Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
nawras nabil
4,820 PointsStrong Parameters
Greetings, I am sort of a beginner in using rails. I noticed that there is an issue with the attr_accessible due to releasing a newer version of rails. In the current version of rails all attributes are simply accessible without any restriction. After reading some material, I realized that there is a new feature called strong_parameters (which is installed by default in Ruby 4.1) that can be used in to restrict the attribute we want.
Would anybody please explain how can we use strong parameters to restrict certain parameter like :content (for example).
1 Answer
Kang-Kyu Lee
52,045 PointsHi Nawras, I also read some material, strong parameters gem has been installed by default since Rails 4, and it makes the logic simpler than attr_accessible. And your question might be.. we can make this private method like,
private
def article_params
if current_user
params.require(:article).permit(:title, :content)
else
params.require(:article).permit(:title)
end
end
Twiz T
12,588 PointsTwiz T
12,588 PointsCan't you just remove that param in the associated controller?
So something like this
becomes
with the content attribute removed after the permit call.
Rails 4 has moved sanitization of the parameters from the model to the controller level. strong params