RailsCasts Pro episodes are now free!

Learn more or hide this

codeduffer's Profile

GitHub User: codeduffer

Comments by


Well I'm a comparative newbie here but with my limited Rails4 work I would suggest whitelisting by doing this (using Ryan's example). In the private area of the books controller add the author_ids to the book_params:

def book_params
 params.require(:book).permit( ... many attributes...., :author_ids => [])