Commit 1dab1594 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Remove protected_atrributes gem and start moving to strong params

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 024e0577
...@@ -10,8 +10,6 @@ end ...@@ -10,8 +10,6 @@ end
gem "rails", "~> 4.1.0" gem "rails", "~> 4.1.0"
gem "protected_attributes"
# Make links from text # Make links from text
gem 'rails_autolink', '~> 1.1' gem 'rails_autolink', '~> 1.1'
......
...@@ -331,8 +331,6 @@ GEM ...@@ -331,8 +331,6 @@ GEM
websocket-driver (>= 0.2.0) websocket-driver (>= 0.2.0)
polyglot (0.3.4) polyglot (0.3.4)
posix-spawn (0.3.8) posix-spawn (0.3.8)
protected_attributes (1.0.5)
activemodel (>= 4.0.1, < 5.0)
pry (0.9.12.4) pry (0.9.12.4)
coderay (~> 1.0) coderay (~> 1.0)
method_source (~> 0.8) method_source (~> 0.8)
...@@ -635,7 +633,6 @@ DEPENDENCIES ...@@ -635,7 +633,6 @@ DEPENDENCIES
org-ruby org-ruby
pg pg
poltergeist (~> 1.5.1) poltergeist (~> 1.5.1)
protected_attributes
pry pry
quiet_assets (~> 1.0.1) quiet_assets (~> 1.0.1)
rack-attack rack-attack
......
...@@ -42,7 +42,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -42,7 +42,7 @@ class Projects::IssuesController < Projects::ApplicationController
end end
def new def new
@issue = @project.issues.new(params[:issue]) @issue = @project.issues.new(issue_params)
respond_with(@issue) respond_with(@issue)
end end
...@@ -59,7 +59,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -59,7 +59,7 @@ class Projects::IssuesController < Projects::ApplicationController
end end
def create def create
@issue = Issues::CreateService.new(project, current_user, params[:issue]).execute @issue = Issues::CreateService.new(project, current_user, issue_params).execute
respond_to do |format| respond_to do |format|
format.html do format.html do
...@@ -76,7 +76,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -76,7 +76,7 @@ class Projects::IssuesController < Projects::ApplicationController
end end
def update def update
@issue = Issues::UpdateService.new(project, current_user, params[:issue]).execute(issue) @issue = Issues::UpdateService.new(project, current_user, issue_params).execute(issue)
respond_to do |format| respond_to do |format|
format.js format.js
...@@ -144,4 +144,11 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -144,4 +144,11 @@ class Projects::IssuesController < Projects::ApplicationController
raise ActiveRecord::RecordNotFound.new raise ActiveRecord::RecordNotFound.new
end end
end end
def issue_params
params.require(:issue).permit(
:title, :assignee_id, :position, :description,
:milestone_id, :label_list, :state_event
)
end
end end
...@@ -60,7 +60,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -60,7 +60,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
end end
def new def new
@merge_request = MergeRequest.new(params[:merge_request]) @merge_request = MergeRequest.new(merge_request_params)
@merge_request.source_project = @project unless @merge_request.source_project @merge_request.source_project = @project unless @merge_request.source_project
@merge_request.target_project ||= (@project.forked_from_project || @project) @merge_request.target_project ||= (@project.forked_from_project || @project)
@target_branches = @merge_request.target_project.nil? ? [] : @merge_request.target_project.repository.branch_names @target_branches = @merge_request.target_project.nil? ? [] : @merge_request.target_project.repository.branch_names
...@@ -110,7 +110,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -110,7 +110,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
def create def create
@target_branches ||= [] @target_branches ||= []
@merge_request = MergeRequests::CreateService.new(project, current_user, params[:merge_request]).execute @merge_request = MergeRequests::CreateService.new(project, current_user, merge_request_params).execute
if @merge_request.valid? if @merge_request.valid?
redirect_to project_merge_request_path(@merge_request.target_project, @merge_request), notice: 'Merge request was successfully created.' redirect_to project_merge_request_path(@merge_request.target_project, @merge_request), notice: 'Merge request was successfully created.'
...@@ -122,7 +122,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -122,7 +122,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
end end
def update def update
@merge_request = MergeRequests::UpdateService.new(project, current_user, params[:merge_request]).execute(@merge_request) @merge_request = MergeRequests::UpdateService.new(project, current_user, merge_request_params).execute(@merge_request)
if @merge_request.valid? if @merge_request.valid?
respond_to do |format| respond_to do |format|
...@@ -263,4 +263,12 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -263,4 +263,12 @@ class Projects::MergeRequestsController < Projects::ApplicationController
can?(current_user, action, project) can?(current_user, action, project)
end end
def merge_request_params
params.require(:merge_request).permit(
:title, :assignee_id, :source_project_id, :source_branch,
:target_project_id, :target_branch, :milestone_id,
:state_event, :description, :label_list
)
end
end end
...@@ -20,7 +20,7 @@ class ProjectsController < ApplicationController ...@@ -20,7 +20,7 @@ class ProjectsController < ApplicationController
end end
def create def create
@project = ::Projects::CreateService.new(current_user, params[:project]).execute @project = ::Projects::CreateService.new(current_user, project_params).execute
flash[:notice] = 'Project was successfully created.' if @project.saved? flash[:notice] = 'Project was successfully created.' if @project.saved?
