Is it possible to work with serializable fields (Hash)?

[qd3v]

Hi!
For two hours reading specs and trying to permit hash, without luck:

# Model
class Pass
  serialize :header, Hash
  serialize :primary, Hash

  protect do
    can :update
  end
end

# Ctrl
def update
  respond_with pass.tap { |p| p.restrict!.update(params[:pass]) }
end

# Incoming params(pure)

{"id"=>"1095", "name"=>"Name 1", "logo_text"=>"Logo text 1", "header"=>{},
"primary"=>{"key"=>"primary_key", "label"=>"primary_label", "value"=>"primary_value"}, 
"icon_url"=>nil, "logo_url"=>nil, "strip_url"=>nil, 

"pass"=>{"id"=>"1095", "name"=>"Name 1", "logo_text"=>"Logo text 1", "header"=>{}, 
"primary"=>{"key"=>"primary_key", "label"=>"primary_label", "value"=>"primary_value"}}}

---

Started PUT "/pass/1095?format=json" for 127.0.0.1 at 2014-10-01 06:25:57 +0400
Processing by PassController#update as JSON
(0.7ms) BEGIN
Unpermitted parameters: header, primary # <---- not :name or other plain fields
  SQL (0.2ms)  UPDATE "passes" SET "header" = $1, "primary" = $2 WHERE "passes"."id" = 1095  [["header", "--- {}\n"], ["primary", "--- {}\n"]]
(0.6ms)  COMMIT

No transformations of params or anything else was done. Plain stupid action. Where do you think the problem is?

protector (0.7.7)
rails (4.1.6)

I really want to switch to protector, 'cause SP is clumsy and hardtestable for me.
BTW, in case of hash, how to permit only its existence (parameter name), not its details, such as hash keys or even worse key values?
Any help will be appreciated, thanks!

[toxix]

Try to change your controller like this and things should work:

def update
  respond_with pass.tap { |p| p.restrict!.update(params[:pass].require(:pass)) }
end

best regards