Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stripping out Params #17

Open
ready4god2513 opened this issue Jul 13, 2013 · 9 comments
Open

Stripping out Params #17

ready4god2513 opened this issue Jul 13, 2013 · 9 comments
Assignees
@Spaceghost
Milestone
1.0

Comments

@ready4god2513
Copy link

I am wondering if I am missing something. When I submit forms, it appears that some of the fields are being stripped out. When I pull signed_form, all is well.

Here are the request params-

{"utf8"=>"✓",
 "form_signature"=>"BAh7B0kiCmJsYXN0BjoGRUZbE3sGOgl1c2VyWwA6DHVzZXJfaWQ6DHJvbGVfaWQ6GHN1YnNjcmliZXJfc3RhdHVzZXM6FGNoYXJnZV90aW1lX2lkczoXZGVsaXZlcnlfcm91dGVfaWRzOhZkZWxpdmVyeV9zaXRlX2lkczoSc2l0ZV9ob3N0X2lkczoMc3ViamVjdDoJYm9keToKZHJhZnQ6FWZ1dHVyZV9zZW5kX3RpbWV7BkkiG2F0dGFjaG1lbnRzX2F0dHJpYnV0ZXMGOwBGWwB7BkkiG2F0dGFjaG1lbnRzX2F0dHJpYnV0ZXMGOwBGWwc6D2F0dGFjaG1lbnQ6FWF0dGFjaG1lbnRfY2FjaGU6Dl9vcHRpb25zX3sJOgttZXRob2Q6CXBvc3Q6CHVybEkiEi9hZG1pbi9ibGFzdHMGOwBUOgtkaWdlc3RVOhlTaWduZWRGb3JtOjpEaWdlc3RvclsHWwZJIhdhZG1pbi9ibGFzdHMvX2Zvcm0GOwBUSSIlYzRlMmRlMGM3NmJkYjkwY2E5NTYwYTNiM2RhNWE1YmUGOwBGOhZkaWdlc3RfZXhwaXJhdGlvbkl1OglUaW1lDaZZHIDz6GuZCjoNbmFub19udW1pA+uZGzoNbmFub19kZW5pAgAIOg1zdWJtaWNybyIHiDA6C29mZnNldGn+kJ06CXpvbmVJIghQRFQGOwBU--b9985b1997f30e99468421fa9dc3f8784c874c93",
 "blast"=>{"user_id"=>"138",
 "role_id"=>"71",
 "subscriber_statuses"=>["active",
 "inactive",
 ""],
 "charge_time_ids"=>[""],
 "delivery_route_ids"=>[""],
 "delivery_site_ids"=>[""],
 "site_host_ids"=>[""],
 "subject"=>"sends to all subscribers if no subscriber status selected",
 "body"=>"test",
 "draft"=>"0",
 "future_send_time"=>"2013-07-12 23:33:22"},
 "commit"=>"Create Blast"}

But when I do raise params.inspect I see-

{"utf8"=>"✓",
"form_signature"=>"BAh7B0kiCmJsYXN0BjoGRUZbE3sGOgl1c2VyWwA6DHVzZXJfaWQ6DHJvbGVfaWQ6GHN1YnNjcmliZXJfc3RhdHVzZXM6FGNoYXJnZV90aW1lX2lkczoXZGVsaXZlcnlfcm91dGVfaWRzOhZkZWxpdmVyeV9zaXRlX2lkczoSc2l0ZV9ob3N0X2lkczoMc3ViamVjdDoJYm9keToKZHJhZnQ6FWZ1dHVyZV9zZW5kX3RpbWV7BkkiG2F0dGFjaG1lbnRzX2F0dHJpYnV0ZXMGOwBGWwB7BkkiG2F0dGFjaG1lbnRzX2F0dHJpYnV0ZXMGOwBGWwc6D2F0dGFjaG1lbnQ6FWF0dGFjaG1lbnRfY2FjaGU6Dl9vcHRpb25zX3sJOgttZXRob2Q6CXBvc3Q6CHVybEkiEi9hZG1pbi9ibGFzdHMGOwBUOgtkaWdlc3RVOhlTaWduZWRGb3JtOjpEaWdlc3RvclsHWwZJIhdhZG1pbi9ibGFzdHMvX2Zvcm0GOwBUSSIlYzRlMmRlMGM3NmJkYjkwY2E5NTYwYTNiM2RhNWE1YmUGOwBGOhZkaWdlc3RfZXhwaXJhdGlvbkl1OglUaW1lDaZZHIDz6GuZCjoNbmFub19udW1pA+uZGzoNbmFub19kZW5pAgAIOg1zdWJtaWNybyIHiDA6C29mZnNldGn+kJ06CXpvbmVJIghQRFQGOwBU--b9985b1997f30e99468421fa9dc3f8784c874c93",
"blast"=>{"user_id"=>"138",
"role_id"=>"71",
"subject"=>"sends to all subscribers if no subscriber status selected",
"body"=>"test",
"draft"=>"0",
"future_send_time"=>"2013-07-12 23:33:22"},
"commit"=>"Create Blast",
"action"=>"create",
"controller"=>"admin/blasts"}

