Skip to content

Commit

Permalink
Use strong params to avoid mass assignment
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonallured
jonallured committed Mar 6, 2024
1 parent d9d67b1 commit 2a07308
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions app/api/using_grape/artworks_endpoint.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@ module UsingGrape
class ArtworksEndpoint < Grape::API
format :json

helpers do
def artwork_params
strong_params = ActionController::Parameters.new(params)
strong_params.permit(:amount_cents, :artist_name, :medium, :title)
end
end

namespace :artworks do
get do
Artwork.all.order(featured: :desc, created_at: :desc)
Expand All @@ -12,7 +19,7 @@ class ArtworksEndpoint < Grape::API
end

post do
artwork = Artwork.new(params)
artwork = Artwork.new(artwork_params)
if artwork.save
artwork
else
Expand All @@ -23,7 +30,7 @@ class ArtworksEndpoint < Grape::API

put ":id" do
artwork = Artwork.find(params[:id])
if artwork.update(params)
if artwork.update(artwork_params)
artwork
else
errors = {errors: artwork.errors.full_messages.to_sentence}
Expand Down

0 comments on commit 2a07308

Please sign in to comment.