2

Is it safe/acceptable to send params this way to create action in the controller? Is there any potential problems?

<%= link_to "Acceptance", acceptances_path(acceptance: {favor_id: @favor.id, user_id: current_user.id}), method: :post %>

and then in controller

class AcceptancesController < ApplicationController

  def create
    @acceptance = Acceptance.new(acceptance_params)

    if @acceptance.save
      redirect_to favors_path
    else
      render :template => 'favors/index'
    end
  end

  private

  def acceptance_params
    params.require(:acceptance).permit(:favor_id, :user_id)
  end
end

Thanks for your time in advance!

Improve this question
2
  • Thanks :) The thing is, Acceptance belongs_to :user and also belongs_to :favor . Is it still acceptable to pass params with link_to when there is an association? or there is a better way of setting the attributes in the controller? Commented Jan 24, 2016 at 17:09
  • 1
    you can .merge(favor_id: @favor.id, user_id: current_user.id) to your permited params. But I don't suggest you set it in view. Commented Jan 24, 2016 at 19:23

1 Answer 1

Reset to default
2

The best (and the safest) you could do is assigning these id's in controller.

Since you have access to @favor and current_user objects, you'd be better of doing this:

def create
  @acceptance = Acceptance.new(acceptance_params)
  @acceptance.favor_id = @favor.id
  @acceptance.user_id = current_user.id
  # code omitted
end
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.