How can I exclude (or explicitly include) params passed to an object like in

Question

0

Asked: May 25, 20262026-05-25T13:33:40+00:00 2026-05-25T13:33:40+00:00

How can I exclude (or explicitly include) params passed to an object like in

0

How can I exclude (or explicitly include) params passed to an object like in the following example:

  def create
    @something = Something.new(params[:something])
    ...
    @something.save    
  end

Say for example something had a field trust_level that should not be settable through public users (which are allowed to create the object). It would be easy to send this field via HTTP even if the provided form doesn’t contain it. So how can be prevented that this field is passed to the new (or update_attributes) method?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T13:33:41+00:00

Editorial Team

2026-05-25T13:33:41+00:00Added an answer on May 25, 2026 at 1:33 pm

Use attr_accessible to define what’s available to mass-assignment.

(That’s a link to the docs but it’s a little hard to tell, so here it is again.)

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

How can I exclude (or explicitly include) params passed to an object like in

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply