All geek questions in one place

Should we use strong parameters when updating only one attribute?

I am working on a Rails application, and I have several actions (#delete_later, #ban_later, etc.), where I set only one attribute from the request parameter (in particular, the field reasonto perform this action).

I was wondering if it was ok to do this:

def ban_later
  @object.reason = params[:object][:reason]
  @object.save
end

Or is it better to use strong parameters even in this situation?

def ban_later
  @object.reason = object_params[:reason]
  @object.save
end

private
  def object_params
    params.require(:object).permit(:permitted_1, :permitted_2, :reason)
  end

Which of these solutions is the best? If none of them are, then what is the best solution for my problem?

Later Edit:

#ban_later, #delete_later status, , params. , "pending_delete", #delete_later "pending_ban", #ban_later.

#save, update_attributes ? , if @object.save. ( ) , @object.

+4
4

.

-, - , , , .

1-, .

+1

, params , model#create, _ .

, , . ban_later , . : " params - ban_later, ?".

, params.

_, :

  • .
  • .
+1

, update_attributes? (update_attribute )

def ban_later
  @object.update_attributes reason: params(:reason)
end

private

def params params
    params = %i(:permitted_1, :permitted_2, :permitted_3) unless params
    params.require(:object).permit params
end

ReggieB update:

def ban_later
    @object.update reason: params(:reason)
end

, , (IE mass-assignment ..). , .

, , (IE , ), .

, , , .

, , params. , , , , .

+1

, update ? . (, , - )

def ban_later
  @object.update(object_params)
  # dont forget validation check
end

private
  def object_params
    params.require(:object).permit(:permitted_1, :permitted_2, :reason)
  end

updateble.

+1

Source: https://habr.com/ru/post/1611373/

More articles:


All Articles