I would like to use something like that:
def answer_params
params.require(:answer).permit!.without(:user_id)
end
这会有用吗?
params.require(:answer).permit!.except(:user_id)
I just want to put this out here, whitelisting is not DRY. Imagine a JSON API for a document based entry that could have up to 100 (or more) attributes (key value pairs). Generally the only pieces you need concern with are attributes that can escalate privileges like user_id.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.