diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2013-03-27 07:54:21 -0700 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2013-03-27 07:54:21 -0700 |
| commit | 2a0534345cffb3ad8d3a082f622b8b3d4c290601 (patch) | |
| tree | 2959209e280a23137659a5935f98fec416e2bcf4 | |
| parent | 4a6059b7434af885a51c56cc9ebf1774c547ff9f (diff) | |
| parent | 1a5c3f49f1fa5b9e54979a7b665e5764a657b61e (diff) | |
| download | rails-2a0534345cffb3ad8d3a082f622b8b3d4c290601.tar.gz rails-2a0534345cffb3ad8d3a082f622b8b3d4c290601.tar.bz2 rails-2a0534345cffb3ad8d3a082f622b8b3d4c290601.zip | |
Merge pull request #9947 from senny/strong_params_doc_for_complex_forms
mention strong parameters in complex forms section of the guides.
| -rw-r--r-- | guides/source/form_helpers.md | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/guides/source/form_helpers.md b/guides/source/form_helpers.md index b8681d493a..817a732051 100644 --- a/guides/source/form_helpers.md +++ b/guides/source/form_helpers.md @@ -906,7 +906,21 @@ If the associated object is already saved, `fields_for` autogenerates a hidden i ### The Controller -You do not need to write any specific controller code to use nested attributes. Create and update records as you would with a simple form. +As usual you need to +[whitelist the parameters](action_controller_overview.html#strong-parameters) in +the controller before you pass them to the model: + +```ruby +def create + @person = Person.new(person_params) + # ... +end + +private +def person_params + params.require(:person).permit(:name, addresses_attributes: [:id, :kind, :street]) +end +``` ### Removing Objects @@ -937,6 +951,16 @@ If the hash of attributes for an object contains the key `_destroy` with a value <% end %> ``` +Don't forget to update the whitelisted params in your controller to also include +the `_destroy` field: + +```ruby +def person_params + params.require(:person). + permit(:name, addresses_attributes: [:id, :kind, :street, :_destroy]) +end +``` + ### Preventing Empty Records It is often useful to ignore sets of fields that the user has not filled in. You can control this by passing a `:reject_if` proc to `accepts_nested_attributes_for`. This proc will be called with each hash of attributes submitted by the form. If the proc returns `false` then Active Record will not build an associated object for that hash. The example below only tries to build an address if the `kind` attribute is set. |