Rails Strong Parameters Filtering

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
0
down vote

favorite












In my Rails controller with strong parameters, I have the typical my_model_params private function to filter out any "scary internet params". One of the parameters is a list from a Select2 form input. This Select2 form input always passes an empty or null value as the first element, like ["", "23", "32"]. I can easily clean it up in my_model_params by removing it with reject function like this: .reject!



Since there are multiple fields I ended up with the entire function looking like this:



 # Never trust parameters from the scary internet, only allow the white list through.
 def my_model_params
 filtered_params = params.require(:my_model)
 .permit(:name, :description, :status,
 :start_date, :end_date,
 geo_graphics: , geo_media_types: ,
 geo_counties: , geo_states: )

 filtered_params[:geo_states].reject! 
 filtered_params[:geo_counties].reject! 
 filtered_params
 end


This looks bloated and ugly. How can I clean this up to look better or is there a different way to reject the empty strings in the array? It seems like this could look better if it were chained or somehow filter after the permit function



EDIT:



Here is the view code. It use the simple_form select2 gem. I had been using just the select2 js library although I couldn't get the library to load without the blank entry to loading as an item within the select2 input. It would load as a blank box, which make sense as the submitted form value was "".



<%= simple_form_for([@account, @request_for_proposal]) do |f| %>
 <%= f.error_notification %>

 <div class="form-inputs">
 <%= f.input :name %>
 <%= f.input :description %>
 <%= f.input :status, collection: RequestForProposal.statuses.keys %>
 <%= f.input :start_date %>
 <%= f.input :end_date %>

 <%= f.association :campaign, collection: @account.campaigns %>
 <%= f.association :user, as: :hidden %>
 <%= f.association :account, as: :hidden %>


 <%= f.input :geo_counties, as: :select2, collection: , include_blank: false, multiple: true %>
 <%= f.input :geo_states, as: :select2, collection: , include_blank: false, multiple: true %>

 </div>

 <div class="form-actions">
 <%= f.button :submit %>
 </div>
<% end %>


<script>

 $('#request_for_proposal_geo_counties').select2(
 theme: "bootstrap",
 cache: true,
 multiple: true,
 closeOnSelect: false,
 placeholder: 
 id: '-1', // the value of the option
 text: 'Select an option'
 ,
 ajax: 
 url: '/api/v1/counties.json',
 dataType: 'json'
 
 );

 var selected_states = <%= raw @request_for_proposal.geo_path_states.to_json %>;
 var keys = [ "id", "text", "zip_codes", "counties","population_0", "population_5", "population_18", "population_21"];

 $('#request_for_proposal_geo_states').select2(
 theme: "bootstrap",
 placeholder: 
 id: '-1', // the value of the option
 text: 'Select an option'
 ,
 multiple: true,
 ajax: 
 url: '/api/v1/states.json',
 processResults: function (data) 
 // Tranforms the top-level key of the response object from 'items' to 'results'
 $.each(data.rows ,function(pos,obj)
 var counter = 0;
 $.each(obj,function(key,value)
 data.rows [pos][keys[counter]] = value;
 delete data.rows [pos][key];
 counter++;
 )
 )
 return 
 results: data.rows
 ;
 
 

 );

</script>



ruby validation ruby-on-rails




share|improve this question

















  • 1




    A quick change is using the sugar to call a method on every element of an array, #reject!(&:empty?). But if you get empty values every time, than it'd probably make more sense to make a change on the client side to stop that from happening.
    – thesecretmaster
    Feb 11 at 20:48










  • I tried for a while and gave up. Doing it this way isn't the most elegant solution. I'm not sure why select2 does it. It seems like a placeholder but it should be removed. Dang JS! lol.
    – DogEatDog
    Feb 13 at 4:39










  • Why don't you add the view code to the question?
    – thesecretmaster
    Feb 13 at 4:41










  • Added. Thanks. Although, it may be treading into the StackOverflow category in terms of categorization. lol
    – DogEatDog
    Feb 13 at 4:51










  • Sincerely ? You better off without the gem. Is just some abstractions to save you no much time. select2 is pretty much straight forward in configuration. So you could use rails to render the select box as you wish and then just apply select2 for visual.
    – lcguida
    Apr 6 at 9:17
















up vote
0
down vote

favorite












In my Rails controller with strong parameters, I have the typical my_model_params private function to filter out any "scary internet params". One of the parameters is a list from a Select2 form input. This Select2 form input always passes an empty or null value as the first element, like ["", "23", "32"]. I can easily clean it up in my_model_params by removing it with reject function like this: .reject!



