I will explain what are the strong parameters that appear when defining actions in the controller.
There is a description of create (tweet_params) in the execution content part of the create action, but this argument tweet_params is defined in the private method.
Private is a method that cannot be called from outside the class. The advantages of using the private method are the following two points.
Some methods cause an error when called from outside the class, so you can prevent the error in advance by isolating them.
The readability of the code is improved by clearly separating the private and non-private parts.
In this private method A method called tweet_params is defined, and the processing content is as follows.
Take the tweet model as an argument of require It takes: name: image: text as an argument of permit.
This means that of the data sent from the form, only the parameters with the key specified under permit:: name: image: text will be received.
By specifying strong parameters, you can prevent parameters other than the specifications from being sent and prevent unintended data updates.
For example, if you send a parameter to update another person's login password, you can change another person's password without permission. You need to use strong parameters to prevent this.
Looking at the code again
Since the create method specifies tweet_params as an argument, new data is created and saved via the tweet_params method. Therefore, in this case, the new tweet always has only the strong parameter specified in the permit argument.