5. .require .permit methods


#1

The lesson showed us to use require & permit methods but never really explained what they are used for. Can someone please elaborate?

private
  def user_params
    params.require(:user).permit(:first_name, :last_name, :email, :password)
  end

#2

I agree. Why is ":user" required? I don't remember that being a field in the database.


#3

@jaydacoder, @courserunner92718

Sorry for the late reply! I just saw this.

Let's see if we can explain this, anyway:

private, of course, makes the fields following the keyword private.
def user_params defines the method, nothing special.
params.require(:user).permit(:first_name, :last_name, :email, :password) is a special construct meaning that for the User table, the parameters should only permit the first name, last name, email, and password fields to be passed in.

In other words, the form wouldn't be allowed to pass in data for another table, e.g. Comment. :user signifies the User table.

Does that make sense? :slight_smile:


#4

YES! Thank you, Jacob.


#5

Excellent explanation, thank you! Taking this a step further, why do we need to all :first_name, :last_name, :email, and :password to be permitted. why not just :email, and :password since those are the only two fields a user needs to login to the app?


#6

Sorry, disregard my last post. I had a brain freeze. Realizing that this is for the Signup page, and not for the login page.