Creating a new page tree for a language gives error because of unpermitted attribute

AlchemyCMS / alchemy_cms

Alchemy is the Open Source Rails CMS framework for the component based web that can be used as classic server side rendered or headless CMS.

https://www.alchemy-cms.com

BSD 3-Clause "New" or "Revised" License

818 stars 312 forks source link

Creating a new page tree for a language gives error because of unpermitted attribute #2848

Closed Olli closed 2 months ago

Olli commented 2 months ago

Steps to reproduce

Blank installation create page tree for a language send form

Expected behavior

everything without error

Actual behavior

got a " ActionController::UnpermittedParameters found unpermitted parameter: :public "

System configuration

Alchemy Version: 7.1.7
Rails Version: actual Rails 7.1 version

Olli commented 2 months ago

Maybe https://github.com/AlchemyCMS/alchemy_cms/blob/a41515e0d8aa5f662b3a95d9c57133102029bd74/app/controllers/alchemy/admin/pages_controller.rb#L360 should include ":public" or am I on the wrong track?

tvdeyen commented 2 months ago

Interesting, since public is not an attribute on Page.

Which form are you using? If you use demo.alchemy-cms.com, or the dummy app in the repo, are you having the same error or just in your installation?

Olli commented 2 months ago

The demo doesn't work ... demo:demo123 isn't working. I got back "invalid user name" I also was wondering ... I got a lot of parameter errors for example if I want to edit a language

" ActionController::UnpermittedParameters found unpermitted parameters: :authenticity_token, :language, :button "

Olli commented 2 months ago

If I understand it right this form sends to the admin/pages controller https://github.com/AlchemyCMS/alchemy_cms/blob/fe433f0ec8332e8a0dd14e582489d56abb5756bf/app/views/alchemy/admin/pages/_create_language_form.html.erb#L21 and it has a public attribute https://github.com/AlchemyCMS/alchemy_cms/blob/fe433f0ec8332e8a0dd14e582489d56abb5756bf/app/views/alchemy/admin/pages/_create_language_form.html.erb#L37

So I'm not sure if I get something wrong So this form should have a "public" attribute and it leads to the error of my post since Page has no "public" attribute. grafik

Olli commented 2 months ago

So this error doesn't happen in the demo (in development mode ... in production I got some problems with the assets so I wasn't able to test it). So I'm not sure what's the difference since my understanding of a rails engine is that it's more or less encapsulated and apart from the rest of the application. This error with the attributes I got only in not development mode. So I have a staging mode and there I get this error ... in development everything works fine so far.

tvdeyen commented 2 months ago

Rails usually ignores unpermitted params in production and logs in development mode. Maybe your app is configured differently, so that it raises an error?

I have no hard feelings about this. We can simply add the attribute to the permitted attributes if this helps to get rid of the error for you.

Can you open a PR?

Olli commented 2 months ago

Good point! config.action_controller.action_on_unpermitted_parameters is set to :raise. For me the question is: Why not remove unused parameters from the forms in the first place? I would like to do some PR on this but first I have to figure out how to set up a proper development environment for a engine so instantaneously I see the changes I made.

tvdeyen commented 2 months ago

Good point! config.action_controller.action_on_unpermitted_parameters is set to :raise.

Glad that you found the cause of the error.

For me the question is: Why not remove unused parameters from the forms in the first place?

Because errors happen and we are just humans. This is a simple oversight.

I would like to do some PR on this but first I have to figure out how to set up a proper development environment for a engine so instantaneously I see the changes I made.

The steps are pretty easy:

Fork the repo
Check out your fork
Run bin/setup
Run the tests with bundle exec rake
Create a branch with your changes
Commit change and push the branch
Open a PR

The steps are also noted in the README https://github.com/AlchemyCMS/alchemy_cms?tab=readme-ov-file#-testing

Olli commented 2 months ago

Good point! config.action_controller.action_on_unpermitted_parameters is set to :raise.

Glad that you found the cause of the error.

You found it ;-)

For me the question is: Why not remove unused parameters from the forms in the first place?

Because errors happen and we are just humans. This is a simple oversight.

No offense ... I thought it had some deeper purpose.

I would like to do some PR on this but first I have to figure out how to set up a proper development environment for a engine so instantaneously I see the changes I made.

The steps are pretty easy:
1. Fork the repo

2. Check out your fork

3. Run `bin/setup`

4. Run the tests with `bundle exec rake`

5. Create a branch with your changes

6. Commit change and push the branch

7. Open a PR
The steps are also noted in the README https://github.com/AlchemyCMS/alchemy_cms?tab=readme-ov-file#-testing

thx I'll take a look at it ... if I have some time.