Commit 98ba075c authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

User model to strong params. Comment other attr_accessible to let tests run

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 3a21c904
...@@ -37,14 +37,14 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -37,14 +37,14 @@ class Admin::UsersController < Admin::ApplicationController
end end
def create def create
admin = params[:user].delete("admin") admin = user_params.delete("admin")
opts = { opts = {
force_random_password: true, force_random_password: true,
password_expires_at: Time.now password_expires_at: Time.now
} }
@user = User.build_user(params[:user].merge(opts), as: :admin) @user = User.build_user(user_params.merge(opts), as: :admin)
@user.admin = (admin && admin.to_i > 0) @user.admin = (admin && admin.to_i > 0)
@user.created_by_id = current_user.id @user.created_by_id = current_user.id
@user.generate_password @user.generate_password
...@@ -62,11 +62,11 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -62,11 +62,11 @@ class Admin::UsersController < Admin::ApplicationController
end end
def update def update
admin = params[:user].delete("admin") admin = user_params.delete("admin")
if params[:user][:password].blank? if user_params[:password].blank?
params[:user].delete(:password) user_params.delete(:password)
params[:user].delete(:password_confirmation) user_params.delete(:password_confirmation)
end end
if admin.present? if admin.present?
...@@ -74,7 +74,7 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -74,7 +74,7 @@ class Admin::UsersController < Admin::ApplicationController
end end
respond_to do |format| respond_to do |format|
if user.update_attributes(params[:user], as: :admin) if user.update_attributes(user_params, as: :admin)
user.confirm! user.confirm!
format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' } format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' }
format.json { head :ok } format.json { head :ok }
...@@ -115,4 +115,13 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -115,4 +115,13 @@ class Admin::UsersController < Admin::ApplicationController
def user def user
@user ||= User.find_by!(username: params[:id]) @user ||= User.find_by!(username: params[:id])
end end
def user_params
params.require(:user).permit(
:email, :password, :password_confirmation, :remember_me, :bio, :name, :username,
:skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
:extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key,
:projects_limit, :can_create_group,
)
end
end end
...@@ -11,8 +11,8 @@ class Profiles::PasswordsController < ApplicationController ...@@ -11,8 +11,8 @@ class Profiles::PasswordsController < ApplicationController
end end
def create def create
new_password = params[:user][:password] new_password = user_params[:password]
new_password_confirmation = params[:user][:password_confirmation] new_password_confirmation = user_params[:password_confirmation]
result = @user.update_attributes( result = @user.update_attributes(
password: new_password, password: new_password,
...@@ -31,11 +31,11 @@ class Profiles::PasswordsController < ApplicationController ...@@ -31,11 +31,11 @@ class Profiles::PasswordsController < ApplicationController
end end
def update def update
password_attributes = params[:user].select do |key, value| password_attributes = user_params.select do |key, value|
%w(password password_confirmation).include?(key.to_s) %w(password password_confirmation).include?(key.to_s)
end end
unless @user.valid_password?(params[:user][:current_password]) unless @user.valid_password?(user_params[:current_password])
redirect_to edit_profile_password_path, alert: 'You must provide a valid current password' redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
return return
end end
...@@ -74,4 +74,8 @@ class Profiles::PasswordsController < ApplicationController ...@@ -74,4 +74,8 @@ class Profiles::PasswordsController < ApplicationController
def authorize_change_password! def authorize_change_password!
return render_404 if @user.ldap_user? return render_404 if @user.ldap_user?
end end
def user_params
params.require(:user).permit(:password, :password_confirmation)
end
end end
...@@ -14,9 +14,9 @@ class ProfilesController < ApplicationController ...@@ -14,9 +14,9 @@ class ProfilesController < ApplicationController
end end
def update def update
params[:user].delete(:email) if @user.ldap_user? user_params.delete(:email) if @user.ldap_user?
if @user.update_attributes(params[:user]) if @user.update_attributes(user_params)
flash[:notice] = "Profile was successfully updated" flash[:notice] = "Profile was successfully updated"
else else
flash[:alert] = "Failed to update profile" flash[:alert] = "Failed to update profile"
...@@ -41,7 +41,7 @@ class ProfilesController < ApplicationController ...@@ -41,7 +41,7 @@ class ProfilesController < ApplicationController
end end
def update_username def update_username
@user.update_attributes(username: params[:user][:username]) @user.update_attributes(username: user_params[:username])
respond_to do |format| respond_to do |format|
format.js format.js
...@@ -57,4 +57,12 @@ class ProfilesController < ApplicationController ...@@ -57,4 +57,12 @@ class ProfilesController < ApplicationController
def authorize_change_username! def authorize_change_username!
return render_404 unless @user.can_change_username? return render_404 unless @user.can_change_username?
end end
def user_params
params.require(:user).permit(
:email, :password, :password_confirmation, :bio, :name, :username,
:skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id,
:avatar, :hide_no_ssh_key,
)
end
end end
...@@ -10,16 +10,8 @@ ...@@ -10,16 +10,8 @@
# #
class Email < ActiveRecord::Base class Email < ActiveRecord::Base
attr_accessible :email, :user_id
#
# Relations
#
belongs_to :user belongs_to :user
#
# Validations
#
validates :user_id, presence: true validates :user_id, presence: true
validates :email, presence: true, email: { strict_mode: true }, uniqueness: true validates :email, presence: true, email: { strict_mode: true }, uniqueness: true
validate :unique_email, if: ->(email) { email.email_changed? } validate :unique_email, if: ->(email) { email.email_changed? }
......
