It's been almost two years since the last time a forgotten strong parameter caused a bug
class ProfileController < ApplicationController
class Form < ApplicationForm
render field(:name).input
render field(:email).input(type: :email)
button { "Save" }
end
before_action do
@user = User.find(params.fetch(:id))
@form = Form.new(@user)
end
def update
@form.assign params.require(:user)
@user.save ? redirect_to(@user) : render(@form)
end
end