Was going to have a variety of request params sent in and use a class_attribute that would define types of request parameters that are allowed. strong_parameters wouldn’t be too much trouble in such a case if it would allow me to manually permit some attributes (dynamically determined) in the controller but allow strong_parameters to enforce security of others.
Is this something that has been discussed before that someone could point me to or is this something under consideration?
Actually this probably won’t affect us as I thought earlier, but am still curious if permit might eventually support one at a time definition instead of all at once. Thanks!
Yes, strong_parameters can be dynamic — there was a slight gotcha on the permits for strong_parameters, so I created a gist example showing how it can happen (delegating out to the Post model in this case).
https://gist.github.com/3829489
There’s also no reason you couldn’t continue to use remove a subset of parameters in your controller.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks