I've been doing RoR for years, but this is my first project with Mongo (also my first api-only project). I'm having a rough time with HABTM associations and I suspect it has to do with params, but I'm not sure what else to try.
Here's what I've got:
class Project
include Mongoid::Document
field :name, type: String
field :start_date, type: Date
field :target_date, type: Date
has_and_belongs_to_many :users
end
class User
include Mongoid::Document
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:jwt_authenticatable, jwt_revocation_strategy: JWTBlacklist
field :email, type: String
field :_id, type: String, default: ->{ email }
{ ... devise stuff ...}
has_and_belongs_to_many :projects
end
In my projects controller, I have this for parameters:
def project_params
params.permit(:id, :name, :start_date, :target_date, :description, user_ids: [])
end
And yes, I've also tried doing {user_ids: []}.
When I use Postman to make a URL PUT request to attempt to add users to a project, I get an "unpermitted parameter" error. But ... I'm permitting that parameter, right?
I'm kind of going nuts because I don't know if I have a Mongo problem, a Rails 5 problem, or an API problem. All other calls are working fine.
Started PUT "/rapi/projects/3" for 127.0.0.1 at 2017-02-15 22:55:10 -0500
Overwriting existing field _id in class JWTBlacklist.
Overwriting existing field _id in class User.
Processing by Api::V1::ProjectsController#update as JSON
Parameters: {"user_ids"=>"[email protected]", "id"=>"3"}
MONGODB | localhost:27017 | anthem.find | STARTED | {"find"=>"users", "filter"=>{"_id"=>"[email protected]"}}
MONGODB | localhost:27017 | anthem.find | SUCCEEDED | 0.000363703s
Overwriting existing field _id in class Project.
MONGODB | localhost:27017 | anthem.find | STARTED | {"find"=>"projects", "filter"=>{"_id"=>"3"}}
MONGODB | localhost:27017 | anthem.find | SUCCEEDED | 0.000244022s
Unpermitted parameters: user_ids, format
Overwriting existing field _id in class Release.
Completed 204 No Content in 20ms
I'd appreciate any ideas about what else I might try.
Not quite. You're permitting
user_idsas an array. But you send it as a scalar value. This is enough difference for strong params to not let the data through.Make up your mind and do either one (permit array and send array) or the other (permit scalar and send scalar).