Skip to content

Rails 7.1: nested object cannot handle its parameters properly #49601

New issue
Jump to bottom
New issue
Jump to bottom
Closed as not planned
Closed as not planned
Rails 7.1: nested object cannot handle its parameters properly#49601
Labels
actionpack
Milestone
 
7.1.2
@eroluysal

Description

@eroluysal
eroluysal
opened on Oct 12, 2023

Steps to reproduce

Rails 7.1 cannot properly handle parameters from multipart/formdata requests.

# frozen_string_literal: true

require "bundler/inline"

gemfile(true) do
  source "https://rubygems.org"

  git_source(:github) { |repo| "https://github.com/#{repo}.git" }

  # Activate the gem you are reporting the issue against.
  gem "rails", "~> 7.1.0"
end

require "rack/test"
require "action_controller/railtie"

class TestApp < Rails::Application
  config.root = __dir__
  config.hosts << "example.org"
  config.session_store :cookie_store, key: "cookie_store_key"
  config.secret_key_base = "secret_key_base"

  config.logger = Logger.new($stdout)
  Rails.logger  = config.logger

  routes.draw do
    post "/countries" => "countries#create"
  end
end

class CountriesController < ActionController::Base
  include Rails.application.routes.url_helpers

  def create
    puts country_params
    render plain: "Home"
  end

  private
    def country_params
      params.fetch(:country, {}).permit(:name, metadatum_attributes: [:title, :description])
    end
end

require "minitest/autorun"

class BugTest < Minitest::Test
  include Rack::Test::Methods

  def test_returns_success
    post "/countries", {
      country: {
        name: "Turkey",
        # metadatum_attributes: {
        #   title: "metadatum title",
        #   description: "metadatum description"
        # }
        "metadatum_attributes[title]": "metadatum title",
        "metadatum_attributes[description]": "metadatum description",
      }
    }
    assert last_response.ok?
  end

  private
    def app
      Rails.application
    end
end

Expected behavior

Actual behavior

It was working smoothly in version 7.0.8. However, after the 7.1.0 update, it gives this error on the console.

Unpermitted parameter: :metadatum_attributes[title. Context: { controller: CountriesController, action: create, request: #<ActionDispatch::Request:0x000000010cd11ae8>, params: {"country"=>{"name"=>"Hello", "image"=>#<ActionDispatch::Http::UploadedFile:0x00000001101349d8 @tempfile=#<Tempfile:/var/folders/73/lcd4nwrj3xsbm4mj4xtgxx4r0000gp/T/RackMultipart20231012-15400-mfpjrl.jpg>, @content_type="image/jpeg", @original_filename="dolmabahce-palace.jpg", @headers="Content-Disposition: form-data; name=\"country[image]\"; filename=\"dolmabahce-palace.jpg\"\r\nContent-Type: image/jpeg\r\n">, "about"=>"Test", "metadatum_attributes[title"=>{"]"=>"Hello World"}}, "format"=>:json, "controller"=>"countries", "action"=>"create"} }

System configuration

Rails version: 7.1.1

Ruby version: 3.2.2

Metadata

Assignees

No one assigned

    Labels

    actionpack

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions