The intended use of
StrongParams
is to prevent unintended params from getting through a controller action during
mass assignment.
This can be put to use other places in your Rails app, such as a service object, where mass assignment is used to update records.
class BookTitleUpdater
ALLOW_LIST = [:title].freeze
def self.run(data)
params = ActionController::Parameters.new(data).permit(*ALLOW_LIST)
Book.find(data[:id]).update!(params)
end
endThis helps prevent other values from getting inadvertently updated on the book record.
> ALLOW_LIST = [:title]
> data = { title: "Legacy Code", author_id: 22 }
> params = ActionController::Parameters.new(data).permit(*ALLOW_LIST)
> params.to_h
#=> { title: "Legacy Code" }The author_id value is ignored and won't be passed to the #update call.