12

I don't understand why I'm geting these Unpermitted parameter: format messages, I'm doing a JSON request: POST "/questions/add_options.json" with these parameters Parameters: {"id_question"=>551, "options"=>[{"position"=>10, "label"=>"opc 10", "value"=>"opc 10", "go_page"=>nil}], "question"=>{}} and this is what I get in the terminal...

Started POST "/questions/add_options.json" for 127.0.0.1 at 2016-08-16 23:12:27 -0300 Processing by QuestionsController#add_options as JSON Parameters: {"id_question"=>551, "options"=>[{"position"=>10, "label"=>"opc 10", "value"=>"opc 10", "go_page"=>nil}], "question"=>{}} User Load (0.4ms) SELECT "login_aexa".* FROM "login_aexa" WHERE "login_aexa"."usuaex_id" = $1 ORDER BY "login_aexa"."usuaex_id" ASC LIMIT 1 [["usuaex_id", 1]] Unpermitted parameter: format Question Load (0.4ms) SELECT "questions".* FROM "questions" WHERE "questions"."id" = $1 LIMIT 1 [["id", 551]] Unpermitted parameter: format (0.2ms) BEGIN (0.4ms) SELECT COUNT(*) FROM "options" WHERE "options"."question_id" = $1 [["question_id", 551]]

In the Rails controller I use params permit to reject parameters that are not allowed, like this:

def question_add_options_params params.permit(:id_question, options: [:position, :label, :value, :go_page], question: {}) end

In my opinion the format should be fine, anyone know why I'm getting those Unpermitted parameter: format messages?

EDIT:

Here's the code of the controller

class QuestionsController < ApplicationController before_action :set_question, only: [:show, :edit, :update, :destroy] before_action :authenticate_user! # GET /questions # GET /questions.json def index @questions = Question.all end # GET /questions/1 # GET /questions/1.json def show end # GET /questions/new def new @question = Question.new end # GET /questions/1/edit def edit end # POST /questions # POST /questions.json def create @question = Question.new(question_params) respond_to do |format| if @question.save format.html { redirect_to @question, notice: 'Question was successfully created.' } format.json { render :show, status: :created, location: @question } else format.html { render :new } format.json { render json: @question.errors, status: :unprocessable_entity } end end end # PATCH/PUT /questions/1 # PATCH/PUT /questions/1.json def update respond_to do |format| if @question.update(question_params) format.html { redirect_to @question, notice: 'Question was successfully updated.' } format.json { render :show, status: :ok, location: @question } else format.html { render :edit } format.json { render json: @question.errors, status: :unprocessable_entity } end end end def add_options @question = Question.find(question_add_options_params[:id_question]) question_add_options_params[:options].each do|q_aop| @question.options.create(q_aop) end @options = @question.options end # DELETE /questions/1 # DELETE /questions/1.json def destroy @question.destroy respond_to do |format| format.html { redirect_to questions_url, notice: 'Question was successfully destroyed.' } format.json { head :no_content } end end private # Use callbacks to share common setup or constraints between actions. def set_question @question = Question.find(params[:id]) end # Never trust parameters from the scary internet, only allow the white list through. def question_params params[:question] end def question_add_options_params params.permit(:id_question, options: [:position, :label, :value, :go_page]) end end
Improve this question
4
  • what does your controller action look like? do you have a format block? Commented Aug 17, 2016 at 2:27
  • What version of Rails are you using? Commented Aug 17, 2016 at 3:08
  • @MarsAtomic It's rails 4.2.5 Commented Aug 17, 2016 at 3:44
  • @Doon I have a respond_to do |format|, but it's not in the add_options action, in any case I'ill edit the post to add the code of the controller Commented Aug 17, 2016 at 3:46

3 Answers 3

Reset to default
9 
params.permit(:id_question, options: [:position, :label, :value, :go_page], question: {})

This line is telling Rails that the only params that are permitted are in the list above. If you actually look at a real params-hash, it doesn't just contain the params passed in by the form, it also contains things like: :controller => :questions, :action => :create, :format => :json etc... which Rails always inserts based on the URL

Normally we namespace the form by using eg form_for @question which means the params come in like this:

{:controller => :questions, :action => :create, :format => :json, :question => {"id_question"=>551, "options"=>[{"position"=>10, "label"=>"opc 10", "value"=>"opc 10", "go_page"=>nil}]} }

then you can do this in your controller:

params.require(:question).permit(:id_question, options: [:position, :label, :value, :go_page])

which doesn't literally tell rails that you aren't allowed to have the controller/action/format params that are always passed in by rails...

Obviously you'll need to modify the names of these to suit your needs, but this is what you need to do to stop the error.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Ok... but I didn't use a form from Rails, I'm sending those JSON params from an AngularJS application using Restangular... so I'm sending those params with javascript code.
It doesn't matter how you're sending them to Rails Rails pulls those other fields out of the URL you use... and once your Rails app receives them... you need to tell Rails that they are acceptable fields.
Requests include extra params ("format", "controller", and "action"). Rails will complain about this if you don't "require" a field. To hide that warning, you can exclude "format" from your parameters: params.except(:format).permit(:id_question, options: [:position, :label, :value, :go_page])
1

I was having a similar issue with my JSON and thought this question could use a few more examples.

TL;DR

To avoid the Unpermitted parameter: format with JSON requests be sure to nest your request object for POST and PATCH requests (ex. { question: {name: '', prompt: ''} } and access with params.require(:question).permit(:name, :prompt, ..) in the controller. For GET and DELETE requests, use only params.require(:id) in the controller.

To build on Taryn's reply above, I needed to create a nested object in my front end for POST requests, and fix how I was using require and permit on the back end. Here are examples:

Example: POST /questions

Rails expects a post request to be of the form, { question: { name: '', prompt: '', ..} }. In the front end:

// bad $http.post('/questions.json', { name: 'Question 1', prompt: 'Bears eat beets?' }) // good $http.post('/questions.json', { question: { name: 'Question 1', prompt: '...' } })

Backend:

# app/controllers/questions_controller.rb def question_params # bad - logs 'Unpermitted parameter: format' params.permit(:name, :prompt) # good params.require(:question).permit(:name, :prompt) end

Example: GET /questions/:id

My mistake was in the backend again. For example:

# app/controllers/questions_controller.rb def show # bad - logs 'Unpermitted parameter: format' question = Question.where(params.permit(:id)).first # good question = Question.find(params.require(:id)) render json: question end
Improve this answer

Comments

-7 
<%= link_to "Questinons", questions_path(format: "json") %>
Improve this answer

1 Comment

Can you elaborate on how this code will solve the OP's problem?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.