Added ability to disable or enable strong parameters via configuration, e.g:
StrongParameters.enabled = true
add ability to globally disable/enable strong parameters
What's the use case for this? Why would you include the strong parameters gem if you do not intend to use it?
parameters initialization should still set @permitted = false, even w…
…hen SP disabled
@dhh Thanks for asking! In ActiveAdmin primarily those using Rails 3.x will not be using SP, but we need a way to be able to test SP support in the Gem, specifically for this ticket in which we are trying to get a patch in to ActiveAdmin to support SP: activeadmin/activeadmin#1731
I think having the ability to disable SP will provide a way for projects to ease into using SP without having to have separate forks. There is a high probability that the way I went about making it configurable is not optimal. I'd be happy to try to improve it, but could use some light guidance if you think that would be a good direction. If there is a better way in general to address testing of optional inclusion of SP, please let me know. Thanks!
Gary, if your project can work either with or without Strong Parameters, you can just check whether the constant has been defined or not and let the user add the gem to his or her gemfile. I don't think you'd need a separate fork here.
@dhh ActiveAdmin currently works under the premise that SP is not used, and because there is no way that I know of to easily reload the environment to use a different Gem right in the middle of testing (but maybe there is), this is the easiest way I know of to get the job done. It isn't just a matter of testing whether SP is loaded or not, it is a matter of having SP working only for certain tests.
@dhh I understand. However, this will very likely come up again for others that want to use SP and want to ease the transition. Unless there is an alternative, then the projects seem to have to fork just to be able to test with and without SP. That does not seem like a good solution. So, what would you suggest?
I suggest that any project that wants to be able to operate both with and without strong parameters have the user add the gem to their gemfile and detect it by checking for the constant.
All this is a legacy concern anyway soon as Rails 4.0 will force strong parameters on everyone and you won't be able to turn it off.