Use strong params for 5 more models

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 15:00:09 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 15:00:09 +0300
commit: 3a21c904dda9aa9c701675ccc6d1c15b20a745b3 (patch)
tree: b67f6e4f95b92fd3f234c70ea119173b01fa2c0d /app
parent: 04516027df466747168bd80507aff62e61ac0d2d (diff)
download: gitlab-ce-3a21c904dda9aa9c701675ccc6d1c15b20a745b3.tar.gz
8 files changed, 20 insertions, 16 deletions
diff --git a/app/controllers/admin/broadcast_messages_controller.rb b/app/controllers/admin/broadcast_messages_controller.rb
index 9a70ef9d199..e1643bb34bf 100644
--- a/app/controllers/admin/broadcast_messages_controller.rb
+++ b/app/controllers/admin/broadcast_messages_controller.rb
@@ -6,7 +6,7 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
   end
 
   def create
-    @broadcast_message = BroadcastMessage.new(params[:broadcast_message])
+    @broadcast_message = BroadcastMessage.new(broadcast_message_params)
 
     if @broadcast_message.save
       redirect_to admin_broadcast_messages_path, notice: 'Broadcast Message was successfully created.'
@@ -29,4 +29,11 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
   def broadcast_messages
     @broadcast_messages ||= BroadcastMessage.order("starts_at DESC").page(params[:page])
   end
+
+  def broadcast_message_params
+    params.require(:broadcast_message).permit(
+      :alert_type, :color, :ends_at, :font,
+      :message, :starts_at
+    )
+  end
 end
diff --git a/app/controllers/projects/protected_branches_controller.rb b/app/controllers/projects/protected_branches_controller.rb
index e39e97af8dd..bd31b1d3c54 100644
--- a/app/controllers/projects/protected_branches_controller.rb
+++ b/app/controllers/projects/protected_branches_controller.rb
@@ -11,7 +11,7 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
   end
 
   def create
-    @project.protected_branches.create(params[:protected_branch])
+    @project.protected_branches.create(protected_branch_params)
     redirect_to project_protected_branches_path(@project)
   end
 
@@ -23,4 +23,10 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
       format.js { render nothing: true }
     end
   end
+
+  private
+
+  def protected_branch_params
+    params.require(:protected_branch).permit(:name)
+  end
 end
diff --git a/app/controllers/users_groups_controller.rb b/app/controllers/users_groups_controller.rb
index b9bdc189522..a35a12a866b 100644
--- a/app/controllers/users_groups_controller.rb
+++ b/app/controllers/users_groups_controller.rb
@@ -14,7 +14,7 @@ class UsersGroupsController < ApplicationController
 
   def update
     @member = @group.users_groups.find(params[:id])
-    @member.update_attributes(params[:users_group])
+    @member.update_attributes(member_params)
   end
 
   def destroy
@@ -41,4 +41,8 @@ class UsersGroupsController < ApplicationController
       return render_404
     end
   end
+
+  def member_params
+    params.require(:users_group).permit(:group_access, :user_id)
+  end
 end
diff --git a/app/models/broadcast_message.rb b/app/models/broadcast_message.rb
index ce8b7973cd9..4d0c04bcc3d 100644
--- a/app/models/broadcast_message.rb
+++ b/app/models/broadcast_message.rb
@@ -14,8 +14,6 @@
 #
 
 class BroadcastMessage < ActiveRecord::Base
-  attr_accessible :alert_type, :color, :ends_at, :font, :message, :starts_at
-
   validates :message, presence: true
   validates :starts_at, presence: true
   validates :ends_at, presence: true
diff --git a/app/models/deploy_keys_project.rb b/app/models/deploy_keys_project.rb
index 739d749830a..f23d8205ddc 100644
--- a/app/models/deploy_keys_project.rb
+++ b/app/models/deploy_keys_project.rb
@@ -10,13 +10,10 @@
 #
 
 class DeployKeysProject < ActiveRecord::Base
-  attr_accessible :key_id, :project_id
-
   belongs_to :project
   belongs_to :deploy_key
 
   validates :deploy_key_id, presence: true
   validates :deploy_key_id, uniqueness: { scope: [:project_id], message: "already exists in project" }
-
   validates :project_id, presence: true
 end
diff --git a/app/models/forked_project_link.rb b/app/models/forked_project_link.rb
index 17add270f67..9b0c6263a96 100644
--- a/app/models/forked_project_link.rb
+++ b/app/models/forked_project_link.rb
@@ -10,10 +10,6 @@
 #
 
 class ForkedProjectLink < ActiveRecord::Base
-  attr_accessible :forked_from_project_id, :forked_to_project_id
-
-  # Relations
   belongs_to :forked_to_project, class_name: Project
   belongs_to :forked_from_project, class_name: Project
-
 end
diff --git a/app/models/protected_branch.rb b/app/models/protected_branch.rb
index d2b2b1218d1..1b06dd77523 100644
--- a/app/models/protected_branch.rb
+++ b/app/models/protected_branch.rb
@@ -12,8 +12,6 @@
 class ProtectedBranch < ActiveRecord::Base
   include Gitlab::ShellAdapter
 
-  attr_accessible :name
-
   belongs_to :project
   validates :name, presence: true
   validates :project, presence: true
diff --git a/app/models/users_group.rb b/app/models/users_group.rb
index 242c8abb3ca..270f968ef61 100644
--- a/app/models/users_group.rb
+++ b/app/models/users_group.rb
@@ -19,8 +19,6 @@ class UsersGroup < ActiveRecord::Base
     Gitlab::Access.options_with_owner
   end
 
-  attr_accessible :group_access, :user_id
-
   belongs_to :user
   belongs_to :group
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-06-26 15:00:09 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-06-26 15:00:09 +0300
commit	3a21c904dda9aa9c701675ccc6d1c15b20a745b3 (patch)
tree	b67f6e4f95b92fd3f234c70ea119173b01fa2c0d /app
parent	04516027df466747168bd80507aff62e61ac0d2d (diff)
download	gitlab-ce-3a21c904dda9aa9c701675ccc6d1c15b20a745b3.tar.gz