I'm trying to implement a form of pagination using limit and offset query parameters. Is there a way to make sure the values are integers otherwise throw a 400 error, perhaps by using strong_parameters? It seems like the sort of thing that would be built in to rails, but I can't find anything.
我正在尝试使用限制和偏移查询参数来实现一种分页形式。有没有办法确保值是整数否则抛出400错误,也许使用strong_parameters?这似乎是内置于rails中的东西,但我找不到任何东西。
I could just manually convert the query parameters, but I'd rather use something a bit more bullet proof if possible.
我可以手动转换查询参数,但如果可能的话,我宁愿使用更多防弹的东西。
3 个解决方案
#1
12
Like the commenter @Litmus above, I would recommend using a Ruby gem such as kaminari to manage pagination.
就像上面的评论者@Litmus一样,我建议使用像kaminari这样的Ruby gem来管理分页。
But if you're set on rolling your own, and you're concerned about input sanitization, the simplest method to ensure the "offset" and "limit" parameters are integers might be a filter in your controller:
但是如果你自己开始滚动,并且你关心输入清理,那么确保“offset”和“limit”参数是整数的最简单方法可能是你的控制器中的一个过滤器:
class YourController < ApplicationController
before_filter :sanitize_page_params
# ... other controller methods ...
private
def sanitize_page_params
params[:offset] = params[:offset].to_i
params[:limit] = params[:limit].to_i
end
# ... etc. ...
end
Note that strings such as "foo" will be converted to 0.
请注意,诸如“foo”的字符串将转换为0。
#2
2
You basically need to convert your parameters manually. Ideally, abstract this into a controller-method to keep your actual method clean.
您基本上需要手动转换参数。理想情况下,将其抽象为控制器方法,以保持实际方法的清洁。
Class SomeController < ActionController
before_filter: cleanup_pagination_params
def cleanup_pagination_params
params[:offset] = params[:offset].to_i
params[:limit] = params[:limit].to_i
end
# Your regular controller methods here
end
#3
0
Super late to the game but for future Googlers...
超级游戏,但未来的Google员工......
You may consider using this gem: github.com/launchpadlab/decanter
您可以考虑使用这个gem:github.com/launchpadlab/decanter
It allows you to define how incoming params should be parsed.
它允许您定义如何解析传入的参数。
More on it here: https://medium.com/launchpad-lab/the-missing-step-in-rails-controllers-82aaa9172165
更多相关信息:https://medium.com/launchpad-lab/the-missing-step-in-rails-controllers-82aaa9172165
#1
12
Like the commenter @Litmus above, I would recommend using a Ruby gem such as kaminari to manage pagination.
就像上面的评论者@Litmus一样,我建议使用像kaminari这样的Ruby gem来管理分页。
But if you're set on rolling your own, and you're concerned about input sanitization, the simplest method to ensure the "offset" and "limit" parameters are integers might be a filter in your controller:
但是如果你自己开始滚动,并且你关心输入清理,那么确保“offset”和“limit”参数是整数的最简单方法可能是你的控制器中的一个过滤器:
class YourController < ApplicationController
before_filter :sanitize_page_params
# ... other controller methods ...
private
def sanitize_page_params
params[:offset] = params[:offset].to_i
params[:limit] = params[:limit].to_i
end
# ... etc. ...
end
Note that strings such as "foo" will be converted to 0.
请注意,诸如“foo”的字符串将转换为0。
#2
2
You basically need to convert your parameters manually. Ideally, abstract this into a controller-method to keep your actual method clean.
您基本上需要手动转换参数。理想情况下,将其抽象为控制器方法,以保持实际方法的清洁。
Class SomeController < ActionController
before_filter: cleanup_pagination_params
def cleanup_pagination_params
params[:offset] = params[:offset].to_i
params[:limit] = params[:limit].to_i
end
# Your regular controller methods here
end
#3
0
Super late to the game but for future Googlers...
超级游戏,但未来的Google员工......
You may consider using this gem: github.com/launchpadlab/decanter
您可以考虑使用这个gem:github.com/launchpadlab/decanter
It allows you to define how incoming params should be parsed.
它允许您定义如何解析传入的参数。
More on it here: https://medium.com/launchpad-lab/the-missing-step-in-rails-controllers-82aaa9172165
更多相关信息:https://medium.com/launchpad-lab/the-missing-step-in-rails-controllers-82aaa9172165