respond_to do |format| respond_to do |format|
...@@ -29,7 +29,7 @@ class ProjectsController < ApplicationController ...@@ -29,7 +29,7 @@ class ProjectsController < ApplicationController
end end
def update def update
status = ::Projects::UpdateService.new(@project, current_user, params).execute status = ::Projects::UpdateService.new(@project, current_user, project_params).execute
respond_to do |format| respond_to do |format|
if status if status
...@@ -44,7 +44,7 @@ class ProjectsController < ApplicationController ...@@ -44,7 +44,7 @@ class ProjectsController < ApplicationController
end end
def transfer def transfer
::Projects::TransferService.new(project, current_user, params[:project]).execute ::Projects::TransferService.new(project, current_user, project_params).execute
end end
def show def show
...@@ -85,7 +85,7 @@ class ProjectsController < ApplicationController ...@@ -85,7 +85,7 @@ class ProjectsController < ApplicationController
redirect_to import_project_path(@project) redirect_to import_project_path(@project)
end end
@project.import_url = params[:project][:import_url] @project.import_url = project_params[:import_url]
if @project.save if @project.save
@project.reload @project.reload
...@@ -185,4 +185,12 @@ class ProjectsController < ApplicationController ...@@ -185,4 +185,12 @@ class ProjectsController < ApplicationController
def user_layout def user_layout
current_user ? "projects" : "public_projects" current_user ? "projects" : "public_projects"
end end
def project_params
params.require(:project).permit(
:name, :path, :description, :issues_tracker, :label_list,
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id,
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id
)
end
end end
...@@ -33,9 +33,6 @@ class Issue < ActiveRecord::Base ...@@ -33,9 +33,6 @@ class Issue < ActiveRecord::Base
scope :of_group, ->(group) { where(project_id: group.project_ids) } scope :of_group, ->(group) { where(project_id: group.project_ids) }
scope :of_user_team, ->(team) { where(project_id: team.project_ids, assignee_id: team.member_ids) } scope :of_user_team, ->(team) { where(project_id: team.project_ids, assignee_id: team.member_ids) }
attr_accessible :title, :assignee_id, :position, :description,
:milestone_id, :label_list, :state_event
acts_as_taggable_on :labels acts_as_taggable_on :labels
scope :cared, ->(user) { where(assignee_id: user) } scope :cared, ->(user) { where(assignee_id: user) }
......
...@@ -36,10 +36,6 @@ class MergeRequest < ActiveRecord::Base ...@@ -36,10 +36,6 @@ class MergeRequest < ActiveRecord::Base
delegate :commits, :diffs, :last_commit, :last_commit_short_sha, to: :merge_request_diff, prefix: nil delegate :commits, :diffs, :last_commit, :last_commit_short_sha, to: :merge_request_diff, prefix: nil
attr_accessible :title, :assignee_id, :source_project_id, :source_branch,
:target_project_id, :target_branch, :milestone_id,
:state_event, :description, :label_list
attr_accessor :should_remove_source_branch attr_accessor :should_remove_source_branch
# When this attribute is true some MR validation is ignored # When this attribute is true some MR validation is ignored
......
...@@ -38,12 +38,6 @@ class Project < ActiveRecord::Base ...@@ -38,12 +38,6 @@ class Project < ActiveRecord::Base
ActsAsTaggableOn.strict_case_match = true ActsAsTaggableOn.strict_case_match = true
attr_accessible :name, :path, :description, :issues_tracker, :label_list,
:issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id,
:wiki_enabled, :visibility_level, :import_url, :last_activity_at, as: [:default, :admin]
attr_accessible :namespace_id, :creator_id, as: :admin
acts_as_taggable_on :labels, :issues_default_labels acts_as_taggable_on :labels, :issues_default_labels
attr_accessor :new_default_branch attr_accessor :new_default_branch
......
module Projects module Projects
class UpdateService < BaseService class UpdateService < BaseService
def execute(role = :default) def execute
params[:project].delete(:namespace_id) params.delete(:namespace_id)
# check that user is allowed to set specified visibility_level # check that user is allowed to set specified visibility_level
unless can?(current_user, :change_visibility_level, project) && Gitlab::VisibilityLevel.allowed_for?(current_user, params[:project][:visibility_level]) unless can?(current_user, :change_visibility_level, project) && Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
params[:project].delete(:visibility_level) params.delete(:visibility_level)
end end
new_branch = params[:project].delete(:default_branch) new_branch = params.delete(:default_branch)
if project.repository.exists? && new_branch && new_branch != project.default_branch if project.repository.exists? && new_branch && new_branch != project.default_branch
project.change_head(new_branch) project.change_head(new_branch)
end end
if project.update_attributes(params[:project], as: role) if project.update_attributes(params)
if project.previous_changes.include?('namespace_id') if project.previous_changes.include?('namespace_id')
project.send_move_instructions project.send_move_instructions
end end
......
...@@ -41,12 +41,6 @@ module Gitlab ...@@ -41,12 +41,6 @@ module Gitlab
# like if you have constraints or database-specific column types # like if you have constraints or database-specific column types
# config.active_record.schema_format = :sql # config.active_record.schema_format = :sql
# Enforce whitelist mode for mass assignment.
# This will create an empty whitelist of attributes available for mass-assignment for all models
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
# parameters by using an attr_accessible or attr_protected declaration.
config.active_record.whitelist_attributes = true
# Enable the asset pipeline # Enable the asset pipeline
config.assets.enabled = true config.assets.enabled = true
config.assets.paths << Emoji.images_path config.assets.paths << Emoji.images_path
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment