Skip to main content

Strong Parameters issue when upgarding Rails from 4.1.8 to 4.2.5

Rails • Asked by Parth Patel
I am new to rails and trying to understand what the issue is when the rails version is updated. Is this something related to strong_parameters? the way 
params[:budgets_updator][:budget])
is used in the controller. If so, how can I rewrite this using strong parameters?

Model:
class Budget < ActiveRecord::Base
  before_save :add_update_log
  before_save :set_default_value

  delegate_query :filter_sort_paginate, to: 'BudgetFetchQuery'

  belongs_to :book
  belongs_to :team
  belongs_to :deliverable
  validates_uniqueness_of :quarter_name, scope: :deliverable_id

  def self.fetch(params={})
    self.filter_sort_paginate(params)
  end

  def unfunded
    100 - funded
  end

  def uncommitted
    100 - committed
  end

end

Controller:
class BudgetsController < ApplicationController

def create
    @deliverable = Deliverable.find(params[:deliverable_id])
    @updator     = BudgetsUpdator.new(@deliverable)

        begin
      @updator.update_or_create!(params[:budgets_updator][:budget])
      html = render_to_string 'show', foramt: :html, layout: false
      render json: {html: html, status: "OK"}
    rescue
      html = render_to_string partial: 'edit'
      render json: {html: html, status: "NOT OK"}
    end
  end
end

Budgets Updator code:
class BudgetsUpdator
  include Rails.application.routes.url_helpers
  extend  ActiveModel::Naming
  include ActiveModel::Conversion
  include ActiveModel::Validations

  attr_reader :deliverable, :start_date, :end_date

  def update_or_create!(params={})
    params = params.map{|_, attrs| attrs}
    ActiveRecord::Base.transaction do
      params.each do |attrs|
        budget = budget_list.find_by_quarter_name(attrs["quarter_name"])
        budget.update_attributes!(attrs)
      end
    end
    @budget_list = deliverable.reload.budget_list
  end
end



Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 27,623+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.