strong-parameters

I'm using Rails 4 and I don't know what is the best way to use strong parameters without required parameters. So, that's what I did: def create device = Device.new(device_params) ................. end private def device_params if params[:device] params.require(:device).permit(:notification_token) else {} end end My device model does not validate presence of anything. I know I could do something like that too: device = Device.new device.notification_token = params[:device][:notification_token] if params[:device] && params[:device][:notification_token] Is there any conventions or the right way

I'm sending an array of association ids, say foo_ids to my controller. To permit an array of values, I use: params.permit(foo_ids: []) Now, the problem is that if I send an empty array of foo_ids , the parameter is ignored. Instead of clearing all foos as an empty array should do, the association is left alone, because foo_ids isn't permitted. This may be because an empty array is converted to nil in rails , and that nil value is ignored as strong parameters is looking for an array of scalar values, not a single scalar value. Can anyone suggest a good way to solve this? Thanks! Additional info

I've got a situation much like is presented in Railscast 196-197: Nested Model Form . However, I've encountered a conflict between this approach and strong parameters. I can't figure out a good way to populate the parent record id field on the child object, since I don't want that to be assignable through the form (to prevent users from associating child records to parent records they don't own). I have a solution (see code below) but this seems like the kind of thing Rails might have a clever, easy way to do for me. Here's the code... There's a parent object (call it Survey) that has_many

I have made a user and admin model using devise. I have used strong parameters in the app/controllers/application_controller.rb file class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception before_filter :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :remember_me) } devise_parameter_sanitizer.for(

I'm trying to embed property groups on my main Person model to help keep my code organised but Rails 4's Strong Params is getting in the way. The Scenario I have a Person model and a PersonName model like so: class Person include Mongoid::Document embeds_one :name, class_name: 'PersonName' accepts_nested_attributes_for :name end class PersonName include Mongoid::Document embedded_in :person, inverse_of: :name # fields here end I then use the fields_for helper in my form to nest the PersonName attributes in the Person _form : <%= f.fields_for :name, PersonName.new do |builder| %> <!-- etc -->

I am trying to save data through JSON String in which I have nested associated attributes. I do not want to use attr_accessible. I almost got the logic of strong parameter but still got the problem to make them work. I am getting JSON string and using it to save data using this data = request.body.read @inputData = Person.new(JSON.parse(data)) @inputData.save! if@inputData.valid? render :status => 200, :json => "Data inserted successfully" else render :status => 404, :json => "Not Inserted " end I have defined permit strong parameter method allow nested attributes like this def referral_params

I am learning rails using the teamtreehouse tutorial. The tutorial uses 3.1 but I am trying to learn 4.0, and as a result I have run into a difficulty presumably because rails 4 forces of the use of strong parameters. I have two models, a users model and a statuses model. I have used devise to create authentication for users, and have included new parameters. They are :first_name, :last_name, and :profile_name. I have created a relationship between users and statuses. Currently the user sign-up with the new parameters is working; i can access them using for instance current_user.last_name.