lib/generators/templates/app/controllers/base.rb in beautiful_scaffold-0.3.0.pre vs lib/generators/templates/app/controllers/base.rb in beautiful_scaffold-0.3.0.rc1
- old
+ new
@@ -95,11 +95,11 @@
def edit
end
def create
- @<%= model %> = <%= model_camelize %>.create(params[:<%= model %>])
+ @<%= model %> = <%= model_camelize %>.create(params_for_model)
respond_to do |format|
if @<%= model %>.save
format.html {
if params[:mass_inserting] then
@@ -123,11 +123,11 @@
end
def update
respond_to do |format|
- if @<%= model %>.update_attributes(params[:<%= model %>])
+ if @<%= model %>.update_attributes(params_for_model)
format.html { redirect_to <%= namespace_for_route %><%= singular_table_name %>_path(@<%= model %>), :notice => t(:update_success, :model => "<%= model %>") }
format.json { head :ok }
else
format.html { render :action => "edit" }
format.json { render :json => @<%= model %>.errors, :status => :unprocessable_entity }
@@ -196,8 +196,12 @@
private
def load_<%= model %>
@<%= model %> = <%= model_camelize %>.find(params[:id])
+ end
+
+ def params_for_model
+ params.require(:<%= model %>).permit(<%= model_camelize %>.permitted_attributes)
end
end