Strong Params + Rails4 - 我如何允许不明确?
Strong Params + Rails4 - How do I allow not specifically?
如何不允许字段?
示例:
Model Realty 有 15 个字段,允许所有参数:
def realty_params
params.require(:realty).permit! #{id: 1, status: 1, title: 'foo', ... }
end
只允许'status',有助于清除具有多个值的参数:
def realty_params
params.require(:realty).unpermitted(:status) #{id: 1, title: 'foo', ... }
end
这不可能。上一个问题非常清楚地涵盖了它 - Rails 4 Strong Parameters : can I 'exclude' / blacklist attributes instead of permit / whitelist?
Blacklisting attributes would be a security issue, since your codebase
can evolve, and other attributes, which should be blacklisted can be
forgotten in the future.
如何不允许字段?
示例:
Model Realty 有 15 个字段,允许所有参数:
def realty_params
params.require(:realty).permit! #{id: 1, status: 1, title: 'foo', ... }
end
只允许'status',有助于清除具有多个值的参数:
def realty_params
params.require(:realty).unpermitted(:status) #{id: 1, title: 'foo', ... }
end
这不可能。上一个问题非常清楚地涵盖了它 - Rails 4 Strong Parameters : can I 'exclude' / blacklist attributes instead of permit / whitelist?
Blacklisting attributes would be a security issue, since your codebase can evolve, and other attributes, which should be blacklisted can be forgotten in the future.