Reputation: 26048
Rails 4 strong parameters
It seems to be funny how Rails 4 deals with strong parameters:
def UsersController < ActionController::Base
def update
@user = current_user
if @user.update_attributes(user_profile_parameters)
redirect_to home_path, notice: "Your profile has been successfully updated."
else
render action: "edit"
end
end
private
def user_profile_parameters
params.require(:user).permit(:name, :password, :password_confirmation, :email)
end
end
I wonder, isn't it possible in Rails 3? Yes, instead of only 1 line, it would take 3 lines, perhaps. But, there is nothing new there, it's just a manually created list of allowed parameters, in fact, it's just a hash, isn't it? Or is there any more deep purpose in it?
Upvotes: 3
Views: 11007
Answers (3)
Reputation: 2283
I wonder, isn't it possible in Rails 3?
Yes, You can use this gem to use strong parameters in rails 3.
it's just a hash, isn't it?
Yes, the params are just a hash.
Or is there any more deep purpose in it?
I think where you're getting at is that we're having to write more code to do the same thing. It may seem that way if you're doing some basic work, but things start to get tricky once you start to customize authorization and make things a bit more dynamic.
One issue is that attr_accessible isn't very flexible. Strong parameters fixes that.
I believe strong parameters is a way to make you more conscious and give you more control over your data. A way to give you some documentation over the data with which records are being created.
Make sense?
Upvotes: 3
Reputation: 1511
From the official blog
We're exploring a new way to deal with mass-assignment protection in Rails. Or actually, it's not really a new way, it's more of an extraction of established practice with some vinegar mixed in for when you forget.
This new approach is an extraction of the slice pattern and we're calling the plugin for it strong_parameters (already available as a gem as well). The basic idea is to move mass-assignment protection out of the model and into the controller where it belongs.
The whole point of the controller is to control the flow between user and application, including authentication, authorization, and as part of that access control. We should never have put mass-assignment protection into the model, and many people stopped doing so long ago with a move to the slice pattern or a variation there of. It's time to extract that pattern and bring it to the people.
To use it in Rails 3 you can use the strong parameters gem and follow the instructions there.
Upvotes: 6
Reputation: 3656
I guess it existed way(way way before) before the release of rails 4 as a separate gem https://github.com/rails/strong_parameters
rails 4 have it by default ,if you want to use it with rails 3 , just get the gem in your gemfile and get going :).
on the github link of the gem , they also have written awesome documentaion on how to use it , so i guess you should not have any problems using it.
And ofcourse there is nothing new in it , you can do this filtering manually by writing your own filters and things may get a bit tricky with deeply nested hashes and array inside the hashes and if the keys of the hashes are dynamically created(not fixed)
""Yes, instead of only 1 line, it would take 3 lines"" and thats what most of the gems do , and we use them instead of reinventing the wheel and just concentating on our business logic.
Upvotes: 12
Related Questions
- Strong Parameters and Nested Parameters - Rails 4
- Ruby on Rails 5 strong parameters
- how to write strong parameters in rails
- rails 4 using strong parameters with no controller
- How to implement strong parameters in Rails 4
- Rails 4 strong parameters without required parameters
- Strong Parameters Rails 4.1
- How to use strong parameters on ruby on rails?
- Strong parameters in Ruby
- How to use strong parameters in Rails 4?