From 8f60b5b4fc9c4bc5c4e727a90b6e03acbbe70d54 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 26 Jun 2014 16:57:10 +0300
Subject: [PATCH] Group and Event strong_params
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
app/controllers/admin/groups_controller.rb | 8 ++++++--
app/controllers/groups_controller.rb | 8 ++++++--
app/models/event.rb | 3 ---
app/models/group.rb | 2 --
app/models/namespace.rb | 2 --
5 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb
index 1a523d081d..0388997ec6 100644
--- a/app/controllers/admin/groups_controller.rb
+++ b/app/controllers/admin/groups_controller.rb
@@ -20,7 +20,7 @@ class Admin::GroupsController < Admin::ApplicationController
end
def create
- @group = Group.new(params[:group])
+ @group = Group.new(group_params)
@group.path = @group.name.dup.parameterize if @group.name
if @group.save
@@ -32,7 +32,7 @@ class Admin::GroupsController < Admin::ApplicationController
end
def update
- if @group.update_attributes(params[:group])
+ if @group.update_attributes(group_params)
redirect_to [:admin, @group], notice: 'Group was successfully updated.'
else
render "edit"
@@ -56,4 +56,8 @@ class Admin::GroupsController < Admin::ApplicationController
def group
@group = Group.find_by(path: params[:id])
end
+
+ def group_params
+ params.require(:group).permit(:name, :description, :path, :avatar)
+ end
end
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index a2629c5138..ddde90d3ee 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -22,7 +22,7 @@ class GroupsController < ApplicationController
end
def create
- @group = Group.new(params[:group])
+ @group = Group.new(group_params)
@group.path = @group.name.dup.parameterize if @group.name
if @group.save
@@ -84,7 +84,7 @@ class GroupsController < ApplicationController
end
def update
- if @group.update_attributes(params[:group])
+ if @group.update_attributes(group_params)
redirect_to edit_group_path(@group), notice: 'Group was successfully updated.'
else
render action: "edit"
@@ -159,4 +159,8 @@ class GroupsController < ApplicationController
params[:state] = 'opened' if params[:state].blank?
params[:group_id] = @group.id
end
+
+ def group_params
+ params.require(:group).permit(:name, :description, :path, :avatar)
+ end
end
diff --git a/app/models/event.rb b/app/models/event.rb
index 487ea7666e..c7e93825f9 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -15,9 +15,6 @@
#
class Event < ActiveRecord::Base
- #attr_accessible :project, :action, :data, :author_id, :project_id,
- #:target_id, :target_type
-
default_scope { where.not(author_id: nil) }
CREATED = 1
diff --git a/app/models/group.rb b/app/models/group.rb
index 671b5611a7..3a5c5e1135 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -20,8 +20,6 @@ class Group < Namespace
has_many :users_groups, dependent: :destroy
has_many :users, through: :users_groups
- #attr_accessible :avatar
-
validate :avatar_type, if: ->(user) { user.avatar_changed? }
validates :avatar, file_size: { maximum: 100.kilobytes.to_i }
diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index 524fd9e0c4..cd58710825 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -16,8 +16,6 @@
class Namespace < ActiveRecord::Base
include Gitlab::ShellAdapter
- #attr_accessible :name, :description, :path
-
has_many :projects, dependent: :destroy
belongs_to :owner, class_name: "User"
--
2.30.9