Skip to content

choonkeat/active_params

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

bin

bin

 
 

lib

lib

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

Gemfile

Gemfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

active_params.gemspec

active_params.gemspec

 
 

Repository files navigation

ActiveParams

Stop manually defining strong_parameters in each and every controller.

Whatever parameters that was used during development mode is considered permitted parameters for production. So automatically record them in development mode and simply apply strong_parameters in production.

aka No more strong parameters falls! 👌

Installation

Add this line to your application's Gemfile:

gem 'active_params'

And then execute:

$ bundle

Or install it yourself as:

$ gem install active_params

Usage

Include the ActiveParams module into your controller, e.g.

class ApplicationController < ActionController::Base
  include ActiveParams
end

Rails.env.development?

During development mode, active_params will generate the appropriate strong parameters settings for each param (scoped to the current http method, controller_name and action_name)

For example, when you submit a form like this

Started POST "/users" for 127.0.0.1 at 2016-06-26 00:41:19 +0800
Processing by UsersController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"...", "user"=>{"name"=>"John", "avatar"=>"Face.png", "photos"=>["Breakfast.png", "Coffee.png"]}, "button"=>""}

active_params will create or update the config/active_params.json file with the settings

{
  "POST users/create": {
    "user": [
      "avatar",
      "name",
      {
        "photos": [

        ]
      }
    ]
  }
}

NOTE: see the test for a more complicated example

Rails.env.production? (and other modes)

In non-development mode, active_params will NOT update the config/active_params.json file.

It loads config/active_params.json and automatically perform the correct strong parameters setup for each request

params[:user] = params.require(:user).permit(:avatar, :name, photos: [])

So, in your controllers, you can simply reference params[:user] again!

def create
  @user = User.new(params[:user])
  if @user.save
    redirect_to @user, notice: 'User was successfully created.'
  else
    render :new
  end
end

Workflow

When you create new features for your app & try them out in development mode, config/active_params.json will be automatically updated. When you commit your code, include the changes to config/active_params.json too.

Static Customizations

You can add a config/initializers/active_params.rb file in your Rails app, and perform a global config like this

ActiveParams.config do |config|
  config.writing = Rails.env.development?
  config.path    = "config/active_params.json"
  config.scope   = proc { |controller|
    "#{controller.request.method} #{controller.controller_name}/#{controller.action_name}"
  }
end

Dynamic Customizations

Each controller may need its own config, e.g. some strong params are only permitted for certain current_user roles. For such controllers, use the include ActiveParams.setup(...) syntax instead

class ApplicationController < ActionController::Base
  include ActiveParams.setup({
    path: "tmp/strong_params.json",
    writing: !Rails.env.production?,
    scope: proc {|ctrl|
      [ctrl.current_user.role, ActiveParams.scope.(ctrl)].join('@')
    },
  })
end

You can setup

  • where the config file is stored
  • if you want to write to the config file
  • how should strong params be scoped

LICENSE

MIT

About

Automatic strong parameters

Resources

Readme

License

MIT license
Activity

Stars

82 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages