[RUBY] [Strong parameters]

What are strong parameters

ストロングパラメーター.png

I will explain what are the strong parameters that appear when defining actions in the controller.

There is a description of create (tweet_params) in the execution content part of the create action, but this argument tweet_params is defined in the private method.

private method

Private is a method that cannot be called from outside the class. The advantages of using the private method are the following two points.

1. Isolate methods that are inconvenient when called from outside the class

Some methods cause an error when called from outside the class, so you can prevent the error in advance by isolating them.

2. Improve code readability

The readability of the code is improved by clearly separating the private and non-private parts.

In this private method A method called tweet_params is defined, and the processing content is as follows.

ストロング2.png

Take the tweet model as an argument of require It takes: name: image: text as an argument of permit.

This means that of the data sent from the form, only the parameters with the key specified under permit:: name: image: text will be received.

The mechanism that receives only the parameters with this specified key is called a strong parameter.

By specifying strong parameters, you can prevent parameters other than the specifications from being sent and prevent unintended data updates.

For example, if you send a parameter to update another person's login password, you can change another person's password without permission. You need to use strong parameters to prevent this.

Looking at the code again

ストロングパラメーター.png

Since the create method specifies tweet_params as an argument, new data is created and saved via the tweet_params method. Therefore, in this case, the new tweet always has only the strong parameter specified in the permit argument.

Recommended Posts

[Strong parameters]
Summary of strong parameters
About rails strong parameters
[rails] What are Strong Parameters?
About require when setting strong parameters
[Rails] Add strong parameters to devise
CheckStyle parameters
[Rails] How to get the contents of strong parameters