On Apr 30, 2014, at 10:00 PM, Alexander Trauzzi <[email protected]> wrote:
> I've just been getting re-acquainted with Rails 4 after spending the past
> year working in some other frameworks.
>
> One thing I noticed are strong parameters which I see as a really great
> addition! One flaw I've noticed however is in the behaviour of
> `params.require` which I don't think is 100% user friendly yet. The two
> major issues I can see are:
>
> - It returns a value, when really what it should be doing is returning
> params to continue with a fluent API
> - It doesn't accept multiple values (an array)
>
> It's been observed in the strong params github issue tracker by several
> others that this violates the principle of least astonishment by coupling
> unrelated functionality (returning nested keys) with the enforcement of
> parameter presence. It also could be argued that people might expect to be
> able to use it as follows:
>
> my_params = params.require(:one, :two, :three).permit(:one, :two, :three,
> :four)
>
What would this specify the expected format *as*? Doing the more usual:
params.require(:one).permit(:one, :two, :three, :four)
is saying that you expect params like:
one:
one: (scalar)
two: (scalar)
three: (scalar)
four: (scalar)
In the case where `require` takes multiple keys, is it expecting the sub keys
in *each* of those? Any of them?
> This basically sets up a simple request-specific schema for parameter
> presence as it begins to travel further into the application's layers. I
> think the feature of params.require being able to verify the presence of a
> key and then returning it's contents for nested attributes needlessly couples
> two pieces of functionality. I typically store all attributes for a request
> at the root of my `params` and so I never have any nested object data to
> dereference. It's all at the top, and this results in me having to make
> multiple separate calls to `params.require` just to verify each one. Which
> as I'm sure you can guess gets very ugly, very quickly:
>
> params.require :one
> params.require :two
> params.require :three
> my_params = params.permit :one, :two, :three, :four
Does this actually work? I swear I’ve gotten into trouble with calling `permit`
on the top-level params hash, since there’s other stuff (:controller, :action,
:format, etc) in there…
—Matt Jones
signature.asc
Description: Message signed with OpenPGP using GPGMail
