Is it possible to toggle via web a boolean attribute which is not a strong parameter?
12 views
Skip to first unread message
krfg
Aug 15, 2016, 6:42:58 AM8/15/16
to Ruby on Rails: Talk
The application I am working on is largely based on Michael Hartl's tutorial.
The create action for the users controller uses strong parameters with permitted parameters. The 'admin' attribute, for instance, is not included in the permitted parameters, so a malicious user could not send a
My application requires newly created users to make a list of choices on the home page in order to be redirected to a new page, reserved for users who have completed this stage.
I thought to add to the User model a new attribute ('member', for instance) which can be toggled inside the create action of the Choice controller (probably with a call of a private method), once the user has completed the number of choices requested.
Is this allowed or am I required to revise strong parameters with the new attribute?
The create action for the users controller uses strong parameters with permitted parameters. The 'admin' attribute, for instance, is not included in the permitted parameters, so a malicious user could not send a
PATCH request in order to become admin.My application requires newly created users to make a list of choices on the home page in order to be redirected to a new page, reserved for users who have completed this stage.
I thought to add to the User model a new attribute ('member', for instance) which can be toggled inside the create action of the Choice controller (probably with a call of a private method), once the user has completed the number of choices requested.
Is this allowed or am I required to revise strong parameters with the new attribute?
Reply all
Reply to author
Forward
0 new messages