search

Dawil / MongoidModelMaker

A Rails generator to help produce large quantities of Models, with relationships, from a yaml source file.
MIT License
1 stars 0 forks source link

Controllers need to permit attributes on child relations. #9

Open Dawil opened 10 years ago

Dawil commented 10 years ago

e.g. I needed to change the person_params method from:

def person_params
    params[:person]
end

to:

def person_params
    params.require(:person).permit(:name)
end

to allow a curl post with the following body:

{
  "_id": {"$oid":"529d474fee6da1c5af000001"},
  "created_at":null,
  "name":
    {"_id:{"$oid":"529d4770ee6da1c5af000002"},
    "created_at":null,
    "first":"dave",
    "last":"wilcox",
    "middle":null,
    "preferred_first":null,
    "preferred_last":null,
    "prefix":null,
    "suffix":null,
    "updated_at":null
  },
  "updated_at":null
}
Dawil commented 10 years ago

Actually, by using permit! we can get things to work. This is technically a security error but if we restrict the CORS domains to trusted servers it's more of a logic bug when it happens than a security bug. It's also much easier (and faster) so we'll do it this way first. We can make it proper later if we feel we need to loosen the CORS permissions.