ruby-on-rails - Rails 5 - 如何将 Controller 中整个 jsonb postgres 列的参数列入白名单？

Question

我已尝试使用建议的示例 from github .您也可以在一些答案中找到它，例如 this one对于 Rails 4。

我已经在 Rails 5.0.1 中尝试过这个，我只是得到一个存储在数据库中的空哈希 {}:

def proposal_params
  params.require(:proposal).permit(:document, :account_id).tap do |whitelisted|
    whitelisted[:document] = params[:proposal][:document]
  end
end

显然，如果我允许的话!它有效。

我也试过来自 this question 的答案:

def proposal_params
  params.require(:proposal).permit(:account_id, document: Proposal.stored_attributes[:document])
end

但这也行不通。

:document 属性包含 json，它在请求之间永远不会相同......并且是一个长而复杂的结构。

我只需要将它原样转储到 jsonb 列中。

出于好奇，下面是文档中可以包含的内容的示例:

{
   "document":{
      "customer":{
         "id":"273a0ad1-0867-4c17-8e0a-3284c6f2f6af",
         "first_name":"Ricardo",
         "last_name":"Bird",
         "email":"ricardo_bird@smithtrantow.co",
         "mobile":"07786560223"
      },
      "state":8,
      "salutation":"Mr & Mrs Bird",
      "total_price":0,
      "quoted_products":[
         {
            "product":{
               "sku":"9111",
               "name":"Solid European Oak",
               "price":25.99,
               "category":"Wood",
               "sub_category":"Solid",
               "updated_at":"2016-12-01",
               "updated_by":"Donald Duck",
               "created_at":"2016-11-01",
               "created_by":"Mickey",
               "image_url":"http://www.higherground.co.uk/wp-content/uploads/2015/11/wood-flooring-thumbnail.jpg"
            },
            "total_price":25.99,
            "total_area":1,
            "product_total_price":25.99,
            "is_manual_total":false,
            "is_installed":false,
            "install_price":null,
            "are_rooms_grouped":false,
            "rooms":[
               {
                  "name":"Dining Room",
                  "icon_url":"assets/fb-img/dining-room.png",
                  "number":null,
                  "area":1,
                  "width":null,
                  "length":null,
                  "subfloor_prep":null,
                  "subfloor_price":null,
                  "perimeter_product":null,
                  "perimeter_length":null,
                  "is_perimeter_installed":false,
                  "perimeter_price":null,
                  "perimeter_style":null,
                  "is_perimeter_remove_old":false,
                  "is_move_furniture":false,
                  "move_furniture_price":null,
                  "move_surcharge":null,
                  "stairs_stepcount":null,
                  "surcharge":null,
                  "is_installed":false,
                  "uplift_price":null,
                  "install_method":"bonded"
               }
            ],
            "is_extras":true,
            "threshold_count":2,
            "radiator_count":3,
            "trim_count":2,
            "threshold_price":30,
            "radiator_price":4,
            "trim_price":10,
            "is_rear_mat":false,
            "is_front_mat":true,
            "front_mat_type":"Coloured",
            "rear_mat_type":null,
            "front_mat_area":2,
            "front_mat_price":60.01,
            "rear_mat_area":null,
            "rear_mat_price":null,
            "extras_total_price":212.01999999999998
         }
      ],
      "status":"Draft",
      "is_details_oneprice":false,
      "notes":"Testing submission"
   }
}

Answer 1

如果我是对的，你仍然需要permit!文档参数:

def proposal_params
  params.require(:proposal).permit(:account_id).tap do |whitelisted|
    whitelisted[:document] = params[:proposal].fetch(:document, ActionController::Parameters.new).permit!
  end
end

它的工作方式是它首先只会保留 account_id 但随后在 tap 中我们通过尝试添加 document 参数从原始参数中检索它。 ActionController::Parameters.new 作为 fetch 的默认值确保 permit! 方法始终可调用，即使没有 document 参数已传递。

引擎盖下ActionController::Parameters#permit! seems to recursively call the permit! function包含的参数也是如此，所以我们可以在任何实例上调用它:

def permit!
  each_pair do |key, value|
    Array.wrap(value).each do |v|
      v.permit! if v.respond_to? :permit!
    end
  end

  @permitted = true
  self
end