Merge pull request #22574 from gsamokovarov/scaffold-500

Prevent a 500 in the default controller scaffold

Merge pull request #22574 from gsamokovarov/scaffold-500
Prevent a 500 in the default controller scaffold
02eef945 · Kasper Timm Hansen · 8404aa2a · c83ace7b · 02eef945 · 02eef945
3 changed file
--- a/railties/lib/rails/generators/rails/scaffold_controller/templates/api_controller.rb
+++ b/railties/lib/rails/generators/rails/scaffold_controller/templates/api_controller.rb
@@ -52,7 +52,7 @@ def set_<%= singular_table_name %>
    # Only allow a trusted parameter "white list" through.
    def <%= "#{singular_table_name}_params" %>
      <%- if attributes_names.empty? -%>
-      params[:<%= singular_table_name %>]
+      params.fetch(:<%= singular_table_name %>, {})
      <%- else -%>
      params.require(:<%= singular_table_name %>).permit(<%= attributes_names.map { |name| ":#{name}" }.join(', ') %>)
      <%- end -%>

--- a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
+++ b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
@@ -59,7 +59,7 @@ def set_<%= singular_table_name %>
    # Only allow a trusted parameter "white list" through.
    def <%= "#{singular_table_name}_params" %>
      <%- if attributes_names.empty? -%>
-      params[:<%= singular_table_name %>]
+      params.fetch(:<%= singular_table_name %>, {})
      <%- else -%>
      params.require(:<%= singular_table_name %>).permit(<%= attributes_names.map { |name| ":#{name}" }.join(', ') %>)
      <%- end -%>

--- a/railties/test/generators/scaffold_controller_generator_test.rb
+++ b/railties/test/generators/scaffold_controller_generator_test.rb
@@ -56,7 +56,7 @@ def test_dont_use_require_or_permit_if_there_are_no_attributes

    assert_file "app/controllers/users_controller.rb" do |content|
      assert_match(/def user_params/, content)
-      assert_match(/params\[:user\]/, content)
+      assert_match(/params\.fetch\(:user, \{\}\)/, content)
    end
  end