Actions
Defect #40052
open
Unpermitted parameters: :utf8, :_method, :authenticity_token, :commit, :custom_field_id
Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Custom fields
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
There is a warning comming probably from CustomFieldEnumerationsController#update_each_params:
Current user: admin (id=1)
CustomField Load (0.1ms) SELECT "custom_fields".* FROM "custom_fields" WHERE "custom_fields"."id" = ? LIMIT ? [["id", 2], ["LIMIT", 1]]
↳ app/controllers/custom_field_enumerations_controller.rb:66:in `find_custom_field'
Unpermitted parameters: :utf8, :_method, :authenticity_token, :commit, :custom_field_id # <--- WARNING!
TRANSACTION (0.1ms) begin transaction
↳ app/models/custom_field_enumeration.rb:57:in `block (2 levels) in update_each'
Transmitted params are:
Started PUT "/custom_fields/2/enumerations" for 192.168.3.25 at 2024-01-12 14:36:41 +0100
Processing by CustomFieldEnumerationsController#update_each as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"RN//3j3QMblduDEe326nLo63fbre28/fL091OexG097Qb9Mn5dEsyYUZNhVnX//KBz7QR1sJQ9XT5eBsx2YCZw==", "custom_field_enumerations"=>{"1"=>{"position"=>"0", "name"=>"Wert 1", "active"=>"1"}, "2"=>{"position"=>"1", "name"=>"Wert 2", "active"=>"1"}, "3"=>{"position"=>"2", "name"=>"Wert 3", "active"=>"1"}}, "commit"=>"Speichern", "custom_field_id"=>"2"}
# CustomFieldEnumerationsController#update_each_params
def update_each_params
# params.require(:custom_field_enumerations).permit(:name, :active, :position) does not work here with param like this:
# "custom_field_enumerations":{"0":{"name": ...}, "1":{"name...}}
params.permit(:custom_field_enumerations => [:name, :active, :position]).require(:custom_field_enumerations)
end
Updated by Go MAEDA 3 months ago
The change below fixes the warning but I am unsure whether this is the right approach.
diff --git a/app/controllers/custom_field_enumerations_controller.rb b/app/controllers/custom_field_enumerations_controller.rb
index 9e0ede955..46ecadb0c 100644
--- a/app/controllers/custom_field_enumerations_controller.rb
+++ b/app/controllers/custom_field_enumerations_controller.rb
@@ -81,6 +81,8 @@ class CustomFieldEnumerationsController < ApplicationController
def update_each_params
# params.require(:custom_field_enumerations).permit(:name, :active, :position) does not work here with param like this:
# "custom_field_enumerations":{"0":{"name": ...}, "1":{"name...}}
- params.permit(:custom_field_enumerations => [:name, :active, :position]).require(:custom_field_enumerations)
+ params
+ .permit(:custom_field_id, :custom_field_enumerations => [:name, :active, :position])
+ .fetch(:custom_field_enumerations, {})
end
end
Actions