Module: Padrino::ParamsProtection::ClassMethods

Defined in:: lib/padrino-core/application/params_protection.rb

Instance Method Summary collapse

#params(*allowed_params) ⇒ Object

Implements filtering of url query params.

Instance Method Details

#params(*allowed_params) ⇒ `Object`

Implements filtering of url query params. Can prevent mass-assignment.

Examples:

post :update, params: [:name, :email]
post :update, params: [:name, { id: Integer }]
post :update, params: [{ name: proc { |v| v.reverse } }]
post :update, params: [:name, { parent: [:name, :position] }]
post :update, params: false
post :update, params: true

params :name, :email, password: proc { |v| v.reverse }
post :update

App.controller :accounts, params: [:name, :position] do
  post :create
  post :update, with: [:id], params: [:name, :position, :addition]
  get :show, with: :id, params: false
  get :search, params: true
end

# File 'lib/padrino-core/application/params_protection.rb', line 39

def params(*allowed_params)
  allowed_params = prepare_allowed_params(allowed_params)
  condition do
    @original_params = Utils.deep_dup(params)
    filter_params!(params, allowed_params)
  end
end