今天开始了一个RAILS4的项目。 扑面而来的一个特性: strong parameter( today I started my first Rails 4 project and met the "strong parameter" feater)
传统的rails 3 项目,需要在model中控制 可以访问的属性(in Rails 3, the attribute white list is controlled in model) :
# in models
class Plan < ActiveRecord::Base
attr_accessible :name, :schedule
end
在Rails 4中,需要在controller中进行控制: ( but in Rails4, it's controlled in controller )
# in controller:
class PlansController < ApplicationController
before_action :set_plan, only: [:update]
def update
if @plan.update plan_params
redirect_to @plan, notice: 'Plan was successfully updated.'
else
render action: 'edit'
end
end
private
def set_plan
@plan = Plan.find(params[:id])
end
# this is the key!
def plan_params
params.require(:plan).permit :name, :schedule
end