Ruby on Rails ActionController Filtering parameters (Basic)


Example

class UsersController < ApplicationController
  def index
    respond_to do |format|
      format.html do
        render html: "Hello #{ user_params[:name] } user_params[:sentence]"
      end
    end 
  end

  private

  def user_params
    if params[:name] == "john"
      params.permit(:name, :sentence)
    else
      params.permit(:name)
    end
  end
end

You can allow (or reject) some params so that only what you want will pass through and you won't have bad surprises like user setting options not meant to be changed.

Visiting /users?name=john&sentence=developer will display Hello john developer, however visiting /users?name=smith&sentence=spy will display Hello smith only, because :sentence is only allowed when you access as john