Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

YAML dump of hash in database stores ActionController::Parameters ivars and parameters #2645

Open
fgi opened this issue Jun 3, 2016 · 1 comment
Open

YAML dump of hash in database stores ActionController::Parameters ivars and parameters #2645

fgi opened this issue Jun 3, 2016 · 1 comment

Comments

@fgi
Copy link

fgi commented Jun 3, 2016

In an ActiveRecord model I have fields like
serialize :metas, Hash
They are converted in YAML and stored in PostgreSQL text fields.

Probably since gems upgrades, updates of such fields added useless additional information in the DB.

Example:

--- 
 related_products:
 - relation: Self
   id: '9782331002687'
 - relation: Print product
   id: '9782723482400'
 subjects:
 - scheme_identifier: '24'
   code: '124'

Became:

--- !ruby/hash-with-ivars:ActionController::Parameters
 elements:
   related_products: &1
   - !ruby/hash-with-ivars:ActionController::Parameters
     elements:
       relation: Self
       id: '9782331002687'
     ivars:
       :@permitted: true
   - !ruby/hash-with-ivars:ActionController::Parameters
     elements:
       relation: Print product
       id: '9782723482400'
     ivars:
       :@permitted: true
   subjects: &2
   - !ruby/hash-with-ivars:ActionController::Parameters
     elements:
       scheme_identifier: '24'
       code: '124'
     ivars:
       :@permitted: true

This additional information is irrelevant and generates other problems in my context.

My configuration:
MRI Ruby 2.3.1
rails 4.2.6
rails_admin 0.8.1
psych 2.0.17

After digging for a while, I understood that:

I'm not sure of the root cause of the change of behavior but RailsAdmin uses a ActionController::Parameters instance to set object's attributes. And since ActionController::Parameters is a subclass of Hash, Psych seems to add ivars and parameters to hashes before a dump to string.

I applied a patch that seems to fix the issue. It consists in transforming params (ActionController::Parameters) to a Hash, before setting object's attributes and saving it.

In https://github.com/sferik/rails_admin/blob/master/lib/rails_admin/config/actions/edit.rb
Line 27

 #  @object.set_attributes(params[@abstract_model.param_key])
@object.set_attributes(params.to_unsafe_h[@abstract_model.param_key])

I'm not sure if disabling ActionController::Parameters filters would be a security issue. In my case, these are hashes of raw data, not Ruby objects.

What would be the right way to properly solve this issue?
Thanks.
@johnnadeau
Copy link

johnnadeau commented Jul 19, 2016
edited
Loading

I think I'm having the same issue, but I'm using store_accessor to access some of the values in the hash and often the added information messes with the structure and thus returning nil when I make a call to one of the store_accessors I created.

Thanks @fgi for digging into this, hopefully I can at least use what you've shown here for a patch to get me by for now.

I'm available to help test any solution for this down the road. Thanks!

danstutzman pushed a commit to danstutzman/rails_admin that referenced this issue Jun 18, 2017
Fix bug that corrupts YAML fields...
fa339f0 
For example, text_messages and announcements are changed to begin with '--- !ruby/hash-with-ivars:ActionController::Parameters'.  Patch is from railsadminteam#2645
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fgi @johnnadeau