diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 15:11:45 +0300 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 15:11:45 +0300 |
| commit | 98ba075c327c20f84bb465907ff1d954538e0e39 (patch) | |
| tree | 57d51d81209c14dc8cb4307aedeed2b40ed99949 /app/controllers/profiles_controller.rb | |
| parent | 3a21c904dda9aa9c701675ccc6d1c15b20a745b3 (diff) | |
| download | gitlab-ce-98ba075c327c20f84bb465907ff1d954538e0e39.tar.gz | |
User model to strong params. Comment other attr_accessible to let tests run
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'app/controllers/profiles_controller.rb')
| -rw-r--r-- | app/controllers/profiles_controller.rb | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index 9c9a129b26b..f7c9651d050 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -14,9 +14,9 @@ class ProfilesController < ApplicationController end def update - params[:user].delete(:email) if @user.ldap_user? + user_params.delete(:email) if @user.ldap_user? - if @user.update_attributes(params[:user]) + if @user.update_attributes(user_params) flash[:notice] = "Profile was successfully updated" else flash[:alert] = "Failed to update profile" @@ -41,7 +41,7 @@ class ProfilesController < ApplicationController end def update_username - @user.update_attributes(username: params[:user][:username]) + @user.update_attributes(username: user_params[:username]) respond_to do |format| format.js @@ -57,4 +57,12 @@ class ProfilesController < ApplicationController def authorize_change_username! return render_404 unless @user.can_change_username? end + + def user_params + params.require(:user).permit( + :email, :password, :password_confirmation, :bio, :name, :username, + :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, + :avatar, :hide_no_ssh_key, + ) + end end |