Strategies: Use with strong_parameters

Joshua Davey edited this page May 15, 2013 · 8 revisions

This functionality is now built in.

If you're using Rails 4 or the strong_parameters gem, just add the following to your ApplicationController:

class ApplicationController
  # ...
  decent_configuration do
    strategy DecentExposure::StrongParametersStrategy
  end
end

Note: This strategy does not automatically assign attributes for you. Any exposure that you want to receive attribute assignment should mention a attributes method:

class FooController
  expose(:foo)
  expose(:bar, attributes: :bar_params)

  private

  def bar_params
    params.require(:bar).permit!
  end
end

In the controller above, bar would get attributes assigned on PUT, POST, and PATCH requests, while foo would not. Using this particular strategy requires opt-in attribute assignment.

Transitioning from Rails 3

If you are transitioning from Rails 3 and/or DecentExposure::ActiveRecordWithEagerAttributes, you might consider implementing a custom strategy:

class ApplicationController
  # ...
  class StrongParametersWithEagerAttributesStrategy < DecentExposure::StrongParametersStrategy
    def attributes
      super
      @attributes ||= params[inflector.param_key] || {}
    end
  end

  decent_configuration do
    strategy StrongParametersWithEagerAttributesStrategy
  end
end

This will raise ActiveModel::ForbiddenAttributesError for exposures that are receiving attributes, but for which you have not implemented a strong_parameters-style private method.