Module: Api::V1::Users::ControllerBase::StrongParameters

Defined in:
app/controllers/concerns/api/v1/users/controller_base.rb

Instance Method Summary collapse

Instance Method Details

#user_paramsObject

Only allow a list of trusted parameters through.



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'app/controllers/concerns/api/v1/users/controller_base.rb', line 6

def user_params
  password_fields = [
    :email,
    :password,
    :current_password,
    :password_confirmation
  ]
  general_fields = [
    :first_name,
    :last_name,
    :time_zone,
    :locale,
    :profile_photo_id, # For Cloudinary
    :profile_photo,    # For ActiveStorage
    :profile_photo_removal
  ]

  selected_fields = if params.is_a?(BulletTrain::Api::StrongParametersReporter)
    password_fields + general_fields
  else
    (params["commit"] == t(".buttons.update_email_and_password")) ? password_fields : general_fields
  end

  strong_params = params.require(:user).permit(
    *permitted_fields,
    *selected_fields,
    # 🚅 super scaffolding will insert new fields above this line.
    *permitted_arrays,
    # 🚅 super scaffolding will insert new arrays above this line.
  )

  process_params(strong_params)

  strong_params
end