diff options
| author | Paul Nikitochkin <paul.nikitochkin@gmail.com> | 2013-06-29 23:03:27 +0300 |
|---|---|---|
| committer | Paul Nikitochkin <paul.nikitochkin@gmail.com> | 2013-06-30 13:34:11 +0300 |
| commit | bb8f0b401dbca655b203bbbf1f795e3612ae4634 (patch) | |
| tree | 34f476630f78a0dc3e15b0f0bea0d9ac04a76d87 /guides | |
| parent | 08f8c8aa52d7cefed7b8fb0ae2cffa3d77d3895f (diff) | |
| download | rails-bb8f0b401dbca655b203bbbf1f795e3612ae4634.tar.gz rails-bb8f0b401dbca655b203bbbf1f795e3612ae4634.tar.bz2 rails-bb8f0b401dbca655b203bbbf1f795e3612ae4634.zip | |
Synchronize PostController#create code from 5.6 to others sections. [ci skip]
Fixed `permit` using for comments.
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/source/getting_started.md | 43 |
1 files changed, 34 insertions, 9 deletions
diff --git a/guides/source/getting_started.md b/guides/source/getting_started.md index 2574a2c111..6677d5e5c0 100644 --- a/guides/source/getting_started.md +++ b/guides/source/getting_started.md @@ -612,11 +612,16 @@ we want to accept in our controllers. In this case, we want to allow the look like this: ``` - def create - @post = Post.new(params[:post].permit(:title, :text)) +def create + @post = Post.new(post_params) - @post.save - redirect_to @post + @post.save + redirect_to @post +end + +private + def post_params + params.require(:post).permit(:title, :text) end ``` @@ -767,7 +772,7 @@ def new end def create - @post = Post.new(params[:post].permit(:title, :text)) + @post = Post.new(post_params) if @post.save redirect_to @post @@ -775,6 +780,11 @@ def create render 'new' end end + +private + def post_params + params.require(:post).permit(:title, :text) + end ``` The `new` action is now creating a new instance variable called `@post`, and @@ -905,12 +915,17 @@ Next we need to create the `update` action in `app/controllers/posts_controller. def update @post = Post.find(params[:id]) - if @post.update(params[:post].permit(:title, :text)) + if @post.update(post_params) redirect_to @post else render 'edit' end end + +private + def post_params + params.require(:post).permit(:title, :text) + end ``` The new method, `update`, is used when you want to update a record @@ -918,6 +933,8 @@ that already exists, and it accepts a hash containing the attributes that you want to update. As before, if there was an error updating the post we want to show the form back to the user. +We reuse the `post_params` method that we defined earlier for the create action. + TIP: You don't need to pass all attributes to `update`. For example, if you'd call `@post.update(title: 'A new title')` Rails would only update the `title` attribute, leaving all other @@ -1303,9 +1320,14 @@ Let's wire up the `create` in `app/controllers/comments_controller.rb`: class CommentsController < ApplicationController def create @post = Post.find(params[:post_id]) - @comment = @post.comments.create(params[:comment].permit(:commenter, :body)) + @comment = @post.comments.create(comment_params) redirect_to post_path(@post) end + + private + def comment_params + params.require(:comment).permit(:commenter, :body) + end end ``` @@ -1527,10 +1549,9 @@ controller (`app/controllers/comments_controller.rb`): ```ruby class CommentsController < ApplicationController - def create @post = Post.find(params[:post_id]) - @comment = @post.comments.create(params[:comment]) + @comment = @post.comments.create(comment_params) redirect_to post_path(@post) end @@ -1541,6 +1562,10 @@ class CommentsController < ApplicationController redirect_to post_path(@post) end + private + def comment_params + params.require(:comment).permit(:commenter, :body) + end end ``` |