Updating attributes in Rails 4

Question

I am looking for some clarification on permitted params and updating a record.

I understand that whitelisting attributes is now done in the controller, and I create a private method at the bottom of my controller. For example:

private
def gallery_params
  params.require(:gallery).permit(:id, :title, :overview, :category_id, gallery_images_attributes: [:id, :gallery_id, :gallery_category_id, :photo, :_destroy])
end

if i want to be able to access these attributes within my create action i can pass them through like so

@gallery = Gallery.new(gallery_params)

I am however a bit stuck on how to permit the same params through my update method

def update
@gallery = Gallery.find(params[:id])
if @gallery.update_attributes(params[:gallery])
  redirect_to root_path, notice: 'Successfully updated Gallery'
else
  render action: 'edit'
end
end

I have tried

@gallery.update_attributes(params[:gallery].permit(gallery_params))

but that doesn't work.

Answer 1

You should simply use your gallery_params method:

if @gallery.update(gallery_params)

Answer 2

There is no need of separate permission for individual attributes, simply use gallery_params