API v2 does not document 'accepts_nested_attributes_for' for most of the controllers. However, there are 3 controllers that currently document this:
app/controllers/api/v2/config_templates_controller.rb
param :template_combinations_attributes, Array, :desc => "Array of template combinations (hostgroup_id, environment_id)"
app/controllers/api/v2/hosts_controller.rb
param :host_parameters_attributes, Array
app/controllers/api/v2/domains_controller.rb
param :domain_parameters_attributes, Array, :required => false, :desc => "Array of parameters (name, value)"
Question
- Should this documentation above be removed.
Note: Even if it is removed from the docs, all code will still work, since Foreman currently has not implemented 'strong_parameters' to whitelist the permitted params. Furthermore, *_attributes params will work on all other controllers even if not documented.
- Is it OK to implement 'strong_parameters' in API v2 to whitelist the permitted params, or is this too much of a potential breaking change that it needs to wait until API v3.
Regards,
Joseph
I'd say document this properly for v2, and if strong_parameters is going to
whitelist reasonable parameters in all controllers, put it in v2.
···
On Wed, Jul 23, 2014 at 11:19 AM, Joseph Magen wrote:
API v2 does not document ‘accepts_nested_attributes_for’ for most of the
controllers. However, there are 3 controllers that currently document this:
app/controllers/api/v2/config_templates_controller.rb
param :template_combinations_attributes, Array, :desc => "Array of
template combinations (hostgroup_id, environment_id)"
app/controllers/api/v2/hosts_controller.rb
param :host_parameters_attributes, Array
app/controllers/api/v2/domains_controller.rb
param :domain_parameters_attributes, Array, :required => false,
:desc => “Array of parameters (name, value)”
Question
- Should this documentation above be removed.
Note: Even if it is removed from the docs, all code will still work, since
Foreman currently has not implemented ‘strong_parameters’ to whitelist the
permitted params. Furthermore, *_attributes params will work on all other
controllers even if not documented.
- Is it OK to implement ‘strong_parameters’ in API v2 to whitelist the
permitted params, or is this too much of a potential breaking change that
it needs to wait until API v3.
Regards,
Joseph
–
You received this message because you are subscribed to the Google Groups
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Daniel Lobato
@elobatoss
blog.daniellobato.me
daniellobato.me
GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
I agree. Definitely document it.
I've really enjoyed using strong_parameters in Katello. It's great. The only thing is that you'll want to look at Katello how we turn it on/off for controllers. Let me know if you need help.
David
···
----- Original Message -----
> From: "Daniel Lobato"
> To: foreman-dev@googlegroups.com
> Sent: Wednesday, July 23, 2014 7:49:14 AM
> Subject: Re: [foreman-dev] foreman API v2 - accepts_nested_attributes_for & strong_parameters
>
> I'd say document this properly for v2, and if strong_parameters is going to
> whitelist reasonable parameters in all controllers, put it in v2.
>
>
> On Wed, Jul 23, 2014 at 11:19 AM, Joseph Magen wrote:
>
> > API v2 does not document 'accepts_nested_attributes_for' for most of the
> > controllers. However, there are 3 controllers that currently document this:
> >
> > app/controllers/api/v2/config_templates_controller.rb
> >
> > param :template_combinations_attributes, Array, :desc => "Array of
> > template combinations (hostgroup_id, environment_id)"
> >
> > app/controllers/api/v2/hosts_controller.rb
> >
> > param :host_parameters_attributes, Array
> >
> > app/controllers/api/v2/domains_controller.rb
> >
> > param :domain_parameters_attributes, Array, :required => false,
> > :desc => "Array of parameters (name, value)"
> >
> > Question
> > 1) Should this documentation above be removed.
> >
> > Note: Even if it is removed from the docs, all code will still work, since
> > Foreman currently has not implemented 'strong_parameters' to whitelist the
> > permitted params. Furthermore, *_attributes params will work on all other
> > controllers even if not documented.
> >
> > 2) Is it OK to implement 'strong_parameters' in API v2 to whitelist the
> > permitted params, or is this too much of a potential breaking change that
> > it needs to wait until API v3.
> >
> >
> > Regards,
> >
> > Joseph
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "foreman-dev" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to foreman-dev+unsubscribe@googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
>
>
>
> --
> Daniel Lobato
>
> @elobatoss
> blog.daniellobato.me
> daniellobato.me
>
> GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
>
> --
> You received this message because you are subscribed to the Google Groups
> "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-dev+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>