-
Notifications
You must be signed in to change notification settings - Fork 0
Strong parameters
Stairway B edited this page Jan 28, 2018
·
2 revisions
PunditRoles makes it easy to handle role-based strong params:
def create
authorize! User # you will need to authorize the model first, in order to get the permitted attributes
@user = User.new(create_params)
if @user.save!
render jsonapi: @user, fields: {users: permitted_show_attributes}
end
end
# update also works for associated models
def update
user = User.where(id: params[:id]).includes([:followers, {posts: [:comments]}]).first
authorize!(user, associations: [:followers, {posts: [:comments]}])
if user.update!(update_params)
render jsonapi: user, include: permitted_show_associations, fields: permitted_show_attributes
end
end
private
def create_params
params.require(:users).permit(permitted_create_attributes)
end
def update_params
params.require(:users).permit(permitted_update_attributes)
end