Skip to content
Stairway B edited this page Jan 28, 2018 · 2 revisions

Strong parameters

PunditRoles makes it easy to handle role-based strong params:

def create
  authorize! User # you will need to authorize the model first, in order to get the permitted attributes
  @user = User.new(create_params)
  if @user.save!
    render jsonapi: @user, fields: {users: permitted_show_attributes}
  end
end

# update also works for associated models
def update
  user = User.where(id: params[:id]).includes([:followers, {posts: [:comments]}]).first
  authorize!(user, associations: [:followers, {posts: [:comments]}])
  if user.update!(update_params)
    render jsonapi: user, include: permitted_show_associations, fields: permitted_show_attributes
  end
end

private
  
def create_params
  params.require(:users).permit(permitted_create_attributes)
end

def update_params
  params.require(:users).permit(permitted_update_attributes)
end
Clone this wiki locally