before_action that runs before every action is a useful pattern which helps us avoid forgetting to call some important piece of code before every action in the controller e.g. authentication or authorization.
However I think that, on balance,
except: params does more harm than good to a codebase.
Reasonable people disagree on this e.g. Rails scaffold uses
except for setting instance vars.
I’ll make my case below so you can make up your own mind about it.
Pro: Less typing, shorter methods
You save a few characters of typing and your methods are a few lines shorter which might make rubocop happier.
Con: It scales badly
It doesn’t set a good example. Codebases tend to get more of what they have. The next dev who comes along will tend to do more of what is already there.
except gets grim when you get a bunch of them together e.g.
I think in almost all cases it is better to just type code directly into the controller action. If there is enough code to warrant pulling into a private method then that’s fine - just call the private method in the controller action.