27 lines
1.6 KiB
Markdown
27 lines
1.6 KiB
Markdown
# Customizing controllers
|
|
|
|
Just like models, controllers are written using Ruby code, so their customization is similar, only we'll use the `app/controllers/custom/` folder instead of the `app/models/custom/` folder. Check the [models customization](models.md) section for more information.
|
|
|
|
## Customizing allowed parameters
|
|
|
|
When customizing Consul Democracy, sometimes you might want to add a new field to a form. Other than [customizing the view](views.md) or [the component](components.md) that renders that form, you need to modify the controller so the new field is accepted. If not, the new field will silently be ignored; this is done to prevent [mass assignment attacks](https://en.wikipedia.org/wiki/Mass_assignment_vulnerability).
|
|
|
|
For example, let's say you've modified the `SiteCustomization::Page` model so it uses a field called `author_nickname` and you've added that field to the form to create a custom page in the admin area. To add the allowed parameter to the controller, create a file `app/controllers/custom/admin/site_customization/pages_controller.rb` with the following content:
|
|
|
|
```ruby
|
|
load Rails.root.join("app", "controllers", "admin", "site_customization", "pages_controller.rb")
|
|
|
|
class Admin::SiteCustomization::PagesController
|
|
|
|
private
|
|
|
|
alias_method :consul_allowed_params, :allowed_params
|
|
|
|
def allowed_params
|
|
consul_allowed_params + [:author_nickname]
|
|
end
|
|
end
|
|
```
|
|
|
|
Note we're aliasing and then calling the original `allowed_params` method, so all the parameters allowed in the original code will also be allowed in our custom method.
|