I’d like to tell you a (cheesy, overly dramatic) story:

One dark and stormy night, you’re given a ticket that requires you to rename some data columns and rearrange a few form inputs. In your arrogance, you confidently determine this will take you no time at all. Thunder flashes. This is totally not foreshadowing.

You successfully migrate the database. You successfully rearrange the form inputs. All your tests pass. You are feeling pretty self sufficient, like a god/dess among junior developers. You decide, since you are a conscientious team member, to manually fill in the form and watch the magic happen.

Only nothing happens. The form cheerfully proclaims it’s success, but your data has clearly not been saved. You vainly try to find the problem for an hour, but eventually, BAMFness severely deflated, have to ask for help. This is when your boss/mentor discovers within minutes that you’ve forgotten to update the permitted parameters in your controller.

As you may have guessed, it’s my own hubris I’m describing here. But! I have learned something that can help you avoid this terrible tale of woe.

Add this line to your config/environments/test.rb and config/environments/development.rb:

# Raise an error when sending unpermitted parameters
config.action_controller.action_on_unpermitted_parameters = :raise

This lovely little incantation (which you can read more about on the strong parameters repo) will throw an exception when you send unpermitted keys, rather than silently swallowing them. So, instead of this:

You’ll get this:

Never thought you’d be happy to see that page, huh?

Best of luck, and always check your hubris, lest it bring you to ruin. ;D

On Tumblr