Since there are multiple fields I ended up with the entire function looking like this:



 # Never trust parameters from the scary internet, only allow the white list through.
 def my_model_params
 filtered_params = params.require(:my_model)
 .permit(:name, :description, :status,
 :start_date, :end_date,
 geo_graphics: , geo_media_types: ,
 geo_counties: , geo_states: )

 filtered_params[:geo_states].reject! 
 filtered_params[:geo_counties].reject! 
 filtered_params
 end


This looks bloated and ugly. How can I clean this up to look better or is there a different way to reject the empty strings in the array? It seems like this could look better if it were chained or somehow filter after the permit function



EDIT:



Here is the view code. It use the simple_form select2 gem. I had been using just the select2 js library although I couldn't get the library to load without the blank entry to loading as an item within the select2 input. It would load as a blank box, which make sense as the submitted form value was "".



<%= simple_form_for([@account, @request_for_proposal]) do |f| %>
 <%= f.error_notification %>

 <div class="form-inputs">
 <%= f.input :name %>
 <%= f.input :description %>
 <%= f.input :status, collection: RequestForProposal.statuses.keys %>
 <%= f.input :start_date %>
 <%= f.input :end_date %>

 <%= f.association :campaign, collection: @account.campaigns %>
 <%= f.association :user, as: :hidden %>
 <%= f.association :account, as: :hidden %>


 <%= f.input :geo_counties, as: :select2, collection: , include_blank: false, multiple: true %>
 <%= f.input :geo_states, as: :select2, collection: , include_blank: false, multiple: true %>

 </div>

 <div class="form-actions">
 <%= f.button :submit %>
 </div>
<% end %>


<script>

 $('#request_for_proposal_geo_counties').select2(
 theme: "bootstrap",
 cache: true,
 multiple: true,
 closeOnSelect: false,
 placeholder: 
 id: '-1', // the value of the option
 text: 'Select an option'
 ,
 ajax: 
 url: '/api/v1/counties.json',
 dataType: 'json'
 
 );

 var selected_states = <%= raw @request_for_proposal.geo_path_states.to_json %>;
 var keys = [ "id", "text", "zip_codes", "counties","population_0", "population_5", "population_18", "population_21"];

 $('#request_for_proposal_geo_states').select2(
 theme: "bootstrap",
 placeholder: 
 id: '-1', // the value of the option
 text: 'Select an option'
 ,
 multiple: true,
 ajax: 
 url: '/api/v1/states.json',
 processResults: function (data) 
 // Tranforms the top-level key of the response object from 'items' to 'results'
 $.each(data.rows ,function(pos,obj)
 var counter = 0;
 $.each(obj,function(key,value)
 data.rows [pos][keys[counter]] = value;
 delete data.rows [pos][key];
 counter++;
 )
 )
 return 
 results: data.rows
 ;
 
 

 );

</script>



ruby validation ruby-on-rails




share|improve this question

















  • 1




    A quick change is using the sugar to call a method on every element of an array, #reject!(&:empty?). But if you get empty values every time, than it'd probably make more sense to make a change on the client side to stop that from happening.
    – thesecretmaster
    Feb 11 at 20:48










  • I tried for a while and gave up. Doing it this way isn't the most elegant solution. I'm not sure why select2 does it. It seems like a placeholder but it should be removed. Dang JS! lol.
    – DogEatDog
    Feb 13 at 4:39










  • Why don't you add the view code to the question?
    – thesecretmaster
    Feb 13 at 4:41










  • Added. Thanks. Although, it may be treading into the StackOverflow category in terms of categorization. lol
    – DogEatDog
    Feb 13 at 4:51










  • Sincerely ? You better off without the gem. Is just some abstractions to save you no much time. select2 is pretty much straight forward in configuration. So you could use rails to render the select box as you wish and then just apply select2 for visual.
    – lcguida
    Apr 6 at 9:17












up vote
0
down vote

favorite









up vote
0
down vote

favorite











In my Rails controller with strong parameters, I have the typical my_model_params private function to filter out any "scary internet params". One of the parameters is a list from a Select2 form input. This Select2 form input always passes an empty or null value as the first element, like ["", "23", "32"]. I can easily clean it up in my_model_params by removing it with reject function like this: .reject!



