我有一个测试 api 应用程序,我使用它在控制器中使用不同的操作。但是我无法正确实现它。
此控制器没有模型。 它只是将控制权委托给某些服务。 我无法将帖子数据发送到操作。
class SimplexController < ApplicationController
def initiate_request
response = SimplexServices.new.initiate_request simplex_params
render json: response
end
def update_kyc
response = SimplexServices.new.initiate_kyc update_kyc_params
render json: response
end
private
def simplex_params
params.permit!
end
def update_kyc_params
params.permit!
end
end
对于initiate_request,我在正文中有一个帖子数据,如下所示
{
"account_details": {
"logins": [
{
"id": "200",
"ip": "192.117.97.229",
"uaid": "c387c6q6sr27csbuftfvq9v652",
"timestamp": "2017-06-18T11:20:25Z",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
"is_api_initiated": false,
"http_accept_language": "en-US,en;q=0.8,he;q=0.6"
}
],
"is_2fa_enabled": false,
"partner_end_user_id": "246915",
"identity_kyc_details": {
"last_name": "Durden",
"first_name": "Tyler",
"document_id": "AB7654321"
},
"last_kyc_verification_timestamp": "2015-12-31T16:03:47Z"
},
"personal_details": {
"email": "tylerdurden@paperstsoap.com",
"phone": "+12885550153",
"gender": "m",
"address": {
"zip": "19808",
"city": "Bradford",
"country": "US",
"state": "DE",
"address_line_1": "537 Paper street"
},
"last_name": "Durden",
"first_name": "Tyler",
"middle_name": "",
"date_of_birth_ts": "1972-02-22T12:00:00Z"
},
"transaction_details": {
"last_20_txs": [],
"current_balance": {
"amount": 0,
"currency": "usd"
},
"payment_details": {
"order_id": "PRTNR135791",
"payment_id": "E98986D8-03C0-D777-07CD-C56496E2F266",
"fiat_total_amount": {
"amount": 1433.25,
"currency": "usd"
},
"payment_flow_type": "deposit",
"destination_wallet": {
"address": "16M8D1ZgkWjziw8BaJDT4w1uBF4whfG7mW",
"currency": "btc"
}
}
}
}
对于update_kyc以下是帖子请求
{
"documents": [
{
"document_type_id": "1",
"document_number": "doc123"
},
{
"document_type_id": "2",
"document_number": "doc456"
}
]
}
如何在控制器中允许此操作?
现在我使用以下代码允许所有内容。 但是允许一切是不好的。
private
def simplex_params
params.permit!
end
我必须在控制器中实现这种情况?
谢谢 阿吉斯
首先,关于许可证的使用,这取决于要求。如果相关数据不敏感,您可以跳过许可,让所有参数在批量更新中更新。许可证主要用于在模型包含密码、角色等敏感数据时保护应用程序免受批量分配。
当 json 数据传递给 Rails API 时,可以在参数上使用 permit,只需选择密钥并根据需要向下处理哈希即可。从文档中:
params = ActionController::Parameters.new({
person: {
name: "Francesco",
age: 22,
role: "admin"
}
})
permitted = params.require(:person).permit(:name, :age)
permitted # => <ActionController::Parameters {"name"=>"Francesco", "age"=>22} permitted: true>
在您的情况下,请解析 JSON 并删除不需要的密钥