evanleck/allows.rb

## allows.rb
#
# A way to whitelist parameters.
#
#   get '/', allows: [:id, :action] do
#     erb :index
#   end
#
# Modifies the parameters available in the request scope.
# Stashes unmodified params in @_params
#
app.set(:allows) do |*passable|
  condition do
    unless @params.empty?
      @_params = @_params || @params # for safety
      globals  = settings.globally_allowed_parameters
      passable = (globals | passable).map(&:to_sym) # make sure it's a symbol

      # trim the params down
      @params = @params.select do |param, _value|
        passable.include?(param.to_sym)
      end
    end
  end
end
	#
	# A way to whitelist parameters.
	#
	# get '/', allows: [:id, :action] do
	# erb :index
	# end
	#
	# Modifies the parameters available in the request scope.
	# Stashes unmodified params in @_params
	#
	app.set(:allows) do \|*passable\|
	condition do
	unless @params.empty?
	@_params = @_params \|\| @params # for safety
	globals = settings.globally_allowed_parameters
	passable = (globals \| passable).map(&:to_sym) # make sure it's a symbol

	# trim the params down
	@params = @params.select do \|param, _value\|
	passable.include?(param.to_sym)
	end
	end
	end
	end