diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 16:57:10 +0300 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 16:57:10 +0300 |
| commit | 8f60b5b4fc9c4bc5c4e727a90b6e03acbbe70d54 (patch) | |
| tree | 9483031c4d8da70e2885ef8eb651e6b4eac2457c /app/controllers | |
| parent | 16a0a4aeccbd2fd2998262eb9cba7bb45b1b7f80 (diff) | |
| download | gitlab-ce-8f60b5b4fc9c4bc5c4e727a90b6e03acbbe70d54.tar.gz | |
Group and Event strong_params
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/admin/groups_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/groups_controller.rb | 8 |
2 files changed, 12 insertions, 4 deletions
diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 1a523d081dd..0388997ec69 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -20,7 +20,7 @@ class Admin::GroupsController < Admin::ApplicationController end def create - @group = Group.new(params[:group]) + @group = Group.new(group_params) @group.path = @group.name.dup.parameterize if @group.name if @group.save @@ -32,7 +32,7 @@ class Admin::GroupsController < Admin::ApplicationController end def update - if @group.update_attributes(params[:group]) + if @group.update_attributes(group_params) redirect_to [:admin, @group], notice: 'Group was successfully updated.' else render "edit" @@ -56,4 +56,8 @@ class Admin::GroupsController < Admin::ApplicationController def group @group = Group.find_by(path: params[:id]) end + + def group_params + params.require(:group).permit(:name, :description, :path, :avatar) + end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index a2629c51384..ddde90d3ee0 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -22,7 +22,7 @@ class GroupsController < ApplicationController end def create - @group = Group.new(params[:group]) + @group = Group.new(group_params) @group.path = @group.name.dup.parameterize if @group.name if @group.save @@ -84,7 +84,7 @@ class GroupsController < ApplicationController end def update - if @group.update_attributes(params[:group]) + if @group.update_attributes(group_params) redirect_to edit_group_path(@group), notice: 'Group was successfully updated.' else render action: "edit" @@ -159,4 +159,8 @@ class GroupsController < ApplicationController params[:state] = 'opened' if params[:state].blank? params[:group_id] = @group.id end + + def group_params + params.require(:group).permit(:name, :description, :path, :avatar) + end end |