Since there are multiple fields I ended up with the entire function looking like this:



 # Never trust parameters from the scary internet, only allow the white list through.
 def my_model_params
 filtered_params = params.require(:my_model)
 .permit(:name, :description, :status,
 :start_date, :end_date,
 geo_graphics: , geo_media_types: ,
 geo_counties: , geo_states: )

 filtered_params[:geo_states].reject! 
 filtered_params[:geo_counties].reject! 
 filtered_params
 end


This looks bloated and ugly. How can I clean this up to look better or is there a different way to reject the empty strings in the array? It seems like this could look better if it were chained or somehow filter after the permit function



EDIT:



Here is the view code. It use the simple_form select2 gem. I had been using just the select2 js library although I couldn't get the library to load without the blank entry to loading as an item within the select2 input. It would load as a blank box, which make sense as the submitted form value was "".



<%= simple_form_for([@account, @request_for_proposal]) do |f| %>
 <%= f.error_notification %>

 <div class="form-inputs">
 <%= f.input :name %>
 <%= f.input :description %>
 <%= f.input :status, collection: RequestForProposal.statuses.keys %>
 <%= f.input :start_date %>
 <%= f.input :end_date %>

 <%= f.association :campaign, collection: @account.campaigns %>
 <%= f.association :user, as: :hidden %>
 <%= f.association :account, as: :hidden %>


 <%= f.input :geo_counties, as: :select2, collection: , include_blank: false, multiple: true %>
 <%= f.input :geo_states, as: :select2, collection: , include_blank: false, multiple: true %>

 </div>

 <div class="form-actions">
 <%= f.button :submit %>
 </div>
<% end %>


<script>

 $('#request_for_proposal_geo_counties').select2(
 theme: "bootstrap",
 cache: true,
 multiple: true,
 closeOnSelect: false,
 placeholder: 
 id: '-1', // the value of the option
 text: 'Select an option'
 ,
 ajax: 
 url: '/api/v1/counties.json',
 dataType: 'json'
 
 );

 var selected_states = <%= raw @request_for_proposal.geo_path_states.to_json %>;
 var keys = [ "id", "text", "zip_codes", "counties","population_0", "population_5", "population_18", "population_21"];

 $('#request_for_proposal_geo_states').select2(
 theme: "bootstrap",
 placeholder: 
 id: '-1', // the value of the option
 text: 'Select an option'
 ,
 multiple: true,
 ajax: 
 url: '/api/v1/states.json',
 processResults: function (data) 
 // Tranforms the top-level key of the response object from 'items' to 'results'
 $.each(data.rows ,function(pos,obj)
 var counter = 0;
 $.each(obj,function(key,value)
 data.rows [pos][keys[counter]] = value;
 delete data.rows [pos][key];
 counter++;
 )
 )
 return 
 results: data.rows
 ;
 
 

 );

</script>



ruby validation ruby-on-rails




share|improve this question













In my Rails controller with strong parameters, I have the typical my_model_params private function to filter out any "scary internet params". One of the parameters is a list from a Select2 form input. This Select2 form input always passes an empty or null value as the first element, like ["", "23", "32"]. I can easily clean it up in my_model_params by removing it with reject function like this: .reject!



Since there are multiple fields I ended up with the entire function looking like this:



 # Never trust parameters from the scary internet, only allow the white list through.
 def my_model_params
 filtered_params = params.require(:my_model)
 .permit(:name, :description, :status,
 :start_date, :end_date,
 geo_graphics: , geo_media_types: ,
 geo_counties: , geo_states: )

 filtered_params[:geo_states].reject! 
 filtered_params[:geo_counties].reject! 
 filtered_params
 end


This looks bloated and ugly. How can I clean this up to look better or is there a different way to reject the empty strings in the array? It seems like this could look better if it were chained or somehow filter after the permit function



EDIT:



Here is the view code. It use the simple_form select2 gem. I had been using just the select2 js library although I couldn't get the library to load without the blank entry to loading as an item within the select2 input. It would load as a blank box, which make sense as the submitted form value was "".



