[英]Rails Strong Parameters: Permit a param in controller
I have a User model which as an internal field say some_internal_id
. 我有一个用户模型,作为内部字段说some_internal_id
。 I do not want external users to be able to enter it (via mass assignment). 我不希望外部用户能够输入它(通过批量分配)。 Ideally I should not permit it in the user_params
function. 理想情况下,我不应该在user_params
函数中允许它。
Create method assigns the internal param, something like this: Create方法分配内部参数,如下所示:
def create
user_params[:some_internal_id] = rand(100)
@user = User.new(user_params)
@user.save
end
# Never trust parameters from the scary internet, only allow the white list through.
# No need to permit some_internal_id param here
def user_params
params.require(:user).permit(:name, :age)
end
The code above throws an Unpermitted parameter: some_internal_id
error. 上面的代码抛出Unpermitted parameter: some_internal_id
错误。
The following solves what I am trying to do, but doesn't look a very clean approach: 以下解决了我想做的事情,但看起来不是很干净的方法:
def create
@user = User.new(user_params)
@user.save
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
params[:user][:some_internal_id] = rand(100)
params.require(:user).permit(:some_internal_id, :name, :age)
end
Is there a better approach where I can permit and set a param in create method - close to where the object is being saved ? 有没有一种更好的方法可以允许并在create方法中设置参数-靠近保存对象的位置?
Just assign your internal parameter manually, right before save: 只需在保存之前手动分配内部参数即可:
def create
@user = User.new(user_params)
@user.some_internal_id = rand(100)
@user.save
end
To write it as a 1 call, you can use User.create
block syntax: 要将其编写为1调用,可以使用User.create
块语法:
@user = User.create(user_params) do |user| # first, assign these attributes
user.some_internal_id = rand(100) # then yield user to the block
end # and, finally, save
我通常在强参数permit
之后将其他属性合并到参数中:
@user = User.new user_params.merge(some_internal_id: rand(100))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.