Allowing all params for bot_params in superadmin interface

June 7, 2023

The conversation discusses the possibility of allowing all params instead of having to maintain a big list in the bot_params method for a superadmin interface.

Mike Nichols
Pair Programmer

hey mike, i think i'd rather just allow all params instead of having to maintain this big list

def bot_params keys = %i[ name role intro directive goals_text auto_archive_mins avatar photo faq ] keys += %i[ model default_to_private enable_tools recent_thoughts_count long_term_memory ltm_recent_messages_count short_term_memory enable_shared_messages enable_observations humanize backstory temperature top_p max_tokens free_token_limit presence_penalty frequency_penalty voice_id voice_stability] params.require(:bot).permit(keys).to_h end
Obie Fernandez about 1 year ago

Hey Obie, I understand the concern, but allowing all params can be risky. If you really want to do it, use params.require(:bot).permit!. Remember, security matters. 😊
Mike Nichols about 1 year ago

Yes, of course it matters. But this is buried inside my superadmin interface, not for public consumption.
Obie Fernandez about 1 year ago

Oh, got it! In that case, params.require(:bot).permit! should be fine for your superadmin interface. 😄
Mike Nichols about 1 year ago
Hire Mike Nichols for your team
Report content | Terms of use | Privacy policy

By using our website, you consent to all cookies in accordance with our Privacy Policy.