Group and Event strong_params

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Group and Event strong_params
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
8f60b5b4 · Dmitriy Zaporozhets · 16a0a4ae · 8f60b5b4 · 8f60b5b4 · 8f60b5b4
Commit 8f60b5b4 authored Jun 26, 2014 by Dmitriy Zaporozhets
5 changed files
--- a/app/controllers/admin/groups_controller.rb
+++ b/app/controllers/admin/groups_controller.rb
@@ -20,7 +20,7 @@ class Admin::GroupsController < Admin::ApplicationController
  end
  def create
-    @group = Group.new(params[:group])
+    @group = Group.new(group_params)
    @group.path = @group.name.dup.parameterize if @group.name
    if @group.save
@@ -32,7 +32,7 @@ class Admin::GroupsController < Admin::ApplicationController
  end
  def update
-    if @group.update_attributes(params[:group])
+    if @group.update_attributes(group_params)
      redirect_to [:admin, @group], notice: 'Group was successfully updated.'
    else
      render "edit"
@@ -56,4 +56,8 @@ class Admin::GroupsController < Admin::ApplicationController
  def group
    @group = Group.find_by(path: params[:id])
  end
+  def group_params
+    params.require(:group).permit(:name, :description, :path, :avatar)
+  end
 end
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -22,7 +22,7 @@ class GroupsController < ApplicationController
  end
  def create
-    @group = Group.new(params[:group])
+    @group = Group.new(group_params)
    @group.path = @group.name.dup.parameterize if @group.name
    if @group.save
@@ -84,7 +84,7 @@ class GroupsController < ApplicationController
  end
  def update
-    if @group.update_attributes(params[:group])
+    if @group.update_attributes(group_params)
      redirect_to edit_group_path(@group), notice: 'Group was successfully updated.'
    else
      render action: "edit"
@@ -159,4 +159,8 @@ class GroupsController < ApplicationController
    params[:state] = 'opened' if params[:state].blank?
    params[:group_id] = @group.id
  end
+  def group_params
+    params.require(:group).permit(:name, :description, :path, :avatar)
+  end
 end
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -15,9 +15,6 @@
 #
 class Event < ActiveRecord::Base
-  #attr_accessible :project, :action, :data, :author_id, :project_id,
-                  #:target_id, :target_type
  default_scope { where.not(author_id: nil) }
  CREATED   = 1

--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -20,8 +20,6 @@ class Group < Namespace
  has_many :users_groups, dependent: :destroy
  has_many :users, through: :users_groups
-  #attr_accessible :avatar
  validate :avatar_type, if: ->(user) { user.avatar_changed? }
  validates :avatar, file_size: { maximum: 100.kilobytes.to_i }

--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -16,8 +16,6 @@
 class Namespace < ActiveRecord::Base
  include Gitlab::ShellAdapter
-  #attr_accessible :name, :description, :path
  has_many :projects, dependent: :destroy
  belongs_to :owner, class_name: "User"