Rails: How to use Strong_Params on CERTAIN models only

StackOverflow https://stackoverflow.com/questions/17795504

Question

I haven't switched to Rails 4 yet & have been looking into strong_params. I'm liking what I'm seeing & would like to use it on 1 model only. Seems simple but I'm suppose to comment out 'config.active_record.whitelist_attributes = true' in my config > application.rb file.

How do I safely (security wise) use strong_params in certain models only?

Was it helpful?

Solution

I suggest this approach: you leave strong params enabled by default, and you disable it specifically for the controllers that don't need it. (yes strong param is in controllers now with Rails 4, not in models anymore)

To disable for specific controller you can use params.require(:model_name).permit!

That will allow any params for that specific controller

Example

class UnsafeController

  ...

  def update
    ...
    @unsafe.update unsafe_params
    ...
  end

  private

    def unsafe_params
        params.require(:unsafe).permit!
    end

end
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top