What will we get in #rails4? New attr_accessible in controller.

def user_params
  params.require(:user).permit(:name, :age)


You was afraid to force whitelist_attributes but now OK to force people to write 'require' 'params' 'permit' and 'def user_params'. ??? Although, I like the whole idea. We can go ahead with it but syntax MUST be simplified. Nobody is going to write such verbose constructions.

Still not DEFAULT. Again?

Well, strong_parameters is not MUST. attr_accessible was reinvented for controller and it's again up to developer write or not those definitions. whitelist_attributes = false again.

Syntax. Making it nicer:

def UserController

  # creates user_params
  strong_params user: %w{name age}

  # creates admin_params helper
  strong_params user: %w{name age created_at}, as: :admin

I am truly afraid of rails4 + strong_parameters. I want to keep it safe but make strong_params more convenient to use. Current version is, just, not rails-way. Barely useful for agile development.

discuss homakov@gmail.com