The application I am working on is largely based on Michael Hartl's
tutorial.
The create action for the users controller uses *strong parameters
<https://www.railstutorial.org/book/updating_and_deleting_users#sec-revisiting_strong_parameters>
*with permitted parameters*. *The 'admin' attribute, for instance, is not
included in the permitted parameters, so a malicious user could not send a
PATCH request in order to become admin.
My application requires newly created users to make a list of choices on
the home page in order to be redirected to a new page, reserved for users
who have completed this stage.
I thought to add to the User model a new attribute ('member', for instance)
which can be toggled inside the create action of the Choice controller
(probably with a call of a private method), once the user has completed the
number of choices requested.
Is this allowed or am I required to revise strong parameters with the new
attribute?
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/85d37790-57df-4c8d-9ebd-ba0a3e27515f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
