Skip to content

Instantly share code, notes, and snippets.

@International
Created November 25, 2012 19:01
Show Gist options
  • Save International/4144807 to your computer and use it in GitHub Desktop.
Save International/4144807 to your computer and use it in GitHub Desktop.
class PeopleController < ActionController::Base
# This will raise an ActiveModel::ForbiddenAttributes exception because it's using mass assignment
# without an explicit permit step.
def create
Person.create(params[:person])
end
# This will pass with flying colors as long as there's a person key in the parameters, otherwise
# it'll raise a ActionController::MissingParameter exception, which will get caught by
# ActionController::Base and turned into that 400 Bad Request reply.
def update
redirect_to current_account.people.find(params[:id]).tap { |person|
person.update_attributes!(person_params)
}
end
private
# Using a private method to encapsulate the permissible parameters is just a good pattern
# since you'll be able to reuse the same permit list between create and update. Also, you
# can specialize this method with per-user checking of permissible attributes.
def person_params
params.require(:person).permit(:name, :age)
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment