Use Pundit Policies to manage permitted parameters, defaults and per action
2022年2月10日
To manage permitted params you can add permitted_attributes and permitted_attributes_for_#{action} in your policies e.g.
class CommentPolicy < ApplicationPolicy
def permitted_attributes
%i[body]
end
def permitted_attributes_for_create
%i[body application_id]
end
end
Then in your controller
class CommentController
def create
@comment = Comment.create(comment_attributes) # { body: 'body', application_id: 1 }
end
def update
@comment = Comment.find(params[:id])
@comment.update(comment_attributes) # { body: 'new body' }
end
private def comment_attributes
permitted_attributes(Comment)
end
end