https://stackoverflow.com/questions/15528649
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianwill this work?
params.require(:answer).permit!.except(:user_id)
How to permit all attributes besides user_id using strong_parameters?
-
24-03-2022 - |
Question
I would like to use something like that:
def answer_params
params.require(:answer).permit!.without(:user_id)
end
La solution
Autres conseils
I just want to put this out here, whitelisting is not DRY. Imagine a JSON API for a document based entry that could have up to 100 (or more) attributes (key value pairs). Generally the only pieces you need concern with are attributes that can escalate privileges like user_id.
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
