Permalink
Browse files

Merge pull request #260 from taavo/strong_parameters

Integrate with strong_parameters
  • Loading branch information...
joelmoss committed Mar 25, 2013
2 parents 3e0dd52 + 9cf7d73 commit 995e28240918f247c3553b5b92ccc4a225c39fcf
View
@@ -539,6 +539,16 @@ And then you can rewrite the last example as:
end
end
+== Strong Parameters
+
+If your controller defines a method named permitted_params, Inherited Resources will call it where it would normally call params. This allows for easy integration with the strong_parameters gem:
+
+ def permitted_params
+ params.permit(:widget => [:permitted_field, :other_permitted_field])
+ end
+
+Note that this doesn't work if you use strong_parameters' require method instead of permit, because whereas permit returns the entire sanitized parameter hash, require returns only the sanitized params below the parameter you required.
+
== Bugs and Feedback
If you discover any bugs, please describe it in the issues tracker, including Rails and Inherited Resources versions.
@@ -305,7 +305,8 @@ def resource_params
# extract attributes from params
def build_resource_params
- rparams = [params[resource_request_name] || params[resource_instance_name] || {}]
+ parameters = respond_to?(:permitted_params) ? permitted_params : params
+ rparams = [parameters[resource_request_name] || parameters[resource_instance_name] || {}]
if without_protection_given?
rparams << without_protection
else
@@ -0,0 +1,34 @@
+require File.expand_path('test_helper', File.dirname(__FILE__))
+
+class Widget
+ extend ActiveModel::Naming
+end
+
+class WidgetsController < InheritedResources::Base
+end
+
+class StrongParametersTest < ActionController::TestCase
+ def setup
+ @controller = WidgetsController.new
+ @controller.stubs(:widget_url).returns("/")
+ @controller.stubs(:permitted_params).returns(:widget => {:permitted => 'param'})
+ end
+
+ def test_permitted_params_from_new
+ Widget.expects(:new).with(:permitted => 'param')
+ get :new, :widget => { :permitted => 'param', :prohibited => 'param' }
+ end
+
+ def test_permitted_params_from_create
+ Widget.expects(:new).with(:permitted => 'param').returns(mock(:save => true))
+ post :create, :widget => { :permitted => 'param', :prohibited => 'param' }
+ end
+
+ def test_permitted_params_from_update
+ mock_widget = mock
+ mock_widget.stubs(:class).returns(Widget)
+ mock_widget.expects(:update_attributes).with(:permitted => 'param')
+ Widget.expects(:find).with('42').returns(mock_widget)
+ put :update, :id => '42', :widget => {:permitted => 'param', :prohibited => 'param'}
+ end
+end
No changes.

0 comments on commit 995e282

Please sign in to comment.