Skip to content

Add active_admin_import_context convention for controller-provided context#211

Merged
Fivell merged 2 commits intomasterfrom
add-import-context
Apr 8, 2026
Merged

Add active_admin_import_context convention for controller-provided context#211
Fivell merged 2 commits intomasterfrom
add-import-context

Conversation

@Fivell
Copy link
Copy Markdown
Member

@Fivell Fivell commented Apr 8, 2026
edited
Loading

Summary

Introduces a convention method active_admin_import_context that controllers can define to provide extra attributes for the import model. The returned hash is merged into the model after form params, so controller-authoritative values (e.g. parent.id, current_user.id, request.remote_ip) cannot be overridden by tampered form fields.

ActiveAdmin.register PostComment do
  belongs_to :post

  controller do
    def active_admin_import_context
      {
        post_id: parent.id,
        imported_by_id: current_user.id,
        request_ip: request.remote_ip
      }
    end
  end

  active_admin_import template_object: ActiveAdminImport::Model.new,
                      before_batch_import: ->(importer) {
                        importer.csv_lines.map! { |row| row << importer.model.post_id }
                        importer.headers.merge!(:'Post Id' => :post_id)
                      }
end

Why a convention method instead of a new Importer arg?

  • Not hardcoded to one thing (current_user, parent, etc.) — open-ended hash
  • Works with any auth setup (current_admin, Pundit scopes, etc.) since the user picks what to expose
  • No API change on Importer#initialize
  • Secure by default — context wins over form params, so nested belongs_to imports can't be bypassed by submitting a different parent id in the form

Supersedes / closes

Test plan

  • New end-to-end Capybara specs assert persisted state:
    • request.remote_ip flows through context → stored on Post records
    • Nested PostComment imports get post_id: parent.id automatically
  • Full spec suite passes (56 examples, 0 failures)

This was referenced Apr 8, 2026
Closed
Closed
@Fivell
Add active_admin_import_context convention for controller-provided co…
ae2be23 
…ntext

Controllers can define an `active_admin_import_context` method returning a
hash; it is merged into the import model after form params so values the
controller is authoritative about (parent.id, current_user.id, request
attributes, etc.) cannot be overridden by tampered form fields.

This supersedes PR #137 by offering a general-purpose hook that works for
nested belongs_to imports and any other controller-derived state.
@Fivell Fivell force-pushed the add-import-context branch from 91bd319 to ae2be23 Compare April 8, 2026 07:56
@Fivell Fivell mentioned this pull request Apr 8, 2026
Closed
@Fivell
Consolidate template object building and context application
8f60ef7 
Replaces `build_template_object` and `apply_import_context` with a single
`prepare_import_model` orchestrator that handles the whole pipeline:
build the template object → assign form params (if any) → apply context.

Both `:import` and `:do_import` collection actions now call one method
instead of two, and the form-params extraction is encapsulated inside the
helper instead of being duplicated at the call site.
@Fivell Fivell merged commit 064ef88 into master Apr 8, 2026
34 checks passed
This was referenced Apr 8, 2026
Merged
Merged
@Fivell Fivell deleted the add-import-context branch April 8, 2026 11:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Send to importer form additional params

1 participant

@Fivell