Rails update_attributes without forbidden attributes?

Question

Is it possible in a controller to use update_attributes or a similar mass update method but without having to permit the params in the controller ? I want to skip the forbidden attributes thing (my scenario is that I have admin controllers , so once I'm authenticated I just want to update things). e.g something like this

@story.update_attributes(params[:story],skip)

I only saw ways to skip model validations in save , e.g

@story.save(false)

but can't see anything for params in the controller , no way for that?

score 1 · Answer 1 · edited May 23 '17 at 12:28

1

Try passing option:

:without_protection => true

what you need to do is:

@story.update_attributes(params[:story], :without_protection => true)

Check this example.

edited May 23 '17 at 12:28

Community

1
1

answered Oct 31 '14 at 18:06

mohameddiaa27

3,587
1
16
23

Rails update_attributes without forbidden attributes?

1 Answers1