diff options
author | Francesco Rodriguez <lrodriguezsanc@gmail.com> | 2012-10-18 12:44:28 -0500 |
---|---|---|
committer | Francesco Rodriguez <lrodriguezsanc@gmail.com> | 2012-10-18 12:44:28 -0500 |
commit | 2834454de720808ecefa2b0f09261af4cb4a6c4d (patch) | |
tree | 1e8629dacfe7fa503b207fdb6af25195334a967c /actionpack | |
parent | f069ec162fe92523eb5f0e8c0139005fed671a0c (diff) | |
download | rails-2834454de720808ecefa2b0f09261af4cb4a6c4d.tar.gz rails-2834454de720808ecefa2b0f09261af4cb4a6c4d.tar.bz2 rails-2834454de720808ecefa2b0f09261af4cb4a6c4d.zip |
add a nested attributes example into Strong Parameters documentation [ci skip]
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 37 |
1 files changed, 31 insertions, 6 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index c01367c51f..e4d6b65d9a 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -19,13 +19,13 @@ module ActionController end end - # == Action Controller Parameters + # == Action Controller \Parameters # # Allows to choose which attributes should be whitelisted for mass updating # and thus prevent accidentally exposing that which shouldn’t be exposed. # Provides two methods for this purpose: #require and #permit. The former is # used to mark parameters as required. The latter is used to set the parameter - # as permitted and limit which attributes should be allowed for mass updating. + # as permitted and limit which attributes should be allowed for mass updating. # # params = ActionController::Parameters.new({ # person: { @@ -77,12 +77,12 @@ module ActionController # # params = ActionController::Parameters.new(name: 'Francesco') # params.permitted? # => false - # Person.new(params) # => ActiveModel::ForbiddenAttributesError + # Person.new(params) # => ActiveModel::ForbiddenAttributesError # # ActionController::Parameters.permit_all_parameters = true # # params = ActionController::Parameters.new(name: 'Francesco') - # params.permitted? # => true + # params.permitted? # => true # Person.new(params) # => #<Person id: nil, name: "Francesco"> def initialize(attributes = nil) super(attributes) @@ -141,8 +141,8 @@ module ActionController alias :required :require # Returns a new <tt>ActionController::Parameters</tt> instance that - # includes only the given +filters+ and sets the +permitted+ for the - # object to +true+. This is useful for limiting which attributes + # includes only the given +filters+ and sets the +permitted+ attribute + # for the object to +true+. This is useful for limiting which attributes # should be allowed for mass updating. # # params = ActionController::Parameters.new(user: { name: 'Francesco', age: 22, role: 'admin' }) @@ -315,6 +315,31 @@ module ActionController # end # end # + # In order to use <tt>accepts_nested_attribute_for</tt> with Strong \Parameters, you + # will need to specify which nested attributes should be whitelisted. + # + # class Person + # has_many :pets + # accepts_nested_attributes_for :pets + # end + # + # class PeopleController < ActionController::Base + # def create + # Person.create(person_params) + # end + # + # ... + # + # private + # + # def person_params + # # It's mandatory to specify the nested attributes that should be whitelisted. + # # If you use `permit` with just the key that points to the nested attributes hash, + # # it will return an empty hash. + # params.require(:person).permit(:name, :age, pets_attributes: { :name, :category }) + # end + # end + # # See ActionController::Parameters.require and ActionController::Parameters.permit # for more information. module StrongParameters |