I think you don't need to call user_params
because the request is just a GET request so it doesn't matter what params[:id]
and params[:confirmation_code]
are. you can simply use these parameters directly regardless if they are strong params or not.
Rails 4 Nested Route with Strong Parameters
-
14-10-2022 - |
سؤال
I'm new to Rails and the recent switch to the Rails 4 strong parameters has confused me even more.
I'm trying to set up an account confirmation link for people to click.
I have the following route set up:
rake routes
Prefix Verb URI Pattern Controller#Action
GET /users/:id/confirm/:confirmation_code(.:format) users#confirm
In my UserController
, I have a confirm
action, which is being called (I tested via a simple redirect in that action),
and here are the rails 4 strong parameters:
private
def user_params
params.require(:user).permit(:name, :email, :password,
:password_confirmation, :confirmation_code)
end
But I'm getting the following error when I try access /users/1/confirm/foobar
param not found: user
I can see why I'm getting the error, but I'm not sure how to fix it without undoing the security of the strong params by removing the require(:user)
. I'm not even 100% if my basic approach is right.
(I've just finished Michael Hartl's rails tutorial and the tutorial has the require(:user)
in the User Controller and I'm not actually sure what the security implications are of removing it)
المحلول
نصائح أخرى
The route you've shown makes a GET request, there will be no params[:user]
, only a params[:id]
and params[:confirmation_code]
, as the defined by the route.
params[:user]
would be set if you posted a form built with form_for(@user)
back to a created/update action.
The problem is that you're somehow invoking the method user_params
in an action that doesn't have any. The method itself is doing its job exactly as intended.