is safe/acceptable send params way create action in controller? there potential problems?
<%= link_to "acceptance", acceptances_path(acceptance: {favor_id: @favor.id, user_id: current_user.id}), method: :post %>
and in controller
class acceptancescontroller < applicationcontroller def create @acceptance = acceptance.new(acceptance_params) if @acceptance.save redirect_to favors_path else render :template => 'favors/index' end end private def acceptance_params params.require(:acceptance).permit(:favor_id, :user_id) end end
thanks time in advance!
the best (and safest) assigning these id's in controller.
since have access @favor
, current_user
objects, you'd better of doing this:
def create @acceptance = acceptance.new(acceptance_params) @acceptance.favor_id = @favor.id @acceptance.user_id = current_user.id # code omitted end
Comments
Post a Comment