module ActionController::ParamsWrapper

Wraps the parameters hash into a nested hash. This will allow clients to submit POST requests without having to specify any root elements.

This functionality is enabled in config/initializers/wrap_parameters.rb and can be customized. If you are upgrading to Rails 3.1, this file will need to be created for the functionality to be enabled.

You could also turn it on per controller by setting the format array to a non-empty array:

class UsersController < ApplicationController
  wrap_parameters format: [:json, :xml]
end

If you enable ParamsWrapper for :json format, instead of having to send JSON parameters like this:

{"user": {"name": "Konata"}}

You can send parameters like this:

{"name": "Konata"}

And it will be wrapped into a nested hash with the key name matching the controller's name. For example, if you're posting to UsersController, your new params hash will look like this:

{"name" => "Konata", "user" => {"name" => "Konata"}}

You can also specify the key in which the parameters should be wrapped to, and also the list of attributes it should wrap by using either :include or :exclude options like this:

class UsersController < ApplicationController
  wrap_parameters :person, include: [:username, :password]
end

On ActiveRecord models with no :include or :exclude option set, it will only wrap the parameters returned by the class method attribute_names.

If you're going to pass the parameters to an ActiveModel object (such as User.new(params[:user])), you might consider passing the model class to the method instead. The ParamsWrapper will actually try to determine the list of attribute names from the model and only wrap those attributes:

class UsersController < ApplicationController
  wrap_parameters Person
end

You still could pass :include and :exclude to set the list of attributes you want to wrap.

By default, if you don't specify the key in which the parameters would be wrapped to, ParamsWrapper will actually try to determine if there's a model related to it or not. This controller, for example:

class Admin::UsersController < ApplicationController
end

will try to check if Admin::User or User model exists, and use it to determine the wrapper key respectively. If both models don't exist, it will then fallback to use user as the key.

Constants

EXCLUDE_PARAMETERS

Public Instance Methods

process_action(*args) click to toggle source

Performs parameters wrapping upon the request. Will be called automatically by the metal call stack.

Calls superclass method
# File lib/action_controller/metal/params_wrapper.rb, line 232
def process_action(*args)
  if _wrapper_enabled?
    if request.parameters[_wrapper_key].present?
      wrapped_hash = _extract_parameters(request.parameters)
    else
      wrapped_hash = _wrap_parameters request.request_parameters
    end

    wrapped_keys = request.request_parameters.keys
    wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys)

    # This will make the wrapped hash accessible from controller and view
    request.parameters.merge! wrapped_hash
    request.request_parameters.merge! wrapped_hash

    # This will display the wrapped hash in the log file
    request.filtered_parameters.merge! wrapped_filtered_hash
  end
  super
end

Private Instance Methods

_extract_parameters(parameters) click to toggle source
# File lib/action_controller/metal/params_wrapper.rb, line 270
def _extract_parameters(parameters)
  if include_only = _wrapper_options.include
    parameters.slice(*include_only)
  else
    exclude = _wrapper_options.exclude || []
    parameters.except(*(exclude + EXCLUDE_PARAMETERS))
  end
end
_wrap_parameters(parameters) click to toggle source

Returns the list of parameters which will be selected for wrapped.

# File lib/action_controller/metal/params_wrapper.rb, line 266
def _wrap_parameters(parameters)
  { _wrapper_key => _extract_parameters(parameters) }
end
_wrapper_enabled?() click to toggle source

Checks if we should perform parameters wrapping.

# File lib/action_controller/metal/params_wrapper.rb, line 280
def _wrapper_enabled?
  ref = request.content_mime_type.try(:ref)
  _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters[_wrapper_key]
end
_wrapper_formats() click to toggle source

Returns the list of enabled formats.

# File lib/action_controller/metal/params_wrapper.rb, line 261
def _wrapper_formats
  _wrapper_options.format
end
_wrapper_key() click to toggle source

Returns the wrapper key which will be used to stored wrapped parameters.

# File lib/action_controller/metal/params_wrapper.rb, line 256
def _wrapper_key
  _wrapper_options.name
end