articles Different strong parameters on create and update
20 Jul 2020
Are you eager to elevate your security skills and safeguard your applications
against cyber threats? I created a Rails Security course is designed
specifically for developers like you who aim to build robust, secure Rails
applications!
Buy my course: Security for Rails Developers.
When using strong-parameters, sometimes you only want to enable a subset of the same parameters on create or edit. To achieve this, you can define 2 separate sets like this:
Buy my course: Security for Rails Developers.
...
def post_create_params
params[:posts].permit(:category_id, :title, :body)
end
def post_update_params
params[:posts].permit(:title, :body)
end
...ActionController::Parameters#except:
...
def update
@post.update(post_params.except(:category_id))
end
private
def post_params
params[:posts].permit(:category_id, :title, :body)
end
...Or follow me on Twitter
I run an indie startup providing vulnerability scanning for your Ruby on Rails app.
It is free to use at the moment, and I am grateful for any feedback about it.If you would like to give it a spin, you can do it here: Vulnerability Scanning for your Ruby on Rails app!
