Rails 4 Strong parameters : permit all attributes?
I'm building a web app with Rails 4 strong parameters.
When building the admin back office controllers, I wonder what is the best way to permit all the model attributes?
For now, I wrote this:
def user_params
params.require(:user).permit(User.fields.keys)
end
Do you think of a better way?
You can call the bang version of permit.
params.require(:user).permit!
Strong Params README on Github
Source code for reference:
def permit!
each_pair do |key, value|
convert_hashes_to_parameters(key, value)
self[key].permit! if self[key].respond_to? :permit!
end
@permitted = true
self
end
Just in case someone need it for Rails 6, without even a model linked to your controller, you can use:
before_action :accept_all_params
private
def accept_all_params
params.permit!
end
And done, now you can play with 🔥 as much as you want!
Skull0inc's answer works, but you might want to remove created_at
and updated_at
. The intention of strong params is to list only the attributes you want updatable by the controller.
Something like...
def user_params
params.require(:user).permit(User.column_names - ["created_at", "updated_at"])
end