Overwrite or add whitelisted parameters

Sometimes you need to add whitelisted paramters, hence they can be processed by your controllers default actions. This is especially the case if you make use of json fields in your database. In many cases you save object or array data in those fields, hence you need to whitelist the content to make it possible to save this data using the rersource controllers.

You have two possibilities to provide those parameters.

Method 1: Provide additional whitelisted parameters

EzOnRails provides the overridable protected method additional_permit_params in both, EzOnRails::Api::ResourceController and EzOnRails::ResourceController.

You can overwrite this method to provide additional whitelisted parameters. It expects an array that is additionally past to rails params.expect method.

...
prptected 
def additional_permit_params
  [
    some_example_json_object: [:some_property, :some_other_property],
    some_example_json_array: [[:some_property, :some_other_property]]
  ]
end
...

This makes the default CRUD actions of the controller accepting values like

{
  some_example_json_object: { some_property: '1', :some_other_property: 2 },
  some_example_json_array: [{ some_property: '1', :some_other_property: 2 }]
}

Method 2: Overwrite all whitelisted parameters

If you need (eg. for advanced security purposes) to overwrite all permitted parameters, you can overwrite the full process of parametr permitation.

The EzOnRails::ResourceController and EzOnRails::Api::ResourceController will use all keys of your render info to permit the parameters you can pass for update and create actions.

This method can be overriden.

If you want to customize the permitted parameters in an EzOnRails::ResourceController you can override the protected method permit_render_info. This method must return a name to some render info that keys should be used to overwrite the permitted parameters.

...
protected

def permit_render_info
    return 'render_info_short'
end
...

If you want to customize the permitted parameters in an EzOnRails::Api::ResourceController you can override the protected method resource_params. This method must just whitelist the parameters like you know from rails.

...
protected

def resource_params
    params.require(:article).permit(:name, :content)
end
...

Overwrite or add whitelisted parameters

Overwrite or add whitelisted parameters

Method 1: Provide additional whitelisted parameters

Method 2: Overwrite all whitelisted parameters

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally