Use Pundit Policies to manage permitted parameters, defaults and per action

To manage permitted params you can add permitted_attributes and permitted_attributes_for_#{action} in your policies e.g.

class CommentPolicy < ApplicationPolicy
  def permitted_attributes
    %i[body]
  end

  def permitted_attributes_for_create
    %i[body application_id]
  end
end

Then in your controller

class CommentController
  def create
    @comment = Comment.create(comment_attributes) # { body: 'body', application_id: 1 }
  end
 
  def update
    @comment = Comment.find(params[:id])
    @comment.update(comment_attributes) # { body: 'new body' }
  end
 
  private def comment_attributes
    permitted_attributes(Comment)
  end
end
11
Joe

Get our stories delivered

From us to your inbox weekly.