OOZOU
與我們聯繫
Back to TIL
ruby on rails

Use Pundit Policies to manage permitted parameters, defaults and per action

February 10, 2022

To manage permitted params you can add permitted_attributes and permitted_attributes_for_#{action} in your policies e.g.

class CommentPolicy < ApplicationPolicy
  def permitted_attributes
    %i[body]
  end

  def permitted_attributes_for_create
    %i[body application_id]
  end
end

Then in your controller

class CommentController
  def create
    @comment = Comment.create(comment_attributes) # { body: 'body', application_id: 1 }
  end
 
  def update
    @comment = Comment.find(params[:id])
    @comment.update(comment_attributes) # { body: 'new body' }
  end
 
  private def comment_attributes
    permitted_attributes(Comment)
  end
end

More on ruby on rails

ruby on railsJanuary 31, 2022

Use `requestSubmit` for form submits with Turbo

Turbo listens to submit events on form.  Hence, always use requestSubmit to submit  a form using JS.

ruby on railsJanuary 19, 2022

Ignore bundled gems for Rubocop and ESLint in GitHub Actions

Rails projects will often install gems into the vendor directory in GitHub actions so we can cache them for the consecutive runs.

ruby on railsApril 18, 2021

Rails 6, Ruby 3, Bootstrap 5 and Hotwire

Extending the blogpost from Bootrails with Hotwire: All the fancy new things (as of when I'm writing this TIL):

有專案構想嗎?

我們很樂意聆聽您正在打造的產品。

開始對話hello@oozou.com
OOZOU Logo

曼谷 · 新加坡 · 香港

X
Facebook
Instagram
LinkedIn

服務

  • Web 開發
  • AI 與生成式 AI 解決方案
  • 行動應用程式開發
  • 資料分析與工程
  • UI/UX 設計與產品設計
  • 數位轉型

公司

  • 關於我們
  • 職涯
  • 部落格
  • 白皮書
  • 案例研究
  • Today I Learned
  • 聯繫我們

更多

  • 產業
  • 索取報價
  • 合作夥伴網絡
© 2026 OOZOU. 版權所有。
隱私政策行為準則反賄賂反貪腐政策