Commit 16a0a4ae authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Note strong_params

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 98ba075c
...@@ -21,7 +21,7 @@ class Projects::NotesController < Projects::ApplicationController ...@@ -21,7 +21,7 @@ class Projects::NotesController < Projects::ApplicationController
end end
def create def create
@note = Notes::CreateService.new(project, current_user, params[:note]).execute @note = Notes::CreateService.new(project, current_user, note_params).execute
respond_to do |format| respond_to do |format|
format.json { render_note_json(@note) } format.json { render_note_json(@note) }
...@@ -30,7 +30,7 @@ class Projects::NotesController < Projects::ApplicationController ...@@ -30,7 +30,7 @@ class Projects::NotesController < Projects::ApplicationController
end end
def update def update
note.update_attributes(params[:note]) note.update_attributes(note_params)
note.reset_events_cache note.reset_events_cache
respond_to do |format| respond_to do |format|
...@@ -109,4 +109,11 @@ class Projects::NotesController < Projects::ApplicationController ...@@ -109,4 +109,11 @@ class Projects::NotesController < Projects::ApplicationController
def authorize_admin_note! def authorize_admin_note!
return access_denied! unless can?(current_user, :admin_note, note) return access_denied! unless can?(current_user, :admin_note, note)
end end
def note_params
params.require(:note).permit(
:note, :noteable, :noteable_id, :noteable_type, :project_id,
:attachment, :line_code, :commit_id
)
end
end end
...@@ -25,8 +25,6 @@ class Note < ActiveRecord::Base ...@@ -25,8 +25,6 @@ class Note < ActiveRecord::Base
default_value_for :system, false default_value_for :system, false
#attr_accessible :note, :noteable, :noteable_id, :noteable_type, :project_id,
#:attachment, :line_code, :commit_id
attr_mentionable :note attr_mentionable :note
belongs_to :project belongs_to :project
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment