Skip to content

Commit

Permalink
Convert params.fetch to allow and params[:id] to params.expect(:id)
Browse files Browse the repository at this point in the history
  • Loading branch information
@martinemde
martinemde committed Aug 11, 2024
1 parent eab7ac2 commit a405586
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions railties/lib/rails/generators/rails/scaffold_controller/templates/api_controller.rb.tt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,13 @@ class <%= controller_class_name %>Controller < ApplicationController
private
# Use callbacks to share common setup or constraints between actions.
def set_<%= singular_table_name %>
@<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
@<%= singular_table_name %> = <%= orm_class.find(class_name, "params.expect(:id)") %>
end

# Only allow a list of trusted parameters through.
def <%= "#{singular_table_name}_params" %>
<%- if attributes_names.empty? -%>
params.fetch(:<%= singular_table_name %>, {})
params.allow(<%= singular_table_name %>: {})
<%- else -%>
params.expect(<%= singular_table_name %>: [<%= permitted_params %>])
<%- end -%>
Expand Down
4 changes: 2 additions & 2 deletions railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb.tt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,13 +49,13 @@ class <%= controller_class_name %>Controller < ApplicationController
private
# Use callbacks to share common setup or constraints between actions.
def set_<%= singular_table_name %>
@<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
@<%= singular_table_name %> = <%= orm_class.find(class_name, "params.expect(:id)") %>
end

# Only allow a list of trusted parameters through.
def <%= "#{singular_table_name}_params" %>
<%- if attributes_names.empty? -%>
params.fetch(:<%= singular_table_name %>, {})
params.allow(<%= singular_table_name %>: {})
<%- else -%>
params.expect(<%= singular_table_name %>: [<%= permitted_params %>])
<%- end -%>
Expand Down
4 changes: 2 additions & 2 deletions railties/test/generators/scaffold_controller_generator_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ def test_controller_skeleton_is_created
end

assert_instance_method :set_user, content do |m|
assert_match(/@user = User\.find\(params\[:id\]\)/, m)
assert_match(/@user = User\.find\(params.expect\(:id\)\)/, m)
end

assert_match(/def user_params/, content)
Expand All @@ -64,7 +64,7 @@ def test_dont_use_require_or_permit_if_there_are_no_attributes

assert_file "app/controllers/users_controller.rb" do |content|
assert_match(/def user_params/, content)
assert_match(/params\.fetch\(:user, \{\}\)/, content)
assert_match(/params\.allow\(user: \{\}\)/, content)
end
end

Expand Down

0 comments on commit a405586

Please sign in to comment.