Quite a few fields are being removed. There are a few other forms in my app that have this same issue. Any ideas?
@ready4god2513
Copy link
Author

It appears that any fields that are habtm get removed.

@ready4god2513
Copy link
Author

After some more investigation the problem appears to be that strong_parameters requires the correct scalar value to be passed into permit. However, when using simple_form, if you were to write = f.input :whatever, as: :check_boxes, collection: my_collection the form would be signed with that field being a string, not an array.

My use case for this is a project that I am working on is using the datastore to serialize a few fields. Is this a bug in signed_form or am I doing something completely wrong here?

@erichmenge
Copy link
Owner

This type of problem was one of my concerns with trying to direct other form builders like Simple Form through Signed Form.

If it is specifically an incompatibility with Simple Form I'm not sure what the solution will be. I originally had separate adapters for other builders but decided to make Signed Form more general so it would potentially work without needing an adapter. Now it appears maybe an adapter would be required for compatibility if we need to do something special to get it to play nice with Simple Form. I certainly don't want specific Simple Form code in Signed Form.

At the moment I don't have much time to investigate. If you have the time and inclination to work up a solution I'd be happy to take a look at it. Otherwise I'll try to get something figured out in the coming weeks.

Thanks for the report!

@tubbo
Copy link
Contributor

tubbo commented Sep 11, 2013

@ready4god2513 are you using any other form builder things besides SimpleForm and SignedForm?

@tubbo tubbo mentioned this issue Sep 11, 2013
Open
@ready4god2513
Copy link
Author

No, just those two. I put my feature branch on hold for a bit, though. Once I jump back to that branch I will be taking a closer look to solve this issue.

@eric1234
Copy link
Contributor

I'm also hitting this but not for using SimpleForm. Just regular rails form builder helpers. Example:

<%= form_for @item do |f| %>
  <% for practice_area in practice_areas %>
    <label>
      <%= f.check_box :topic_page_ids, {multiple: true}, practice_area.id %>
      <%= practice_area %>
    </label>
  <% end %>
<% end %>

In this we are using the multiple option on check_box so it will output things like item[topic_page_ids][] allowing an array of items to be assigned to topic_page_ids.

The checkboxes selected are stripped because signed_form assumes it is a scalar and not an array. I can currently work around this by adding:

  <%= f.add_signed_fields topic_page_ids: [] %>

Sounds like we may need to add some additional coding for check_box in the same way that was done for fields_for so a array is allowed instead of just a scalar if the multiple option is used.

@erichmenge
Copy link
Owner

PRs regarding these things would be welcome. I honestly just don't have the time to look into this stuff right now.

@Spaceghost Spaceghost self-assigned this Aug 6, 2014
@nlsrchtr
Copy link

Would be great to see this included. It's the only thing which I see as a problem with this very nice gem.

@Spaceghost Spaceghost removed their assignment Feb 27, 2018
@Spaceghost Spaceghost added this to the 1.0 milestone Feb 27, 2018
@Spaceghost Spaceghost self-assigned this Feb 27, 2018
@yunchanssd
Copy link

Would be great to see this included. It's the only thing which I see as a problem with this very nice gem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Spaceghost Spaceghost

Labels
None yet
Projects
None yet
Milestone
1.0
Development

No branches or pull requests
7 participants
@nlsrchtr @eric1234 @tubbo @ready4god2513 @Spaceghost @erichmenge @yunchanssd