tracks
tracks copied to clipboard
TracksApp
Unpermitted parameters: id
When updating the title of an action, the message Unpermitted parameters: id appears in the log.
Started PATCH "/todos/22" for 127.0.0.1 at 2015-04-13 20:20:49 +0200
Processing by TodosController#update as JS
Parameters: {"utf8"=>"✓", "authenticity_token"=>"...", "todo"=>{"id"=>"22", "description"=>"aaax", "notes"=>"", "due"=>"", "show_from"=>""}, "_source_view"=>"todo", "_tag_name"=>"", "project_name"=>"None", "context_name"=>"aaa", "tag_list"=>"", "predecessor_input"=>"", "predecessor_list"=>"", "_group_view_by"=>"context", "id"=>"22"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
Preference Load (0.1ms) SELECT "preferences".* FROM "preferences" WHERE "preferences"."user_id" = ? LIMIT 1 [["user_id", 1]]
Todo Load (0.1ms) SELECT "todos".* FROM "todos" WHERE "todos"."user_id" = ? AND "todos"."id" = ? ORDER BY todos.completed_at DESC, todos.created_at DESC LIMIT 1 [["user_id", 1], ["id", 22]]
Context Load (0.1ms) SELECT "contexts".* FROM "contexts" WHERE "contexts"."id" = ? LIMIT 1 [["id", 1]]
Todo Load (0.1ms) SELECT "todos".* FROM "todos" INNER JOIN "dependencies" ON "todos"."id" = "dependencies"."predecessor_id" WHERE "dependencies"."successor_id" = ? [["successor_id", 22]]
(0.1ms) begin transaction
Tag Load (0.2ms) SELECT "tags".* FROM "tags" INNER JOIN "taggings" ON "tags"."id" = "taggings"."tag_id" WHERE "taggings"."taggable_id" = ? AND "taggings"."taggable_type" = ? [["taggable_id", 22], ["taggable_type", "Todo"]]
(0.1ms) commit transaction
Tag Load (0.1ms) SELECT "tags".* FROM "tags" INNER JOIN "taggings" ON "tags"."id" = "taggings"."tag_id" WHERE "taggings"."taggable_id" = ? AND "taggings"."taggable_type" = ? [["taggable_id", 22], ["taggable_type", "Todo"]]
Context Load (0.2ms) SELECT "contexts".* FROM "contexts" WHERE "contexts"."user_id" = ? AND "contexts"."name" = 'aaa' ORDER BY position ASC LIMIT 1 [["user_id", 1]]
Unpermitted parameters: id
(0.5ms) begin transaction
SQL (0.4ms) UPDATE "todos" SET "description" = ?, "updated_at" = ? WHERE "todos"."id" = 22 [["description", "aaax"], ["updated_at", "2015-04-13 18:20:49.165350"]]
SQL (0.1ms) UPDATE "contexts" SET "updated_at" = '2015-04-13 18:20:49.169808' WHERE "contexts"."id" = 1
(9.8ms) commit transaction
Todo Load (0.2ms) SELECT "todos".* FROM "todos" WHERE "todos"."id" = ? LIMIT 1 [["id", 22]]
Context Load (0.2ms) SELECT "contexts".* FROM "contexts" WHERE "contexts"."id" = ? LIMIT 1 [["id", 1]]
Context Load (0.4ms) SELECT "contexts".* FROM "contexts" WHERE "contexts"."user_id" = ? AND "contexts"."id" = ? ORDER BY position ASC LIMIT 1 [["user_id", 1], ["id", 1]]
CACHE (0.0ms) SELECT "contexts".* FROM "contexts" WHERE "contexts"."user_id" = ? AND "contexts"."id" = ? ORDER BY position ASC LIMIT 1 [["user_id", 1], ["id", 1]]
(2.2ms) SELECT COUNT(*) FROM "todos" INNER JOIN contexts c_hidden ON c_hidden.id = todos.context_id WHERE "todos"."context_id" = ? AND "todos"."state" = 'active' AND (NOT(todos.state = 'project_hidden' OR (c_hidden.state = 'hidden' AND (todos.state = 'active' OR todos.state = 'deferred' OR todos.state = 'pending')))) [["context_id", 1]]
CACHE (0.0ms) SELECT COUNT(*) FROM "todos" INNER JOIN contexts c_hidden ON c_hidden.id = todos.context_id WHERE "todos"."context_id" = ? AND "todos"."state" = 'active' AND (NOT(todos.state = 'project_hidden' OR (c_hidden.state = 'hidden' AND (todos.state = 'active' OR todos.state = 'deferred' OR todos.state = 'pending')))) [["context_id", 1]]
(0.1ms) SELECT COUNT(*) FROM "todos" INNER JOIN contexts c_hidden ON c_hidden.id = todos.context_id WHERE "todos"."user_id" = ? AND "todos"."state" = 'active' AND (NOT(todos.state = 'project_hidden' OR (c_hidden.state = 'hidden' AND (todos.state = 'active' OR todos.state = 'deferred' OR todos.state = 'pending')))) [["user_id", 1]]
(0.1ms) begin transaction
SQL (0.2ms) UPDATE "todos" SET "updated_at" = '2015-04-13 18:20:49.271763' WHERE "todos"."id" = 22
SQL (0.1ms) UPDATE "contexts" SET "updated_at" = '2015-04-13 18:20:49.273823' WHERE "contexts"."id" = 1
(4.9ms) commit transaction
Todo Load (0.1ms) SELECT "todos".* FROM "todos" INNER JOIN "dependencies" ON "todos"."id" = "dependencies"."predecessor_id" WHERE "dependencies"."successor_id" = ? [["successor_id", 22]]
Tag Load (0.1ms) SELECT "tags".* FROM "tags" INNER JOIN "taggings" ON "tags"."id" = "taggings"."tag_id" WHERE "taggings"."taggable_id" = ? AND "taggings"."taggable_type" = ? [["taggable_id", 22], ["taggable_type", "Todo"]]
Todo Exists (0.1ms) SELECT 1 AS one FROM "todos" INNER JOIN "dependencies" ON "todos"."id" = "dependencies"."successor_id" WHERE (todos.state = 'pending') AND "dependencies"."predecessor_id" = ? LIMIT 1 [["predecessor_id", 22]]
Todo Load (0.3ms) SELECT "todos".* FROM "todos" INNER JOIN "dependencies" ON "todos"."id" = "dependencies"."successor_id" WHERE (todos.state = 'pending') AND "dependencies"."predecessor_id" = ? [["predecessor_id", 22]]
Todo Exists (0.1ms) SELECT 1 AS one FROM "todos" INNER JOIN "dependencies" ON "todos"."id" = "dependencies"."successor_id" WHERE (todos.state = 'pending') AND "dependencies"."predecessor_id" = ? LIMIT 1 [["predecessor_id", 21]]
Rendered todos/_successor.html.erb (5.9ms)
Rendered todos/_todo.html.erb (22.4ms)
Rendered todos/_update_successful.js.erb (26.9ms)
Rendered todos/update.js.erb (28.2ms)
Completed 200 OK in 186ms (Views: 31.8ms | ActiveRecord: 21.1ms)
this is because the param :todo => {:id => 123, ...} is checked by permit_params. We disallow :id there. We do need :id for finding the specific todo though.
We should remove :id from the form and make sure the id is retrieved from in the url / route.
