Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Rails 4 Strong parameter

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 397
    Comment on it

    Rails 4 has many new features, and Strong parameter is one of them. Strong parameter allows us to choose attributes that can be whitelisted for mass assignment. In rails 3 we were doing this by listing accessible attributes in the model. But in rails 4 strong parameter are moving mass-assignment protection from model to controller.
    It provides an interface for protecting attributes from end-user assignment so that Action Controller parameters are restricted to be used in Active Model mass assignments until they have been whitelisted. For this it has two methods:


    1) require : It is used to mark the parameters as required.
    2) permit : It is used to describe which attriibutes are allowed for mass assignment.

    Lets explain this with an example:

    class UserController < ActionController::Base
    
      def create
        User.create(user_params)
      end
    
     
      def update
        user = User.find(params[:id])
        user.update_attributes(user_params)
        
      end
    
      private
       
        def user_params
          params.require(:user).permit(:name, :email)
        end
    end

    If we try to use these attributes(name, email) directly without whitelisting in mass assignment, it will give ActiveModel::ForbiddenAttributesError.
    There is one difference between require and permit, require returns the actual value of the parameter, and permit returns the hash.

    For example:

    params = ActionController::Parameters.new(username: "john")
    params.permit(:username)
    # => { "username" => "john" }
    params.require(:username)
    # => "john"

    If we want to use accepts_nested_attributes_for with Strong Parameters, we need to specify in models, which nested attributes should be whitelisted.

    class User
      has_many :accounts
      accepts_nested_attributes_for :accounts
    end


    Then mass-assign in controller:

    class UserController < ActionController::Base
      def create
        User.create(user_params)
      end
    
      private
    
        def user_params
          params.require(:user).permit(:name, :email, accounts_attributes: [ :id, :category ])
        end
    end

    It provides two options that specify the behavior of any instances:

    1) permit_all_parameters - By default this option is false. but if it is set to true, all the parameters will be permitted by default.

    2) action_on_unpermitted_parameters -It specify what is need to be done when the parameters that are not permitted are mass-assigned. if the value of this option is set to :log, it will write a message on logger or if it is set to :raise, it will raise an ActionController::UnpermittedParameters exception.
    The default value is :log in test and development environments and false in other environments.

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: