Use strong parameters to verify parameters

afca5e92 · mo khan · e60c2dbb · afca5e92
Commit afca5e92 authored Jan 07, 2020 by mo khan
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 10 deletions

ee/app/controllers/projects/licenses_controller.rb ee/app/controllers/projects/licenses_controller.rb +7 -10

No files found.
--- a/ee/app/controllers/projects/licenses_controller.rb
+++ b/ee/app/controllers/projects/licenses_controller.rb
@@ -61,21 +61,18 @@ module Projects
      params.require(:software_license_policy).permit(:software_license_id, :spdx_identifier, :classification)
    end
+    def filter_params
+      params.permit(:detected, classification: [])
+    end
    def render_error_for(result)
      render json: { errors: result[:message].as_json }, status: result.fetch(:http_status, :unprocessable_entity)
    end
    def matching_policies_from(license_compliance)
-      if params[:detected]
+      policies = filter_params[:detected].present? ? license_compliance.detected_policies : license_compliance.policies
-        license_compliance.detected_policies
+      classifications = Array(filter_params[:classification] || ['allowed', 'denied', 'unclassified'])
-      elsif params[:classification].present?
+      policies.find_all { |policy| classifications.include?(policy.classification) }
-        classifications = Array(params[:classification])
-        license_compliance.policies.find_all do |policy|
-          classifications.include?(policy.classification)
-        end
-      else
-        license_compliance.policies
-      end
    end
  end
 end