diff options
author | Robert Schilling <rschilling@student.tugraz.at> | 2017-02-23 14:21:03 +0100 |
---|---|---|
committer | Robert Schilling <rschilling@student.tugraz.at> | 2017-02-23 15:34:57 +0100 |
commit | da67dca14b926f09a64a2dc40777105393f572cb (patch) | |
tree | ecee0306556a4d32a27523a3d9cf473de0de29ae | |
parent | a77b40d45e2f474a3d2401125b7b89379a7a7dd5 (diff) | |
download | gitlab-ce-da67dca14b926f09a64a2dc40777105393f572cb.tar.gz |
Use grape to validate parameters in the members APIapi-remove-attributes_for_keys
-rw-r--r-- | lib/api/members.rb | 7 | ||||
-rw-r--r-- | lib/api/v3/members.rb | 7 |
2 files changed, 6 insertions, 8 deletions
diff --git a/lib/api/members.rb b/lib/api/members.rb index d1d78775c6d..8360c007005 100644 --- a/lib/api/members.rb +++ b/lib/api/members.rb @@ -79,13 +79,12 @@ module API optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY' end put ":id/members/:user_id" do - source = find_source(source_type, params[:id]) + source = find_source(source_type, params.delete(:id)) authorize_admin_source!(source_type, source) - member = source.members.find_by!(user_id: params[:user_id]) - attrs = attributes_for_keys [:access_level, :expires_at] + member = source.members.find_by!(user_id: params.delete(:user_id)) - if member.update_attributes(attrs) + if member.update_attributes(declared_params(include_missing: false)) present member.user, with: Entities::Member, member: member else # This is to ensure back-compatibility but 400 behavior should be used diff --git a/lib/api/v3/members.rb b/lib/api/v3/members.rb index 4e6cb2e3c52..19f276d5484 100644 --- a/lib/api/v3/members.rb +++ b/lib/api/v3/members.rb @@ -86,13 +86,12 @@ module API optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY' end put ":id/members/:user_id" do - source = find_source(source_type, params[:id]) + source = find_source(source_type, params.delete(:id)) authorize_admin_source!(source_type, source) - member = source.members.find_by!(user_id: params[:user_id]) - attrs = attributes_for_keys [:access_level, :expires_at] + member = source.members.find_by!(user_id: params.delete(:user_id)) - if member.update_attributes(attrs) + if member.update_attributes(declared_params(include_missing: false)) present member.user, with: ::API::Entities::Member, member: member else # This is to ensure back-compatibility but 400 behavior should be used |