add support for controller-based param whitelisting (ala strong parameters)

lib/inherited_resources/base_helpers.rb

@@ -305,7 +305,7 @@ def resource_params
 
       # extract attributes from params
       def build_resource_params
-        rparams = [params[resource_request_name] || params[resource_instance_name] || {}]
+        rparams = [whitelisted_params || params[resource_request_name] || params[resource_instance_name] || {}]
         if without_protection_given?
           rparams << without_protection
         else
@@ -315,6 +315,11 @@ def build_resource_params
         rparams
       end
 
+      def whitelisted_params
+        whitelist_method = :"#{ resource_request_name }_params"
+        respond_to?(whitelist_method, true) && self.send(whitelist_method)
+      end
+
       # checking if role given
       def role_given?
         self.resources_configuration[:self][:role].present?

test/base_test.rb

@@ -18,6 +18,12 @@ def apply_scopes(object)
     @scopes_applied = true
     object
   end
+
+private
+
+  def user_params
+    (params[:user] || {}).slice(:these)
+  end
 end
 
 module UserTestHelper
@@ -195,6 +201,12 @@ def test_expose_a_newly_create_user_when_saved_with_success_and_without_protecti
     @controller.class.send(:without_protection, nil)
   end
 
+  def test_supports_convention_for_constructing_whitelisted_resource_params
+    User.expects(:new).with({'these' => 'params'}).returns(mock_user(:save => true))
+    post :create, :user => {:these => 'params', :those => 'params'}
+    assert_equal mock_user, assigns(:user)
+  end
+
   def test_redirect_to_the_created_user
     User.stubs(:new).returns(mock_user(:save => true))
     @controller.expects(:resource_url).returns('http://test.host/')