    define_method("#{field}=") do |value|

      # ...

    end

  end

Now I would like to pass all fields to strong parameters to properly filter it. I tried like this:

params.require(:foo).permit(Foo::DOCUMENT_FIELDS.map(&:to_sym))

But this doesn't work. It removes all values anyway. I guess it is because `Foo::DOCUMENT_FIELDS.map(&:to_sym)` creates an array that is passed to strong parameters (and it seems to not work with arrays).

How can I get around this?

Cheers, 

Linus

[Jordon Bedwell]

`params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))`
Though if I'm honest I probably would expect you to not take the long
trip with map and to_sym, might as well just leave them as string keys
because params has indifferent access with default keys being all
string keys for security.

[Linus Pettersson]

Got it myself! Splat operator to the rescue :)

params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))

[Jordon Bedwell]

On Fri, Mar 8, 2013 at 3:35 AM, Jordon Bedwell <envy...@gmail.com> wrote:
> `params.require(:foo).permit(*Foo::DOCUMENT_FIELDS.map(&:to_sym))`
> Though if I'm honest I probably would expect you to not take the long
> trip with map and to_sym, might as well just leave them as string keys
> because params has indifferent access with default keys being all
> string keys for security.

I forgot to say what *[] does. It will expand the array into args.

[Linus Pettersson]

Thank you. I thought strong params needed symbols.

Cheers,

Linus