Gary Weaver
2012-Oct-03 18:46 UTC
Is there planned support for permitting params one at a time vs. all at once in strong_parameters/Rails 4?
Was going to have a variety of request params sent in and use a class_attribute that would define types of request parameters that are allowed. strong_parameters wouldn''t be too much trouble in such a case if it would allow me to manually permit some attributes (dynamically determined) in the controller but allow strong_parameters to enforce security of others. Is this something that has been discussed before that someone could point me to or is this something under consideration? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-core/-/SNmxheJF_I4J. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Jesse Wolgamott
2012-Oct-03 20:07 UTC
Re: Re: Is there planned support for permitting params one at a time vs. all at once in strong_parameters/Rails 4?
Yes, strong_parameters can be dynamic --- there was a slight gotcha on the permits for strong_parameters, so I created a gist example showing how it can happen (delegating out to the Post model in this case). https://gist.github.com/3829489 There''s also no reason you couldn''t continue to use remove a subset of parameters in your controller. =========================Jesse Wolgamott @ Comal Productions, LLC. Web. Mobile. Design. Training. @jwo http://comalproductions.com On Wednesday, October 3, 2012 at 2:15 PM, Gary Weaver wrote:> Actually this probably won''t affect us as I thought earlier, but am still curious if permit might eventually support one at a time definition instead of all at once. Thanks! > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. > To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-core/-/dSYM4-P8GkkJ. > To post to this group, send email to rubyonrails-core@googlegroups.com (mailto:rubyonrails-core@googlegroups.com). > To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com (mailto:rubyonrails-core+unsubscribe@googlegroups.com). > For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Reasonably Related Threads
- Optimistic Locking Enhancements: Gem or Core?
- Rails 4 and HABTM Checkboxes: Unpermitted parameters error
- active_model_serializers, more than one level deep of associations, specifying serializers per association
- I think I've found a mistake in Rails tutorial
- attr_accessible on some properties + attr_protected on others makes class 'open-by-default'