...@@ -15,8 +15,8 @@ ...@@ -15,8 +15,8 @@
# #
class Event < ActiveRecord::Base class Event < ActiveRecord::Base
attr_accessible :project, :action, :data, :author_id, :project_id, #attr_accessible :project, :action, :data, :author_id, :project_id,
:target_id, :target_type #:target_id, :target_type
default_scope { where.not(author_id: nil) } default_scope { where.not(author_id: nil) }
......
...@@ -20,7 +20,7 @@ class Group < Namespace ...@@ -20,7 +20,7 @@ class Group < Namespace
has_many :users_groups, dependent: :destroy has_many :users_groups, dependent: :destroy
has_many :users, through: :users_groups has_many :users, through: :users_groups
attr_accessible :avatar #attr_accessible :avatar
validate :avatar_type, if: ->(user) { user.avatar_changed? } validate :avatar_type, if: ->(user) { user.avatar_changed? }
validates :avatar, file_size: { maximum: 100.kilobytes.to_i } validates :avatar, file_size: { maximum: 100.kilobytes.to_i }
......
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
class Namespace < ActiveRecord::Base class Namespace < ActiveRecord::Base
include Gitlab::ShellAdapter include Gitlab::ShellAdapter
attr_accessible :name, :description, :path #attr_accessible :name, :description, :path
has_many :projects, dependent: :destroy has_many :projects, dependent: :destroy
belongs_to :owner, class_name: "User" belongs_to :owner, class_name: "User"
......
...@@ -25,8 +25,8 @@ class Note < ActiveRecord::Base ...@@ -25,8 +25,8 @@ class Note < ActiveRecord::Base
default_value_for :system, false default_value_for :system, false
attr_accessible :note, :noteable, :noteable_id, :noteable_type, :project_id, #attr_accessible :note, :noteable, :noteable_id, :noteable_type, :project_id,
:attachment, :line_code, :commit_id #:attachment, :line_code, :commit_id
attr_mentionable :note attr_mentionable :note
belongs_to :project belongs_to :project
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
class ProjectHook < WebHook class ProjectHook < WebHook
belongs_to :project belongs_to :project
attr_accessible :push_events, :issues_events, :merge_requests_events, :tag_push_events #attr_accessible :push_events, :issues_events, :merge_requests_events, :tag_push_events
scope :push_hooks, -> { where(push_events: true) } scope :push_hooks, -> { where(push_events: true) }
scope :tag_push_hooks, -> { where(tag_push_events: true) } scope :tag_push_hooks, -> { where(tag_push_events: true) }
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
class Snippet < ActiveRecord::Base class Snippet < ActiveRecord::Base
include Linguist::BlobHelper include Linguist::BlobHelper
attr_accessible :title, :content, :file_name, :expires_at, :private #attr_accessible :title, :content, :file_name, :expires_at, :private
default_value_for :private, true default_value_for :private, true
......
...@@ -58,23 +58,11 @@ class User < ActiveRecord::Base ...@@ -58,23 +58,11 @@ class User < ActiveRecord::Base
devise :database_authenticatable, :token_authenticatable, :lockable, :async, devise :database_authenticatable, :token_authenticatable, :lockable, :async,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username,
:skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
:extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key,
as: [:default, :admin]
attr_accessible :projects_limit, :can_create_group,
as: :admin
attr_accessor :force_random_password attr_accessor :force_random_password
# Virtual attribute for authenticating by either username or email # Virtual attribute for authenticating by either username or email
attr_accessor :login attr_accessor :login
# Add login to attr_accessible
attr_accessible :login
# #
# Relations # Relations
# #
......
...@@ -16,7 +16,7 @@ class UsersProject < ActiveRecord::Base ...@@ -16,7 +16,7 @@ class UsersProject < ActiveRecord::Base
include Notifiable include Notifiable
include Gitlab::Access include Gitlab::Access
attr_accessible :user, :user_id, :project_access #attr_accessible :user, :user_id, :project_access
belongs_to :user belongs_to :user
belongs_to :project belongs_to :project
......
...@@ -22,7 +22,7 @@ class WebHook < ActiveRecord::Base ...@@ -22,7 +22,7 @@ class WebHook < ActiveRecord::Base
default_value_for :issues_events, false default_value_for :issues_events, false
default_value_for :merge_requests_events, false default_value_for :merge_requests_events, false
attr_accessible :url #attr_accessible :url
# HTTParty timeout # HTTParty timeout
default_timeout 10 default_timeout 10
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment