< Return to Blog

Bootstrapping Strong Parameters in Rails 3.2.8

This is based on Railscast #371 Strong Parameters and is another fantastic example of delegating functionality to service objects.

Start off by disabling the need to whitelist attributes as this is no longer the recommended approach. Remember, Strong Parameters are a part of Rails 4 as well!

It's a good idea to force strong_parameters on all models by default — create the following initialiser at config/initializers/strong_parameters.rb

Now update your application_controller.rb as follows

This allows us to access an instance of our PermittedParams object with instance methods defined on a per resource basis. I created app/models/permitted_params.rb as follows

Notice how I'm first making sure params.require(:contact_message) that key exists within the params hash and then I'm permitting three parameters. This allows me to access the params on a per resource basis safely

  def send_message
    @contact_message = ContactMail.new(permitted_params.contact_mail)
    if @contact_message.save
      ContactMailer.send_message(@contact_message).deliver
      flash[:success] = "Yay! Your message has been successfully sent to us."
      redirect_to root_path and return
    else
      render :index
    end
  end