How to permit all attributes besides user_id using strong_parameters?
Question
I would like to use something like that:
def answer_params
params.require(:answer).permit!.without(:user_id)
end
2 answers
solution1
12 ACCPTED 2013-03-20 16:04:22
这会有用吗?
params.require(:answer).permit!.except(:user_id)
solution2
5 2013-08-04 01:50:05
I just want to put this out here, whitelisting is not DRY. Imagine a JSON API for a document based entry that could have up to 100 (or more) attributes (key value pairs). Generally the only pieces you need concern with are attributes that can escalate privileges like user_id.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
how to permit one of the parameters to be arbitrary hash using strong_parameters?
strong parameters permit all attributes for nested attributes
Rails 4 Strong parameters : permit all attributes?
Rails 4 Strong Parameters opposite permit all attributes
Strong Parameters: How to permit parameters using conditions
Strong_parameters not working
strong_parameters in Rails using datetime
How to use Strong_Parameters in Rails 4 with Mongoid, if it throws Unpermitted parameters: (model_name) error on nested attributes
How to test strong_parameters in controller specs?
Unable to update or create records using POST with strong_parameters and nested attributes
Related Tags