Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Ruby Build a Simple Ruby on Rails Application Customizing Forms Creating Relationships

nawras nabil
nawras nabil
4,820 Points

Strong Parameters

Greetings, I am sort of a beginner in using rails. I noticed that there is an issue with the attr_accessible due to releasing a newer version of rails. In the current version of rails all attributes are simply accessible without any restriction. After reading some material, I realized that there is a new feature called strong_parameters (which is installed by default in Ruby 4.1) that can be used in to restrict the attribute we want.

Would anybody please explain how can we use strong parameters to restrict certain parameter like :content (for example).

Can't you just remove that param in the associated controller?

So something like this

class ArticlesController < ApplicationController

private
  def article_params
    params.require(:article).permit(:content, :title)
  end
end

becomes

class ArticlesController < ApplicationController

private
  def article_params
    params.require(:article).permit( :title)
  end
end

with the content attribute removed after the permit call.

Rails 4 has moved sanitization of the parameters from the model to the controller level. strong params

1 Answer

Kang-Kyu Lee
Kang-Kyu Lee
52,045 Points

Hi Nawras, I also read some material, strong parameters gem has been installed by default since Rails 4, and it makes the logic simpler than attr_accessible. And your question might be.. we can make this private method like,

private
def article_params

if current_user
  params.require(:article).permit(:title, :content)
else
  params.require(:article).permit(:title)
end

end