Last Updated: February 25, 2016
·
1.239K
· ankit8898

Whitelisting non form/non model attributes

Whitelisting non form/non model attributes

If ever while using strong parameters you feel the need of whitelisting non form attributes.

For eg a multiselect check box of user

<%= checkboxtag 'user[role_ids][]' %>

You can whitelist the array of role_ids like

def user_params
    params.require(:user).permit(:first_name).tap do |whitelisted|
       whitelisted[:role_ids] = params[:user][:role_ids]
    end
end