This is based on Railscast #371 Strong Parameters and is another fantastic example of delegating functionality to service objects.
Start off by disabling the need to whitelist attributes as this is no longer the recommended approach. Remember, Strong Parameters are a part of Rails 4 as well!
It's a good idea to force strong_parameters on all models by default — create the following initialiser at config/initializers/strong_parameters.rb
Now update your application_controller.rb as follows
This allows us to access an instance of our PermittedParams object with instance methods defined on a per resource basis. I created app/models/permitted_params.rb as follows
Notice how I'm first making sure params.require(:contact_message) that key exists within the params hash and then I'm permitting three parameters. This allows me to access the params on a per resource basis safely
def send_message
@contact_message = ContactMail.new(permitted_params.contact_mail)
if @contact_message.save
ContactMailer.send_message(@contact_message).deliver
flash[:success] = "Yay! Your message has been successfully sent to us."
redirect_to root_path and return
else
render :index
end
end