Module: Hanami::Action::Validatable::ClassMethods Private

Defined in:

lib/hanami/action/validatable.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

Validatable API class methods

Since:

• 0.1.0

Instance Method Summary

• #params(klass = nil, &blk) ⇒ Object

  Whitelist valid parameters to be passed to Hanami::Action#call.

Instance Method Details

#params(klass = nil, &blk) ⇒ Object

Whitelist valid parameters to be passed to Hanami::Action#call.

This feature isn’t mandatory, but higly recommended for security reasons.

Because params come into your application from untrusted sources, it’s a good practice to filter only the wanted keys that serve for your specific use case.

Once whitelisted, the params are available as an Hash with symbols as keys.

It accepts an anonymous block where all the params can be listed. It internally creates an inner class which inherits from Hanami::Action::Params.

Alternatively, it accepts an concrete class that should inherit from Hanami::Action::Params.

Examples:

Anonymous Block

require "hanami/controller"

class Signup < Hanami::Action
  params do
    required(:first_name)
    required(:last_name)
    required(:email)
  end

  def handle(req, *)
    puts req.params.class            # => Signup::Params
    puts req.params.class.superclass # => Hanami::Action::Params

    puts req.params[:first_name]     # => "Luca"
    puts req.params[:admin]          # => nil
  end
end

Concrete class

require "hanami/controller"

class SignupParams < Hanami::Action::Params
  required(:first_name)
  required(:last_name)
  required(:email)
end

class Signup < Hanami::Action
  params SignupParams

  def handle(req, *)
    puts req.params.class            # => SignupParams
    puts req.params.class.superclass # => Hanami::Action::Params

    req.params[:first_name]          # => "Luca"
    req.params[:admin]               # => nil
  end
end

Parameters:

• klass (Class, nil) (defaults to: nil) —

  a Hanami::Action::Params subclass

• blk (Proc) —

  a block which defines the whitelisted params

Returns:

• void

See Also:

• Params
• https://guides.hanamirb.org//validations/overview

Since:

• 0.3.0

# File 'lib/hanami/action/validatable.rb', line 100

def params(klass = nil, &blk)
  if klass.nil?
    klass = const_set(PARAMS_CLASS_NAME, Class.new(Params))
    klass.class_eval { params(&blk) }
  end

  @params_class = klass
end