6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"How to permit all attributes besides user_id using strong_parameters?\",\"text\":\"

I would like to use something like that:

\\n\\n

def answer_params\\n  params.require(:answer).permit!.without(:user_id)\\nend\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"tomekfranek\"},\"upvoteCount\":8,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

will this work?

\\n\\n

params.require(:answer).permit!.except(:user_id)\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"jvnill\"},\"upvoteCount\":13}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","ruby-on-rails",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ruby-on-rails/1","children":"ruby-on-rails"}]}],["$","span","ruby",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ruby/1","children":"ruby"}]}],["$","span","ruby-on-rails-4",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ruby-on-rails-4/1","children":"ruby-on-rails-4"}]}],["$","span","strong-parameters",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/strong-parameters/1","children":"strong-parameters"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/7ab9e122fe60cd9e7b2fa30636965625?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"tomekfranek","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1103892/tomekfranek","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"tomekfranek"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",7109]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"How to permit all attributes besides user_id using strong_parameters?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I would like to use something like that:

\n\n

def answer_params\n  params.require(:answer).permit!.without(:user_id)\nend\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",8]}],["$","p",null,{"children":["Views: ",2619]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","18039034",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/7da62639e8853d6eebae93c569fd254d?s=256&d=identicon&r=PG","alt":"Jason Kenney","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/665577/jason-kenney","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Jason Kenney"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",101]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

I just want to put this out here, whitelisting is not DRY. Imagine a JSON API for a document based entry that could have up to 100 (or more) attributes (key value pairs). Generally the only pieces you need concern with are attributes that can escalate privileges like user_id.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",5]}]}]]}],["$","div","15528745",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/fKzgt.jpg?s=256","alt":"jvnill","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/337166/jvnill","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"jvnill"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",29599]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

will this work?

\n\n

params.require(:answer).permit!.except(:user_id)\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",13]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","26306693",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/26306693","className":"text-blue-600 hover:underline","children":"Strong Parameters: How to permit parameters using conditions"}]}],["$","li","68692661",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/68692661","className":"text-blue-600 hover:underline","children":"Rails permit nested attribute"}]}],["$","li","61550173",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/61550173","className":"text-blue-600 hover:underline","children":"Rails 5 - Forbidden Attributes"}]}],["$","li","17810838",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/17810838","className":"text-blue-600 hover:underline","children":"strong parameters permit all attributes for nested attributes"}]}],["$","li","14033908",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14033908","className":"text-blue-600 hover:underline","children":"Rails 4 Strong parameters : permit all attributes?"}]}],["$","li","17945993",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/17945993","className":"text-blue-600 hover:underline","children":"Strong params rails 4 permitting params"}]}],["$","li","16246143",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/16246143","className":"text-blue-600 hover:underline","children":"Strong Parameters requiring an attribute"}]}],["$","li","31598726",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31598726","className":"text-blue-600 hover:underline","children":"how to allow all of the attributes of a model when"}]}],["$","li","31297655",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31297655","className":"text-blue-600 hover:underline","children":"Permit extra params in special cases with Strong Params in Rails 4"}]}],["$","li","30872461",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30872461","className":"text-blue-600 hover:underline","children":"How to permit strong params for nested attributes?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

How to permit all attributes besides user_id using strong_parameters?

Answers (2)

Related Questions