Created
July 13, 2018 20:29
-
-
Save drewdeponte/b6f7559b6eeeb44e6140b570a4ba8250 to your computer and use it in GitHub Desktop.
Don't use params objects inside methods other than your controller action methods in web frameworks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################### BAD ######################## | |
class MembershipsControllerBad < ApplicationController | |
def create # the actual controller action | |
... | |
... | |
create_invite(@org, current_user, email, existing_user) | |
... | |
... | |
end | |
private | |
def create_invite(org, invitor, email, existing_user = nil) | |
... | |
... | |
# The internals of this method should know nothing about params object. It's job is to handle the creation of invitation and | |
# membership which is problem for another time. The action's purpose in life is specifically to be the bridge between the | |
# request and it's format and the business logic, not just pass that job on. | |
invite = Invitation.create!(email: email, organization_id: params[:membership][:organization_id]) | |
Membership.create!(user_id: user_id, organization_id: params[:membership][:organization_id], role: params[:membership][:role], pending: true, invitation_id: invite.id) | |
... | |
... | |
end | |
end | |
############## BETTER ############################ | |
class MembershipsControllerGood < ApplicationController | |
def create # the actual controller action | |
... | |
... | |
create_invite(@org, current_user, email, params[:membership][:role], existing_user) | |
... | |
... | |
end | |
private | |
# Note: There are lots of other things that should be improved about this method in my opinion. But, in terms of the specific | |
# topic this is the minimal change to make that improve without going down the rabbit hole of other impronvements. | |
def create_invite(org, invitor, email, role, existing_user = nil) | |
... | |
... | |
invite = Invitation.create!(email: email, organization_id: org.id) | |
Membership.create!(user_id: user_id, organization_id: org.id, role: role, pending: true, invitation_id: invite.id) | |
... | |
... | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment