team member and hook strong params

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

app/controllers/projects/hooks_controller.rb

@@ -12,7 +12,7 @@ class Projects::HooksController < Projects::ApplicationController
   end
 
   def create
-    @hook = @project.hooks.new(params[:hook])
+    @hook = @project.hooks.new(hook_params)
     @hook.save
 
     if @hook.valid?
@@ -40,4 +40,8 @@ class Projects::HooksController < Projects::ApplicationController
   def hook
     @hook ||= @project.hooks.find(params[:id])
   end
+
+  def hook_params
+    params.require(:hook).permit(:url)
+  end
 end

app/controllers/projects/team_members_controller.rb

@@ -27,7 +27,7 @@ class Projects::TeamMembersController < Projects::ApplicationController
 
   def update
     @user_project_relation = project.users_projects.find_by(user_id: member)
-    @user_project_relation.update_attributes(params[:team_member])
+    @user_project_relation.update_attributes(member_params)
 
     unless @user_project_relation.valid?
       flash[:alert] = "User should have at least one role"
@@ -67,4 +67,8 @@ class Projects::TeamMembersController < Projects::ApplicationController
   def member
     @member ||= User.find_by(username: params[:id])
   end
+
+  def member_params
+    params.require(:team_member).permit(:user_id, :project_access)
+  end
 end

app/models/users_project.rb

@@ -16,8 +16,6 @@ class UsersProject < ActiveRecord::Base
   include Notifiable
   include Gitlab::Access
 
-  #attr_accessible :user, :user_id, :project_access
-
   belongs_to :user
   belongs_to :project
 

app/models/web_hook.rb

@@ -22,8 +22,6 @@ class WebHook < ActiveRecord::Base
   default_value_for :issues_events, false
   default_value_for :merge_requests_events, false
 
-  #attr_accessible :url
-
   # HTTParty timeout
   default_timeout 10