I am having a bad time trying to get some form parameters (via a simple form, latest version), stored in an integer array in a PostgreSQL table. I have abstracted the key parts below, but if anyone would like to poke around, I have hosted the project on GitHub: https://github.com/cjbutcher/avc_risk_manager_2. Any help much appreciated, I have wrestled with this problem for days!

I am building a risk management app. A new risk should accept an integer from the ‘impact’ and ‘likelihood’ fields on the form view and insert them into arrays in the risk table. At the moment, all fields on the new/edit risk form update correctly, except impact and likelihood (the arrays). If I enter values in these fields, no error is thrown, yet they are not updated.

Here is the code for the form. I don’t think the problem lies here, but here it is anyway:

app/views/shared/_risk_form.html.erb

<%= simple_form_for(@risk) do |f| %>

<%= render ‘shared/error_messages’, object: f.object %>

<%= f.input :area, :collection => ['Operations', 'IT', 'Finance'], required: false, :error => false, input_html: { class: 'form-control' } %>

<%= f.input :owner, :collection => User.all, required: false, :error => false, input_html: { class: 'form-control' } %>

<%= f.input :action, required: false, :error => false, input_html: { class: 'form-control' } %>

<span class="date-of-action-input">

<%= f.input :date_of_action, as: :date, :start_year => Date.today.year - 10, :end_year => 2030,

  	:order => [ :day, :month, :year], :required => false, :error => false, input_html: { class: 'form-control' } %>

  </span>

  <span class="action-completed-input">

  <%= f.input :action_completed, as: :boolean, required: false, :error => false, input_html: { class: 'form-control' } %>

<span class="impact-input">

<%= f.input :impact, required: false, :error => false, input_html: { class: 'form-control' } %>

</span>

<span class="likelihood-input">

<%= f.input :likelihood, required: false, :error => false, input_html: { class: 'form-control' } %>

</span>

<span class="submit-risk">

<%= f.button :submit, :error => false, :error => false, input_html: { class: 'form-control' } %>

</span>

<% end %>

Here is the controller, note the strong params for impact and likelihood:

app/controllers/risk_controller.rb

class RisksController < ApplicationController

before_action :signed_in_user

before_action :correct_user, only: [:destroy, :update]

def create

@risk = current_user.risks.build(risk_params)

if @risk.save

flash[:success] = “Risk created!”

redirect_to root_url

else

render ‘new’

end

end

def new

@risk = Risk.new

end

def destroy

@risk.destroy

redirect_to root_url

end

def edit

@risk = Risk.find(params[:id])

end

def update

@risk = Risk.find(params[:id])

@risk.assign_attributes(risk_params)

if @risk.changed? == false

flash[:info] = “No changes were made”

redirect_to root_url

elsif @risk.update_attributes(risk_params)

flash[:success] = “The risk has been updated.”

redirect_to root_url

else

render ‘new’

end

end

private

def risk_params

	params.require(:risk).permit(:description, :title, :area, :owner, :action, :date_of_action, :action_completed, { :impact => [] }, { :likelihood => [] })

end

def correct_user

if current_user.admin?

@risk = Risk.find_by(id: params[:id])

redirect_to root_url if @risk.nil?

else

@risk = current_user.risks.find_by(id: params[:id])

redirect_to root_url if @risk.nil?

end

end

end

Here is the model. I purposefully left validations off the impact and likelihood fields for now so I don’t have to worry about that being the problem:

app/models/risk.rb

class Risk < ActiveRecord::Base

belongs_to :user

validates :user_id, presence: true

validates :description, presence: true

validates :title, presence: true

validates :area, presence: true

validates :owner, presence: true

end

Finally, here is the db schema:

app/db/schema.rb

ActiveRecord::Schema.define(version: 20140622153923) do

These are extensions that must be enabled in order to support this database

enable_extension “plpgsql”

create_table “risks”, force: true do |t|

t.integer “user_id”

t.string “description”

t.datetime “created_at”

t.datetime “updated_at”

t.string “title”

t.string “area”

t.string “owner”

t.string “action”

t.date “date_of_action”

t.boolean “action_completed”, default: false

t.integer “impact”, default: , array: true

t.integer “likelihood”, default: , array: true

end

add_index “risks”, [“user_id”, “created_at”], name: “index_risks_on_user_id_and_created_at”, using: :btree

create_table “users”, force: true do |t|

t.string “name”

t.string “email”

t.boolean “admin”, default: false

t.datetime “created_at”

t.datetime “updated_at”

t.string “password_digest”

t.string “remember_token”

end

add_index “users”, [“email”], name: “index_users_on_email”, unique: true, using: :btree

add_index “users”, [“remember_token”], name: “index_users_on_remember_token”, using: :btree

end

Any help much appreciated! If there is any extra information I can provide please let me know.

