Persist data in POST /notes
requests to notes
This commit addresses the previous error:
Failure:
NotesControllerTest#test_#create_persists_a_Note_record [test/controllers/notes_controller_test.rb:10]:
Expected: []
Actual: ["Hello, World"]
This error message occurs because our assertion that the notes
table
will include a row with "Hello, World"
as the value of the content
column is failing.
To resolve this error, our controller calls Note.create!
with the contents of the HTTP request body, available to the controller
action through the params
helper method. Our test’s POST
/notes
request’s body specifies the content under the content
key, so
passing params.slice(:content)
to the .create!
call will
pass along the value of the content
from our request as the value of
the Note
model’s content
attribute.
Without the intermediate call to
ActionController::Parameters#to_unsafe_h
, our tests
error:
Error:
NotesControllerTest#test_#create_persists_a_Note_record:
ActiveModel::ForbiddenAttributesError: ActiveModel::ForbiddenAttributesError
app/controllers/notes_controller.rb:11:in `create'
test/controllers/notes_controller_test.rb:7:in `block in <class:NotesControllerTest>'
It turns out that Strong Parameters expects the body of
incoming POST
requests to have a certain shape. The way that our
application is submitting <form>
submissions does not comply to that
shape.
For now, coercing params
from an instance of
ActionController::Parameters
to an instance of
ActiveSupport::HashWithIndifferentAccess
is a trade-off work making so that we can return our tests to their
originally passing state. Once we’re back to being in the Green Phase of
our TDD cycle, we can correct this security circumvention.
When we re-run our controller tests, they pass.