rails Different strong parameters on create and update

20 Jul 2020
When using strong-parameters, sometimes you only want to enable a subset of the same parameters on create or edit. To achieve this, you can define 2 separate sets like this:
...
def post_create_params
	params[:posts].permit(:category_id, :title, :body)
end

def post_update_params
	params[:posts].permit(:title, :body)
end
...
But there is a neater way to achieve the same by utilising ActionController::Parameters#except:
...
def update
	@post.update(post_params.except(:category_id))
end

private
  def post_params
	params[:posts].permit(:category_id, :title, :body)
  end
...

I run an indie startup providing vulnerability scanning for your Ruby on Rails app. It is free to use at the moment, and I am grateful for any feedback about it.
If you would like to give it a spin, you can do it here: Vulnerability Scanning for your Ruby on Rails app!

Did you enjoy reading this? Follow me on Twitter or sign up to my newsletter for more content like this!

Related posts