Thanks v much, Chris

I don’t know much about postgresql array columns and their interaction with simple_form but you should check whether the above form will result in params[risk][:impact] (and likelihood) being a string or an array.

If the params are strings it wouldn’t surprise me if strong params rejected this since you told it to expect an array (is there anything from strong params in your logfile?)

Fred

Yes I think you are right. My logfile is unavailable for some reason (“postgres cannot access the server configuration file…”) but I inspected my terminal after attempting a risk insert and this output looks exactly like what you are suggesting:

Started POST “/risks” for 127.0.0.1 at 2014-06-23 21:28:41 +0100

Processing by RisksController#create as HTML

Parameters: {“utf8”=>“✓”, “authenticity_token”=>“LOgpMvsEGkhQaoZX5BkrX+Nw1Ov9QQaHuQqWO+L8peI=”, “risk”=>{“title”=>“afafafa”, “description”=>“aadada”, “area”=>“IT”, “owner”=>“4”, “action”=>“fffaa”, “date_of_action(3i)”=>“23”, “date_of_action(2i)”=>“6”, “date_of_action(1i)”=>“2014”, “action_completed”=>“0”, “impact”=>“12”, “likelihood”=>“11”}, “commit”=>“Create Risk”}

User Load (0.3ms) SELECT “users”.* FROM “users” WHERE “users”.“remember_token” = ‘1b3c0548b48b9f90cab54a695297436286ad0132’ LIMIT 1

Unpermitted parameters: impact, likelihood

(0.1ms) BEGIN

SQL (0.3ms) INSERT INTO “risks” (“action”, “area”, “created_at”, “date_of_action”, “description”, “owner”, “title”, “updated_at”, “user_id”) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING “id” [[“action”, “fffaa”], [“area”, “IT”], [“created_at”, “2014-06-23 20:28:41.581267”], [“date_of_action”, “2014-06-23”], [“description”, “aadada”], [“owner”, “4”], [“title”, “afafafa”], [“updated_at”, “2014-06-23 20:28:41.581267”], [“user_id”, 2]]

(67.1ms) COMMIT

Redirected to http://localhost:3000/

Completed 302 Found in 73ms (ActiveRecord: 67.8ms)

So yeah - “Unpermitted parameters: impact, likelihood”. Looks relevant. I have done some research into it, and it seems like one could serialise their inputs in the model using:

serialize :impact, Array

serialize :likelihood, Array

and I could change the array type in the schema to string. However, I would really rather keep the array as integers as it’s going to make operations like averaging much easier without casting etc. Does anyone know of a way I can get these params accepted as integers? The problem might lie in simple form after all.

(Thanks for your help so far Frederick!)

Completed 302 Found in 73ms (ActiveRecord: 67.8ms)

So yeah - “Unpermitted parameters: impact, likelihood”. Looks relevant. I have done some research into it, and it seems like one could serialise their inputs in the model using:

serialize :impact, Array

serialize :likelihood, Array

If the input name (as in the name attribute on the input element ends in then rails will treat the parameter as an array. I assume simple_form has a way for you to override the input name generated, but I’ve not used it so I don’t know.

Fred

I’m working on this as I would like to have a more permanent solution for using the new fields in PostgreSQL. Fred is correct, I’m getting the following message:

Unpermitted parameters: impact, likelihood

The bigger issue is that these fields are being presented in html as number fields, meaning the user can only see or enter one number. I’m not sure exactly how you would want to present your arrays, how big they will be, and how the user will enter values or update them. The only time I’ve used this functionality is for tags and I limit it to ten tags.

I got around many of the issues by creating a textarea field and allowing the user to enter tags separated by spaces. I then converted the textarea to an array in the controller before passing it to the model object.

I’m don’t think that’s a great architecture, and it violates the DRY principle because I do that in both the create and update methods. I’ll let you know if I come up with some better answers.

Also, FYI, activerecord, for some reason cannot detect changes made to array columns. Therefore, you have to force the issue by calling something like the following:

@risk.impact_will_update!

before saving the record or updating attributes.

I’ve just started working on this again after some time off.

In response to Fred’s suggestion regarding input names, I looked into it and found you can specify custom input names in simple form like this:

<span class="impact-input">

<%= f.input :impact, required: false, :error => false, input_html: { class: 'form-control', :name => "impact[]" } %>

</span>

<span class="likelihood-input">

<%= f.input :likelihood, required: false, :error => false, input_html: { class: 'form-control', :name => "likelihood[]" } %>

</span>

Note the ":name => " addition in the input_html attribute.

