The adoption of strong params into rails 4 has added a great barrier of security and explicitness into what arguments are passed from the controller to the rest of our apps.
With this explicitness comes a bulky amount of code that was once stored in the model (attr_accessible). Many implementations place these hashes right inside the controller, whereas others extract them into separate models or concerns.
To us this looks like shit. We immediately wanted to extract these strong param methods into their own models / concerns. After doing so, we still didn’t like looking at tons of files with static methods each containing (sometimes) lengthy hashes. It was getting hard to manage.
Our solution was to convert each param set into its own YAML file that lived in an organized directory. The YAML file would allow for one ‘require’ field and one 'permit’ array. Here is an example of how the YAML file is organized:
We built a gem that turns each of these YAML files into a method (using the name of the file as the method name) and returns the strong params built by the data inside the YAML file to the controller.
In the above case, the YAML file titled 'project_params.yml’ would give me the ability to call project_params from inside the project controller and have immediate access to those strong params.
The API to initialize a specific strong param in the controller looks like this:
and to use the method inside this controller you simply access it like this:
The gem has appropriately been called ripped_params and we just published it. Hopefully this post / gem inspires you to get on board with strong params without sacrificing the aesthetic of your repos!
Love your friendly coders at