Ognjen Regoje bio photo

MY NAME IS
Ognjen Regoje
BUT YOU CAN CALL ME OGGY


I make things that run on the web (mostly).
More /ABOUT me.

me@ognjen.io Twitter LinkedIn Github
Check out
The Marketplace Guide
A collection of lessons for the early stages of building a marketplace startup.
https://themarketplace.guide

Rails pattern: state params

A useful pattern that I didn’t see documented before is what I call “state params”: returning different permitted params based on the state of the record.

If there is an order model, the simplest way of returning permitted params is like this:

def order_params
  params.require(:order).permit(:coupon, :rating)
end

However, that means that technically rating could be submitted before the order is paid, for instance.

The application is more secure if permitted params takes into consideration the state of the order and accepts only the fields for that state.

def order_params(order)
  case order.status
  when "pending_payment"
    params.require(:order).permit(:coupon)
  when "paid"
    params.require(:order).permit(:rating)
  when "rated"
    nil
  end
end

That way coupon will be accepted only when pending payment, rating only when paid and otherwise nothing.

#rails #technical

Get in touch

Next
« It's the little things
It's the little things that separate the normal from the delightful.They're often the result of careful consideration when trying to answer: "And after this the user would want ...

Previous
mysql2 - activerecord version compatibility list »
In the course of doing upgrades for an older project I’ve discovered that not every activerecord version is compatible with every mysql2 version. The adapters use ~> to lock ...

Newest
Don't forget, .org sucks
It isn't a legitimately controlled TLD