aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb')
-rw-r--r--railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb16
1 files changed, 14 insertions, 2 deletions
diff --git a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
index b3e74f9b02..5d038d20e7 100644
--- a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
+++ b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
@@ -45,7 +45,7 @@ class <%= controller_class_name %>Controller < ApplicationController
# POST <%= route_url %>
# POST <%= route_url %>.json
def create
- @<%= singular_table_name %> = <%= orm_class.build(class_name, "params[:#{singular_table_name}]") %>
+ @<%= singular_table_name %> = <%= orm_class.build(class_name, "#{singular_table_name}_params") %>
respond_to do |format|
if @<%= orm_instance.save %>
@@ -64,7 +64,7 @@ class <%= controller_class_name %>Controller < ApplicationController
@<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
respond_to do |format|
- if @<%= orm_instance.update_attributes("params[:#{singular_table_name}]") %>
+ if @<%= orm_instance.update_attributes("#{singular_table_name}_params") %>
format.html { redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully updated.'" %> }
format.json { head :no_content }
else
@@ -85,5 +85,17 @@ class <%= controller_class_name %>Controller < ApplicationController
format.json { head :no_content }
end
end
+
+ private
+
+ # Use this method to whitelist the permissible parameters. Example: params.require(:person).permit(:name, :age)
+ # Also, you can specialize this method with per-user checking of permissible attributes.
+ def <%= "#{singular_table_name}_params" %>
+ <%- if attributes.empty? -%>
+ params[<%= ":#{singular_table_name}" %>]
+ <%- else -%>
+ params.require(<%= ":#{singular_table_name}" %>).permit(<%= attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>)
+ <%- end -%>
+ end
end
<% end -%>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 02:22:44 +0000