Use strong params for 5 more models

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

app/controllers/admin/broadcast_messages_controller.rb

@@ -6,7 +6,7 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
   end
 
   def create
-    @broadcast_message = BroadcastMessage.new(params[:broadcast_message])
+    @broadcast_message = BroadcastMessage.new(broadcast_message_params)
 
     if @broadcast_message.save
       redirect_to admin_broadcast_messages_path, notice: 'Broadcast Message was successfully created.'
@@ -29,4 +29,11 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
   def broadcast_messages
     @broadcast_messages ||= BroadcastMessage.order("starts_at DESC").page(params[:page])
   end
+
+  def broadcast_message_params
+    params.require(:broadcast_message).permit(
+      :alert_type, :color, :ends_at, :font,
+      :message, :starts_at
+    )
+  end
 end

app/controllers/projects/protected_branches_controller.rb

@@ -11,7 +11,7 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
   end
 
   def create
-    @project.protected_branches.create(params[:protected_branch])
+    @project.protected_branches.create(protected_branch_params)
     redirect_to project_protected_branches_path(@project)
   end
 
@@ -23,4 +23,10 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
       format.js { render nothing: true }
     end
   end
+
+  private
+
+  def protected_branch_params
+    params.require(:protected_branch).permit(:name)
+  end
 end

app/controllers/users_groups_controller.rb

@@ -14,7 +14,7 @@ class UsersGroupsController < ApplicationController
 
   def update
     @member = @group.users_groups.find(params[:id])
-    @member.update_attributes(params[:users_group])
+    @member.update_attributes(member_params)
   end
 
   def destroy
@@ -41,4 +41,8 @@ class UsersGroupsController < ApplicationController
       return render_404
     end
   end
+
+  def member_params
+    params.require(:users_group).permit(:group_access, :user_id)
+  end
 end

app/models/broadcast_message.rb

@@ -14,8 +14,6 @@
 #
 
 class BroadcastMessage < ActiveRecord::Base
-  attr_accessible :alert_type, :color, :ends_at, :font, :message, :starts_at
-
   validates :message, presence: true
   validates :starts_at, presence: true
   validates :ends_at, presence: true

app/models/deploy_keys_project.rb

@@ -10,13 +10,10 @@
 #
 
 class DeployKeysProject < ActiveRecord::Base
-  attr_accessible :key_id, :project_id
-
   belongs_to :project
   belongs_to :deploy_key
 
   validates :deploy_key_id, presence: true
   validates :deploy_key_id, uniqueness: { scope: [:project_id], message: "already exists in project" }
-
   validates :project_id, presence: true
 end

app/models/forked_project_link.rb

@@ -10,10 +10,6 @@
 #
 
 class ForkedProjectLink < ActiveRecord::Base
-  attr_accessible :forked_from_project_id, :forked_to_project_id
-
-  # Relations
   belongs_to :forked_to_project, class_name: Project
   belongs_to :forked_from_project, class_name: Project
-
 end

app/models/protected_branch.rb

@@ -12,8 +12,6 @@
 class ProtectedBranch < ActiveRecord::Base
   include Gitlab::ShellAdapter
 
-  attr_accessible :name
-
   belongs_to :project
   validates :name, presence: true
   validates :project, presence: true

app/models/users_group.rb

@@ -19,8 +19,6 @@ class UsersGroup < ActiveRecord::Base
     Gitlab::Access.options_with_owner
   end
 
-  attr_accessible :group_access, :user_id
-
   belongs_to :user
   belongs_to :group