Created
May 13, 2015 19:11
-
-
Save gilesbowkett/8e62e5f3c77572b2e49b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PeopleController < ActionController::Base | |
| # This will raise an ActiveModel::ForbiddenAttributes exception because it's using mass assignment | |
| # without an explicit permit step. | |
| def create | |
| Person.create(params[:person]) | |
| end | |
| # This will pass with flying colors as long as there's a person key in the parameters, otherwise | |
| # it'll raise a ActionController::MissingParameter exception, which will get caught by | |
| # ActionController::Base and turned into that 400 Bad Request reply. | |
| def update | |
| redirect_to current_account.people.find(params[:id]).tap do |person| | |
| person.update_attributes!(person_params) | |
| end | |
| end | |
| private | |
| # Using a private method to encapsulate the permissible parameters is just a good pattern | |
| # since you'll be able to reuse the same permit list between create and update. Also, you | |
| # can specialize this method with per-user checking of permissible attributes. | |
| def person_params | |
| params.required(:person).permit(:name, :age) | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment