Skip to content

Instantly share code, notes, and snippets.

@seanbehan

seanbehan/gist:1975650

Forked from dhh/gist:1975644
Created March 5, 2012 00:36
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save seanbehan/1975650 to your computer and use it in GitHub Desktop.
Save seanbehan/1975650 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.rb
class PostsController < ActionController::Base
def create
Post.create(post_params)
end
def update
Post.find(params[:id]).update_attributes!(post_params)
end
private
def post_params
params[:post].slice(:title, :content)
end
end
@seanbehan
Copy link
Author

or the inverse...

class PostsController < ActionController::Base
private
  def post_params
    params[:post].except(:created_at)
  end
end

@JDutil
Copy link

JDutil commented Mar 5, 2012

It's better practice to maintain a whitelist w/slice than a blacklist in case new fields are added in the future that you don't want people to have access too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment