Project

General

Profile

Actions

Defect #40052

open

Unpermitted parameters: :utf8, :_method, :authenticity_token, :commit, :custom_field_id

Added by Liane Hampe 10 months ago. Updated 10 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Custom fields
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

There is a warning comming probably from CustomFieldEnumerationsController#update_each_params:

  Current user: admin (id=1)
  CustomField Load (0.1ms)  SELECT "custom_fields".* FROM "custom_fields" WHERE "custom_fields"."id" = ? LIMIT ?  [["id", 2], ["LIMIT", 1]]
   app/controllers/custom_field_enumerations_controller.rb:66:in `find_custom_field'
Unpermitted parameters: :utf8, :_method, :authenticity_token, :commit, :custom_field_id # <--- WARNING!
  TRANSACTION (0.1ms)  begin transaction
  ↳ app/models/custom_field_enumeration.rb:57:in `block (2 levels) in update_each'

Transmitted params are:

Started PUT "/custom_fields/2/enumerations" for 192.168.3.25 at 2024-01-12 14:36:41 +0100
Processing by CustomFieldEnumerationsController#update_each as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"RN//3j3QMblduDEe326nLo63fbre28/fL091OexG097Qb9Mn5dEsyYUZNhVnX//KBz7QR1sJQ9XT5eBsx2YCZw==", "custom_field_enumerations"=>{"1"=>{"position"=>"0", "name"=>"Wert 1", "active"=>"1"}, "2"=>{"position"=>"1", "name"=>"Wert 2", "active"=>"1"}, "3"=>{"position"=>"2", "name"=>"Wert 3", "active"=>"1"}}, "commit"=>"Speichern", "custom_field_id"=>"2"}

# CustomFieldEnumerationsController#update_each_params

  def update_each_params
    # params.require(:custom_field_enumerations).permit(:name, :active, :position) does not work here with param like this:
    # "custom_field_enumerations":{"0":{"name": ...}, "1":{"name...}}
    params.permit(:custom_field_enumerations => [:name, :active, :position]).require(:custom_field_enumerations)
  end
Actions #1

Updated by Go MAEDA 10 months ago

  • Status changed from New to Confirmed
Actions #2

Updated by Go MAEDA 10 months ago

The change below fixes the warning but I am unsure whether this is the right approach.

diff --git a/app/controllers/custom_field_enumerations_controller.rb b/app/controllers/custom_field_enumerations_controller.rb
index 9e0ede955..46ecadb0c 100644
--- a/app/controllers/custom_field_enumerations_controller.rb
+++ b/app/controllers/custom_field_enumerations_controller.rb
@@ -81,6 +81,8 @@ class CustomFieldEnumerationsController < ApplicationController
   def update_each_params
     # params.require(:custom_field_enumerations).permit(:name, :active, :position) does not work here with param like this:
     # "custom_field_enumerations":{"0":{"name": ...}, "1":{"name...}}
-    params.permit(:custom_field_enumerations => [:name, :active, :position]).require(:custom_field_enumerations)
+    params
+      .permit(:custom_field_id, :custom_field_enumerations => [:name, :active, :position])
+      .fetch(:custom_field_enumerations, {})
   end
 end

Actions

Also available in: Atom PDF