This is based on Railscast #371 Strong Parameters and is another fantastic example of delegating functionality to service objects.
Start off by disabling the need to whitelist attributes as this is no longer the recommended approach. Remember, Strong Parameters are a part of Rails 4 as well!
It's a good idea to force strong_parameters on all models by default — create the following initialiser at
Now update your
application_controller.rb as follows
This allows us to access an instance of our
PermittedParams object with instance methods defined on a per resource basis. I created
app/models/permitted_params.rb as follows
Notice how I'm first making sure
params.require(:contact_message) that key exists within the params hash and then I'm permitting three parameters. This allows me to access the params on a per resource basis safely
def send_message @contact_message = ContactMail.new(permitted_params.contact_mail) if @contact_message.save ContactMailer.send_message(@contact_message).deliver flash[:success] = "Yay! Your message has been successfully sent to us." redirect_to root_path and return else render :index end end