app/controllers/brightcontent/attachments_controller.rb in brightcontent-attachments-2.0.29 vs app/controllers/brightcontent/attachments_controller.rb in brightcontent-attachments-2.0.30

@@ -7,20 +7,26 @@
       @attachments = Attachment.where(attachable_type: params[:type].classify, attachable_id: params[:id])
       render layout: false
     end
 
     def create
-      @attachment = Attachment.new(params.slice(:attachable_id, :attachable_type, :asset))
+      @attachment = Attachment.new(attachment_params)
       if @attachment.save
         render json: @attachment.to_json, status: :created
       else
         render json: @attachment.errors, status: :unprocessable_entity
       end
     end
 
     def destroy
       attachment = Attachment.destroy(params[:id])
       redirect_to attachment.attachable
+    end
+
+    private
+
+    def attachment_params
+      params.permit(:attachable_id, :attachable_type, :asset)
     end
 
   end
 end