Strategies: Use with strong_parameters

Matt Polito edited this page Apr 13, 2017 · 9 revisions

NOTICE - This is only valid for versions < 3

This functionality is now built in.

If you're using Rails 4 or the strong_parameters gem, just add the following to your ApplicationController:

class ApplicationController
  # ...
  decent_configuration do
    strategy DecentExposure::StrongParametersStrategy
  end
end

Note: This strategy does not automatically assign attributes for you. Any exposure that you want to receive attribute assignment should mention a attributes method:

class FooController
  expose(:foo)
  expose(:bar, attributes: :bar_params)

  private

  def bar_params
    params.require(:bar).permit!
  end
end

In the controller above, bar would get attributes assigned on PUT, POST, and PATCH requests, while foo would not. Using this particular strategy requires opt-in attribute assignment.

Transitioning from Rails 3

If you are transitioning from Rails 3 and/or DecentExposure::ActiveRecordWithEagerAttributes, you might consider implementing a custom strategy:

class ApplicationController
  # ...
  class StrongParametersWithEagerAttributesStrategy < DecentExposure::StrongParametersStrategy
    def attributes
      super
      @attributes ||= params[inflector.param_key] || {}
    end
  end

  decent_configuration do
    strategy StrongParametersWithEagerAttributesStrategy
  end
end

This will raise ActiveModel::ForbiddenAttributesError for exposures that are receiving attributes, but for which you have not implemented a strong_parameters-style private method.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.