class CommentPolicy < ApplicationPolicy
def permitted_attributes
%i[body]
end
def permitted_attributes_for_create
%i[body application_id]
end
end
class CommentController
def create
@comment = Comment.create(comment_attributes) # { body: 'body', application_id: 1 }
end
def update
@comment = Comment.find(params[:id])
@comment.update(comment_attributes) # { body: 'new body' }
end
private def comment_attributes
permitted_attributes(Comment)
end
end
From us to your inbox weekly.