Is your feature request related to a problem? Please describe.
Rails added params.expect in https://github.com/rails/rails/pull/51674. There are some problems with require that are nicely explained in that PR (and linked issues) but it basically boils down to this:
params.require(:user).permit(:name) raises if params looks like user=123 (not the expected shape). The newly added expect avoids this problem by making the shape part of the contract.
These two method calls will likely be close together, so I believe it would be best for the cop to simply catch these simple cases first.
Additional context
If plain params.require is added as an offense, it must be unsafe. Consider the following case:
# Allows an array/hash
User.find(params.require(:id))
# This does not
User.find(params.expect([:id]))
# If arrays are expected:
User.find(params.expect([[:id]])
# expect can't allow both an array and plain type
Is your feature request related to a problem? Please describe.
Rails added
params.expectin https://github.com/rails/rails/pull/51674. There are some problems withrequirethat are nicely explained in that PR (and linked issues) but it basically boils down to this:params.require(:user).permit(:name)raises if params looks likeuser=123(not the expected shape). The newly addedexpectavoids this problem by making the shape part of the contract.Describe the solution you'd like
Method docs: https://edgeapi.rubyonrails.org/classes/ActionController/Parameters.html#method-i-expect
These two method calls will likely be close together, so I believe it would be best for the cop to simply catch these simple cases first.
Additional context
If plain
params.requireis added as an offense, it must be unsafe. Consider the following case:There is no replacement for the following (yet?):