Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 

  • Rails 4 Strong parameter

    @nisha.pal
    Recommendations Offline Message

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 399
    Comment on it

    Rails 4 has many new features, and Strong parameter is one of them. Strong parameter allows us to choose attributes that can be whitelisted for mass assignment. In rails 3 we were doing this by listing accessible attributes in the model. But in rails 4 strong parameter are moving mass-assignment protection from model to controller.
    It provides an interface for protecting attributes from end-user assignment so that Action Controller parameters are restricted to be used in Active Model mass assignments until they have been whitelisted. For this it has two methods:


    1) require : It is used to mark the parameters as required.
    2) permit : It is used to describe which attriibutes are allowed for mass assignment.

    Lets explain this with an example:

    class UserController < ActionController::Base

  def create
    User.create(user_params)
  end

 
  def update
    user = User.find(params[:id])
    user.update_attributes(user_params)
    
  end

  private
   
    def user_params
      params.require(:user).permit(:name, :email)
    end
end

    If we try to use these attributes(name, email) directly without whitelisting in mass assignment, it will give ActiveModel::ForbiddenAttributesError.
    There is one difference between require and permit, require returns the actual value of the parameter, and permit returns the hash.

    For example:

    params = ActionController::Parameters.new(username: "john")
params.permit(:username)
# => { "username" => "john" }
params.require(:username)
# => "john"

    If we want to use accepts_nested_attributes_for with Strong Parameters, we need to specify in models, which nested attributes should be whitelisted.

    class User
  has_many :accounts
  accepts_nested_attributes_for :accounts
end


    Then mass-assign in controller:

    class UserController < ActionController::Base
  def create
    User.create(user_params)
  end

  private

    def user_params
      params.require(:user).permit(:name, :email, accounts_attributes: [ :id, :category ])
    end
end

    It provides two options that specify the behavior of any instances:

    1) permit_all_parameters - By default this option is false. but if it is set to true, all the parameters will be permitted by default.

    2) action_on_unpermitted_parameters -It specify what is need to be done when the parameters that are not permitted are mass-assigned. if the value of this option is set to :log, it will write a message on logger or if it is set to :raise, it will raise an ActionController::UnpermittedParameters exception.
    The default value is :log in test and development environments and false in other environments.

    Ruby on Rails strong parameters
    Comment on it

 0 Comment(s)

Sign In
Forgot Password?
                           OR                           
Create an account !!
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: