Migrate a Ruby on Rails App to Rails 4.x with “Strong Parameters”

Ruby Logo

A helpful rake task

I’m just updating a three year old rails app from 3.2 to 4.2. One of the changes is that now the controller is responsible to protect against mass assignments.
I think this is the right architecture, as the controller has the job to receive the input parameters and transfer them to the right model, or reject the request altogether. The browser of the user does not talk directly with the model, and the model does not know which user with which rights has done a request.

With the strong parameters, all allowed parameters need to be in a white list. My app has 60 controllers, so writing all the code for the strong parameters is a big task. For each controller you need to collect the right attributes and put them in the permit-call. Continue Reading →