Rails中的Grape API和强参数问题

时间:2014-07-18 17:44:20

标签: ruby-on-rails strong-parameters grape

以下是我的API的样子

resource :service_requests do

      before do
        error!('Unauthorized. Invalid token', 401) unless current_company
      end

      get do
        current_company.service_requests
      end

      params do
        requires :service_request, type: Hash do
          optional :prefix, type: String
          requires :first_name, type: String
          requires :last_name, type: String
          requires :contact_email, type: String, regexp: User::EMAIL_REGEX
          requires :phone_number, type: String
          requires :address, type: String
          optional :address2, type: String
          requires :city, type: String
          requires :state, type: String
          requires :zip_code, type: String
          requires :country, type: String
          requires :address_type, type: String
          requires :troubleshooting_reference, type: String

          requires :line_items, type: Array do
            requires :type, type: String
            requires :model_number, type: String
            requires :serial_number, type: String
            optional :additional_information, type: String
          end

        end
      end

      post do
        parameters = ActionController::Parameters.new(params).require(:service_request)
        sr = ServiceRequest.new(
          parameters.permit(
            :troubleshooting_reference,
            :rma,
            :additional_information
          )
        )

        sr.build_customer(
          parameters.permit(
            :prefix,
            :first_name,
            :last_name,
            :contact_email,
            :phone_number
          )
        )
        #
        # shipping_info = customer.build_shipping_information(
        #   parameters.permit(
        #     :address,
        #     :address2,
        #     :company_name,
        #     :city,
        #     :state,
        #     :zip_code,
        #     :country,
        #     :address_type
        #   )
        # )


        if sr.save
          sr
        else
          sr.errors.full_messages
        end
      end
    end

我遇到的问题是,当调用save方法时,我收到此错误Unpermitted parameters: first_name, last_name, contact_email, phone_number, address, city, state, zip_code, country, address_type, line_items

这是我的JSON帖子的样子:

{
  "service_request": {
    "first_name": "Foo",
    "last_name": "Bar",
    "contact_email": "foo@bar.com",
    "phone_number": "111-111-1111",
    "address": "102 foo st",
    "city": "Nashville",
    "state": "TN",
    "zip_code": "23233",
    "country": "USA",
    "address_type": "Business",
    "troubleshooting_reference": "dshjf",
    "line_items": [
      {
        "type": "Unit",
        "model_number": "123",
        "serial_number": "222"
      }
     ]
  }
}

1 个答案:

答案 0 :(得分:0)

在本地尝试过您的代码后,我认为您所看到的是正常行为。我也看到记录到控制台的“未授权参数...”消息,但对parameters.permit 的调用成功并返回过滤后的哈希值。所以我想如果你检查一下,你会发现你的代码实际上正在运行。

您可以通过添加

来消除这些消息
ActionController::Parameters.action_on_unpermitted_parameters = false

位于班级的顶部或config/initializers下的文件中。