I am trying to figure out why my rails app is not permitting my attributes and have run out of ideas.
I have products in my database (model Product) and they have a collection of standard attributes that apply to all products. I have an additional JSONB column called dynamic_attributes that is specific to different types of product. Due to this, I am currently using STI.
If I attempt to edit an individual record, I get an error regarding unpermitted parameters (the JSON parameters I am trying to update/patch from the edit form). If I remove the .permit section and just permit! everything then I get no errors and everything updates but obviously this isn't ideal.
Lock subclass for STI
class Lock < Product
serialize :dynamic_attributes, JsonbSerializers
store_accessor :dynamic_attributes, :kind, :interface
validates :kind, presence: true
def json_schema
Rails.root.join('app', 'models', 'schemas', 'lock_category.json')
end
end
which references the following JSON schema for the product type in question:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"required": [ "kind" ],
"properties": {
"kind": {
"type": "string",
"enum": ["Cable", "Chain", "Folding", "Frame", "Part", "Padlock", "U-Lock", "U-Lock+Cable"]
},
"interface": {
"type": "string",
"enum": ["Key", "Combination", "Smart"]
}
}
}
Products Controller
def update
@product = Product.find(params[:id])
@product.update!(product_params)
redirect_to @product
end
private
def product_params
params.require(:product).
permit(
:type,
:vendor,
:description,
:cost,
:msrp,
dynamic_attributes: [
:kind,
:interface
]
)
end
end
and the edit form is pretty standard with the following section for updating the dynamic_attributes:
<% @product[:dynamic_attributes].each do |k,v| %>
<%= f.label k.to_sym %>
<%= f.text_field k.to_sym, :value => v %>
<br />
<% end %>
If I were to guess (all I have left at this point, I think it is probably something between loading the information from the database into the edit field and then back again.
The log from the attempted PATCH:
Started PATCH "/products/0c092119-601c-4dbb-b05b-3ad5ac638631" for 127.0.0.1 at 2023-03-09 12:41:06 -0600
Processing by ProductsController#update as TURBO_STREAM
Parameters: {"authenticity_token"=>"[FILTERED]", "product"=>{"vendor"=>"Vendor", "description"=>"First Lock", "cost"=>"37.5", "msrp"=>"74.99", "type"=>"Lock", "kind"=>"U-Lock", "interface"=>"Smart"}, "commit"=>"Update Product", "id"=>"0c092119-601c-4dbb-b05b-3ad5ac638631"}
Product Load (0.3ms) SELECT "products".* FROM "products" WHERE "products"."id" = $1 LIMIT $2 [["id", "0c092119-601c-4dbb-b05b-3ad5ac638631"], ["LIMIT", 1]]
↳ app/controllers/products_controller.rb:23:in `update'
Unpermitted parameters: :kind, :interface. Context: { controller: ProductsController, action: update, request: #<ActionDispatch::Request:0x00007fbba812f500>, params: {"_method"=>"patch", "authenticity_token"=>"[FILTERED]", "product"=>{"vendor"=>"Vendor", "description"=>"First Lock", "cost"=>"37.5", "msrp"=>"74.99", "type"=>"Lock", "kind"=>"U-Lock", "interface"=>"Smart"}, "commit"=>"Update Product", "controller"=>"products", "action"=>"update", "id"=>"0c092119-601c-4dbb-b05b-3ad5ac638631"} }
TRANSACTION (0.1ms) BEGIN
↳ app/controllers/products_controller.rb:24:in `update'
Product Exists? (0.3ms) SELECT 1 AS one FROM "products" WHERE "products"."vpn" = $1 AND "products"."id" != $2 AND "products"."vendor" = $3 LIMIT $4 [["vpn", "453"], ["id", "0c092119-601c-4dbb-b05b-3ad5ac638631"], ["vendor", "Vendor"], ["LIMIT", 1]]
↳ app/controllers/products_controller.rb:24:in `update'
TRANSACTION (0.1ms) COMMIT
↳ app/controllers/products_controller.rb:24:in `update'
Redirected to http://localhost:3000/products/0c092119-601c-4dbb-b05b-3ad5ac638631
Completed 302 Found in 7ms (ActiveRecord: 0.7ms | Allocations: 5365)
Thanks to @engineersmnky who had the answer:
kind, and interface are not permitted because you are stating that they should be nested under dynamic_attributes but in the request they are not nested. Maybe try changing this
f.text_field k.to_sym to f.text_field "dyanmic_attributes[#{k}]"
So I updated my code accordingly to:
<% @product[:dynamic_attributes].each do |k,v| %>
<%= f.label k.to_sym %>
<%= f.text_field "dynamic_attributes[#{k}]", :value => v %>
<% end %>