<%= simple_form_for([@account, @request_for_proposal]) do |f| %>
 <%= f.error_notification %>

 <div class="form-inputs">
 <%= f.input :name %>
 <%= f.input :description %>
 <%= f.input :status, collection: RequestForProposal.statuses.keys %>
 <%= f.input :start_date %>
 <%= f.input :end_date %>

 <%= f.association :campaign, collection: @account.campaigns %>
 <%= f.association :user, as: :hidden %>
 <%= f.association :account, as: :hidden %>


 <%= f.input :geo_counties, as: :select2, collection: , include_blank: false, multiple: true %>
 <%= f.input :geo_states, as: :select2, collection: , include_blank: false, multiple: true %>

 </div>

 <div class="form-actions">
 <%= f.button :submit %>
 </div>
<% end %>


<script>

 $('#request_for_proposal_geo_counties').select2(
 theme: "bootstrap",
 cache: true,
 multiple: true,
 closeOnSelect: false,
 placeholder: 
 id: '-1', // the value of the option
 text: 'Select an option'
 ,
 ajax: 
 url: '/api/v1/counties.json',
 dataType: 'json'
 
 );

 var selected_states = <%= raw @request_for_proposal.geo_path_states.to_json %>;
 var keys = [ "id", "text", "zip_codes", "counties","population_0", "population_5", "population_18", "population_21"];

 $('#request_for_proposal_geo_states').select2(
 theme: "bootstrap",
 placeholder: 
 id: '-1', // the value of the option
 text: 'Select an option'
 ,
 multiple: true,
 ajax: 
 url: '/api/v1/states.json',
 processResults: function (data) 
 // Tranforms the top-level key of the response object from 'items' to 'results'
 $.each(data.rows ,function(pos,obj)
 var counter = 0;
 $.each(obj,function(key,value)
 data.rows [pos][keys[counter]] = value;
 delete data.rows [pos][key];
 counter++;
 )
 )
 return 
 results: data.rows
 ;
 
 

 );

</script>




ruby validation ruby-on-rails





share|improve this question












share|improve this question




share|improve this question








edited Feb 13 at 4:50
























asked Feb 9 at 18:08









DogEatDog

1336




1336







  • 1




    A quick change is using the sugar to call a method on every element of an array, #reject!(&:empty?). But if you get empty values every time, than it'd probably make more sense to make a change on the client side to stop that from happening.
    – thesecretmaster
    Feb 11 at 20:48










  • I tried for a while and gave up. Doing it this way isn't the most elegant solution. I'm not sure why select2 does it. It seems like a placeholder but it should be removed. Dang JS! lol.
    – DogEatDog
    Feb 13 at 4:39










  • Why don't you add the view code to the question?
    – thesecretmaster
    Feb 13 at 4:41










  • Added. Thanks. Although, it may be treading into the StackOverflow category in terms of categorization. lol
    – DogEatDog
    Feb 13 at 4:51










  • Sincerely ? You better off without the gem. Is just some abstractions to save you no much time. select2 is pretty much straight forward in configuration. So you could use rails to render the select box as you wish and then just apply select2 for visual.
    – lcguida
    Apr 6 at 9:17












  • 1




    A quick change is using the sugar to call a method on every element of an array, #reject!(&:empty?). But if you get empty values every time, than it'd probably make more sense to make a change on the client side to stop that from happening.
    – thesecretmaster
    Feb 11 at 20:48










  • I tried for a while and gave up. Doing it this way isn't the most elegant solution. I'm not sure why select2 does it. It seems like a placeholder but it should be removed. Dang JS! lol.
    – DogEatDog
    Feb 13 at 4:39










  • Why don't you add the view code to the question?
    – thesecretmaster
    Feb 13 at 4:41










  • Added. Thanks. Although, it may be treading into the StackOverflow category in terms of categorization. lol
    – DogEatDog
    Feb 13 at 4:51










  • Sincerely ? You better off without the gem. Is just some abstractions to save you no much time. select2 is pretty much straight forward in configuration. So you could use rails to render the select box as you wish and then just apply select2 for visual.
    – lcguida
    Apr 6 at 9:17







