Make app works with strong params

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 23:24:17 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 23:24:17 +0300
commit: 8fee5a0572372b1d3a69fa1816380eb11182afaf (patch)
tree: fc55e8387fc298d874629faaf3c4f3a4260d7164 /app/controllers/admin/users_controller.rb
parent: 2acde87e0d223bbc3ecd15777b9a1048d6bc5172 (diff)
download: gitlab-ce-8fee5a0572372b1d3a69fa1816380eb11182afaf.tar.gz
1 files changed, 10 insertions, 17 deletions
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 85dce0db8f2..44c93471df4 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -13,7 +13,7 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def new
-    @user = User.build_user
+    @user = User.new
   end
 
   def edit
@@ -37,15 +37,12 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def create
-    admin = user_params.delete("admin")
-
     opts = {
       force_random_password: true,
       password_expires_at: Time.now
     }
 
-    @user = User.build_user(user_params.merge(opts), as: :admin)
-    @user.admin = (admin && admin.to_i > 0)
+    @user = User.new(user_params.merge(opts))
     @user.created_by_id = current_user.id
     @user.generate_password
     @user.skip_confirmation!
@@ -62,19 +59,15 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def update
-    admin = user_params.delete("admin")
-
-    if user_params[:password].blank?
-      user_params.delete(:password)
-      user_params.delete(:password_confirmation)
-    end
-
-    if admin.present?
-      user.admin = !admin.to_i.zero?
+    if params[:user][:password].present?
+      user_params.merge(
+        password: params[:user][:password],
+        password_confirmation: params[:user][:password_confirmation],
+      )
     end
 
     respond_to do |format|
-      if user.update_attributes(user_params, as: :admin)
+      if user.update_attributes(user_params)
         user.confirm!
         format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' }
         format.json { head :ok }
@@ -118,10 +111,10 @@ class Admin::UsersController < Admin::ApplicationController
 
   def user_params
     params.require(:user).permit(
-      :email, :password, :password_confirmation, :remember_me, :bio, :name, :username,
+      :email, :remember_me, :bio, :name, :username,
       :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
       :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key,
-      :projects_limit, :can_create_group,
+      :projects_limit, :can_create_group, :admin
     )
   end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-06-26 23:24:17 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-06-26 23:24:17 +0300
commit	8fee5a0572372b1d3a69fa1816380eb11182afaf (patch)
tree	fc55e8387fc298d874629faaf3c4f3a4260d7164 /app/controllers/admin/users_controller.rb
parent	2acde87e0d223bbc3ecd15777b9a1048d6bc5172 (diff)
download	gitlab-ce-8fee5a0572372b1d3a69fa1816380eb11182afaf.tar.gz