[ rails ] ActionController Parameters — prevent attributes from mass update

Allows you to choose which attributes should be whitelisted for mass updating and thus prevent accidentally exposing that which shouldn’t be exposed.

  • require is used to mark parameters as required.
  • permit is used to set the parameter as permitted and limit which attributes should be allowed for mass updating
params = ActionController::Parameters.new({
person: {
name: 'Francesco',
age: 22,
role: 'admin'
}
})

permitted = params.require(:person).permit(:name, :age)
permitted # => {"name"=>"Francesco", "age"=>22}
permitted.class # => ActionController::Parameters
permitted.permitted? # => true

Person.first.update!(permitted)
# => #<Person id: 1, name: "Francesco", age: 22, role: "user">

ref : http://api.rubyonrails.org/classes/ActionController/Parameters.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s