Now this has not fixed the problem at all with regards to app behaviour. However the error message (“unpermitted parameters…”) in terminal has disappeared when I attempt to submit a risk:

Started POST “/risks” for 127.0.0.1 at 2014-06-29 12:58:02 +0100

Processing by RisksController#create as HTML

Parameters: {“utf8”=>“✓”, “authenticity_token”=>“LOgpMvsEGkhQaoZX5BkrX+Nw1Ov9QQaHuQqWO+L8peI=”, “risk”=>{“title”=>“aa”, “description”=>“aadad”, “area”=>“IT”, “owner”=>“5”, “action”=>“dadad”, “date_of_action(3i)”=>“29”, “date_of_action(2i)”=>“6”, “date_of_action(1i)”=>“2014”, “action_completed”=>“0”}, “impact”=>[“4”], “likelihood”=>[“4”], “commit”=>“Create Risk”}

User Load (0.4ms) SELECT “users”.* FROM “users” WHERE “users”.“remember_token” = ‘1b3c0548b48b9f90cab54a695297436286ad0132’ LIMIT 1

(0.2ms) BEGIN

SQL (0.3ms) INSERT INTO “risks” (“action”, “area”, “created_at”, “date_of_action”, “description”, “owner”, “title”, “updated_at”, “user_id”) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING “id” [[“action”, “dadad”], [“area”, “IT”], [“created_at”, “2014-06-29 11:58:02.816205”], [“date_of_action”, “2014-06-29”], [“description”, “aadad”], [“owner”, “5”], [“title”, “aa”], [“updated_at”, “2014-06-29 11:58:02.816205”], [“user_id”, 2]]

(0.3ms) COMMIT

Redirected to http://localhost:3000/

Completed 302 Found in 9ms (ActiveRecord: 1.2ms)

You can still see that the impact and likelihood fields are still omitted during the commit. Maybe this is because they are being passed in as strings (denoted by the quotes around the values you can see being passed in the terminal output above), even though the array is explicitly integer? I have tried forcing integers like this, but it has made no difference:

<span class="impact-input">

<%= f.input :impact, as: :integer, required: false, :error => false, input_html: { class: 'form-control', :name => "impact[]" } %>

</span>

<span class="likelihood-input">

<%= f.input :likelihood, as: :integer, required: false, :error => false, input_html: { class: 'form-control', :name => "likelihood[]" } %>

</span>

So I’m still stuck! If I change the input name like I have, would I have to adjust anything else in my application? This is my first rails project so forgive me if the answer to that is an obvious ‘of course’.

Thank you both for your help thus far.

I've just started working on this again after some time off.

In response to Fred's suggestion regarding input names, I looked into it and found you can specify custom input names in simple form like this:

  <span class="impact\-input">
  <%= f\.input :impact, required: false, :error => false, input\_html: \{ class: 'form\-control', :name => "impact\[\]" \} %>
  </span>
  <span class="likelihood\-input">
  <%= f\.input :likelihood, required: false, :error => false, input\_html: \{ class: 'form\-control', :name => "likelihood\[\]" \} %>
  </span>

Note the ":name => " addition in the input_html attribute.

Now this has not fixed the problem at all with regards to app behaviour. However the error message ("unpermitted parameters...") in terminal has disappeared when I attempt to submit a risk:

Started POST "/risks" for 127.0.0.1 at 2014-06-29 12:58:02 +0100 Processing by RisksController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"LOgpMvsEGkhQaoZX5BkrX+Nw1Ov9QQaHuQqWO+L8peI=", "risk"=>{"title"=>"aa", "description"=>"aadad", "area"=>"IT", "owner"=>"5", "action"=>"dadad", "date_of_action(3i)"=>"29", "date_of_action(2i)"=>"6", "date_of_action(1i)"=>"2014", "action_completed"=>"0"}, "impact"=>["4"], "likelihood"=>["4"], "commit"=>"Create Risk"}

You can see here that impact isn't inside the risk hash anymore - you need to set the parameter name to risk[impact] (and similarly for likelihood).

It's normal that the parameter values are strings - the values from a form submit will always be strings. That shouldn't be a problem.

Fred

r.

Fred, you did it! Thank you, had been stuck on this for days.

Although, any help regarding validations would be much appreciated. I need the user’s entered value for the impact and likelihood fields to be an integer between 0 and 100. What I would usually expect would work, something like:

validates_inclusion_of :impact, :in => 0..100

doesn’t. Validation always fails, presumably because the input is generated as an array with an integer inside, rather than a traditional integer. Anyone know how I could bypass this issue?

I think you'll have to write a custom validation for this

validates :foo def foo   # do whatever checks you want and call   # errors.add if the record isn't valid end

I can never remember whether it is validate or validates.

Fred

thank you

I really don't understand your use case of storing a single integer as a single-element array, but perhaps just use e.g.

  ... :in => acceptable_range

  def acceptable_range       (1..100).each.map{ |n| [n] }   end

FWIW,