diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 23:24:17 +0300 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 23:24:17 +0300 |
commit | 8fee5a0572372b1d3a69fa1816380eb11182afaf (patch) | |
tree | fc55e8387fc298d874629faaf3c4f3a4260d7164 /app/controllers/admin/users_controller.rb | |
parent | 2acde87e0d223bbc3ecd15777b9a1048d6bc5172 (diff) | |
download | gitlab-ce-8fee5a0572372b1d3a69fa1816380eb11182afaf.tar.gz |
Make app works with strong params
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'app/controllers/admin/users_controller.rb')
-rw-r--r-- | app/controllers/admin/users_controller.rb | 27 |
1 files changed, 10 insertions, 17 deletions
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 85dce0db8f2..44c93471df4 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -13,7 +13,7 @@ class Admin::UsersController < Admin::ApplicationController end def new - @user = User.build_user + @user = User.new end def edit @@ -37,15 +37,12 @@ class Admin::UsersController < Admin::ApplicationController end def create - admin = user_params.delete("admin") - opts = { force_random_password: true, password_expires_at: Time.now } - @user = User.build_user(user_params.merge(opts), as: :admin) - @user.admin = (admin && admin.to_i > 0) + @user = User.new(user_params.merge(opts)) @user.created_by_id = current_user.id @user.generate_password @user.skip_confirmation! @@ -62,19 +59,15 @@ class Admin::UsersController < Admin::ApplicationController end def update - admin = user_params.delete("admin") - - if user_params[:password].blank? - user_params.delete(:password) - user_params.delete(:password_confirmation) - end - - if admin.present? - user.admin = !admin.to_i.zero? + if params[:user][:password].present? + user_params.merge( + password: params[:user][:password], + password_confirmation: params[:user][:password_confirmation], + ) end respond_to do |format| - if user.update_attributes(user_params, as: :admin) + if user.update_attributes(user_params) user.confirm! format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' } format.json { head :ok } @@ -118,10 +111,10 @@ class Admin::UsersController < Admin::ApplicationController def user_params params.require(:user).permit( - :email, :password, :password_confirmation, :remember_me, :bio, :name, :username, + :email, :remember_me, :bio, :name, :username, :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password, :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, - :projects_limit, :can_create_group, + :projects_limit, :can_create_group, :admin ) end end |