1




1




A quick change is using the sugar to call a method on every element of an array, #reject!(&:empty?). But if you get empty values every time, than it'd probably make more sense to make a change on the client side to stop that from happening.
– thesecretmaster
Feb 11 at 20:48




A quick change is using the sugar to call a method on every element of an array, #reject!(&:empty?). But if you get empty values every time, than it'd probably make more sense to make a change on the client side to stop that from happening.
– thesecretmaster
Feb 11 at 20:48












I tried for a while and gave up. Doing it this way isn't the most elegant solution. I'm not sure why select2 does it. It seems like a placeholder but it should be removed. Dang JS! lol.
– DogEatDog
Feb 13 at 4:39




I tried for a while and gave up. Doing it this way isn't the most elegant solution. I'm not sure why select2 does it. It seems like a placeholder but it should be removed. Dang JS! lol.
– DogEatDog
Feb 13 at 4:39












Why don't you add the view code to the question?
– thesecretmaster
Feb 13 at 4:41




Why don't you add the view code to the question?
– thesecretmaster
Feb 13 at 4:41












Added. Thanks. Although, it may be treading into the StackOverflow category in terms of categorization. lol
– DogEatDog
Feb 13 at 4:51




Added. Thanks. Although, it may be treading into the StackOverflow category in terms of categorization. lol
– DogEatDog
Feb 13 at 4:51












Sincerely ? You better off without the gem. Is just some abstractions to save you no much time. select2 is pretty much straight forward in configuration. So you could use rails to render the select box as you wish and then just apply select2 for visual.
– lcguida
Apr 6 at 9:17




Sincerely ? You better off without the gem. Is just some abstractions to save you no much time. select2 is pretty much straight forward in configuration. So you could use rails to render the select box as you wish and then just apply select2 for visual.
– lcguida
Apr 6 at 9:17















active

oldest

votes











Your Answer




StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
);
);
, "mathjax-editing");

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "196"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f187201%2frails-strong-parameters-filtering%23new-answer', 'question_page');

);

Post as a guest






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f187201%2frails-strong-parameters-filtering%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

Python Lists

<!-- main_leaderboard, all: [728,90][970,90][320,50][468,60] --> Python Lists ❮ Previous Next ❯ Python Collections (Arrays) There are four collection data types in the Python programming language: List is a collection which is ordered and changeable. Allows duplicate members. Tuple is a collection which is ordered and unchangeable. Allows duplicate members. Set is a collection which is unordered and unindexed. No duplicate members. Dictionary is a collection which is unordered, changeable and indexed. No duplicate members. When choosing a collection type, it is useful to understand the properties of that type. Choosing the right type for a particular data set could mean retention of meaning, and, it could mean an increase in efficiency or security. List A list is a collection which is ordered and changeable. In Python lists are written with square brackets. Example Create a List: thislist = ["apple", "banana", ...
Read more

Aion

Image
Aion - 6+ , 5417 Aion - . MMORPG, World of Warcraft, World of Tanks My Lineage II . CryEngine. , . : Aion https://ru.4game.com/aion/ Aion , . , , . , , . , , , . . , , , . . : . , . , , . , , . 12 , 2 : ( ). ( ). ( ). ( ) ( ). ( ). , . , : . . , . , , . . , , . Aion, , . , . , . : . . . . , : , , , , , . , , , . : Aion https://ru.4game.com/aion/install/ : . , . , . , Aion . , . . , . , . , , . . : . . . , ( !), MMORPG Aion . , . ...
Read more

JavaScript Array Iteration Methods

<!-- main_leaderboard, all: [728,90][970,90][320,50][468,60] --> JavaScript Array Iteration Methods ❮ Previous Next ❯ Array iteration methods operate on every array item. Array.forEach() The forEach() method Calls a function once for each array element. Example var txt = ""; var numbers = [4, 9, 16, 25]; numbers.forEach(myFunction); function myFunction(value, index, array) {     txt = txt + item + "<br>"; } Try it Yourself » Note that the function takes 3 arguments: The item value The item index The array itself Array.forEach() is not supported in Internet Explorer 8 or earlier: Method forEach() Yes 9.0 Yes Yes Yes Array.map() The map() method creates a new array by performing a function on each array element. This example multiplies each array value by 2: Example var numbers1 = [4, 9, 16, 25]; var numbers2 = numbers1.map(myFunction); function m...
Read more