From 3a21c904dda9aa9c701675ccc6d1c15b20a745b3 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Thu, 26 Jun 2014 15:00:09 +0300 Subject: Use strong params for 5 more models Signed-off-by: Dmitriy Zaporozhets --- app/controllers/admin/broadcast_messages_controller.rb | 9 ++++++++- app/controllers/projects/protected_branches_controller.rb | 8 +++++++- app/controllers/users_groups_controller.rb | 6 +++++- app/models/broadcast_message.rb | 2 -- app/models/deploy_keys_project.rb | 3 --- app/models/forked_project_link.rb | 4 ---- app/models/protected_branch.rb | 2 -- app/models/users_group.rb | 2 -- 8 files changed, 20 insertions(+), 16 deletions(-) (limited to 'app') diff --git a/app/controllers/admin/broadcast_messages_controller.rb b/app/controllers/admin/broadcast_messages_controller.rb index 9a70ef9d199..e1643bb34bf 100644 --- a/app/controllers/admin/broadcast_messages_controller.rb +++ b/app/controllers/admin/broadcast_messages_controller.rb @@ -6,7 +6,7 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController end def create - @broadcast_message = BroadcastMessage.new(params[:broadcast_message]) + @broadcast_message = BroadcastMessage.new(broadcast_message_params) if @broadcast_message.save redirect_to admin_broadcast_messages_path, notice: 'Broadcast Message was successfully created.' @@ -29,4 +29,11 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController def broadcast_messages @broadcast_messages ||= BroadcastMessage.order("starts_at DESC").page(params[:page]) end + + def broadcast_message_params + params.require(:broadcast_message).permit( + :alert_type, :color, :ends_at, :font, + :message, :starts_at + ) + end end diff --git a/app/controllers/projects/protected_branches_controller.rb b/app/controllers/projects/protected_branches_controller.rb index e39e97af8dd..bd31b1d3c54 100644 --- a/app/controllers/projects/protected_branches_controller.rb +++ b/app/controllers/projects/protected_branches_controller.rb @@ -11,7 +11,7 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController end def create - @project.protected_branches.create(params[:protected_branch]) + @project.protected_branches.create(protected_branch_params) redirect_to project_protected_branches_path(@project) end @@ -23,4 +23,10 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController format.js { render nothing: true } end end + + private + + def protected_branch_params + params.require(:protected_branch).permit(:name) + end end diff --git a/app/controllers/users_groups_controller.rb b/app/controllers/users_groups_controller.rb index b9bdc189522..a35a12a866b 100644 --- a/app/controllers/users_groups_controller.rb +++ b/app/controllers/users_groups_controller.rb @@ -14,7 +14,7 @@ class UsersGroupsController < ApplicationController def update @member = @group.users_groups.find(params[:id]) - @member.update_attributes(params[:users_group]) + @member.update_attributes(member_params) end def destroy @@ -41,4 +41,8 @@ class UsersGroupsController < ApplicationController return render_404 end end + + def member_params + params.require(:users_group).permit(:group_access, :user_id) + end end diff --git a/app/models/broadcast_message.rb b/app/models/broadcast_message.rb index ce8b7973cd9..4d0c04bcc3d 100644 --- a/app/models/broadcast_message.rb +++ b/app/models/broadcast_message.rb @@ -14,8 +14,6 @@ # class BroadcastMessage < ActiveRecord::Base - attr_accessible :alert_type, :color, :ends_at, :font, :message, :starts_at - validates :message, presence: true validates :starts_at, presence: true validates :ends_at, presence: true diff --git a/app/models/deploy_keys_project.rb b/app/models/deploy_keys_project.rb index 739d749830a..f23d8205ddc 100644 --- a/app/models/deploy_keys_project.rb +++ b/app/models/deploy_keys_project.rb @@ -10,13 +10,10 @@ # class DeployKeysProject < ActiveRecord::Base - attr_accessible :key_id, :project_id - belongs_to :project belongs_to :deploy_key validates :deploy_key_id, presence: true validates :deploy_key_id, uniqueness: { scope: [:project_id], message: "already exists in project" } - validates :project_id, presence: true end diff --git a/app/models/forked_project_link.rb b/app/models/forked_project_link.rb index 17add270f67..9b0c6263a96 100644 --- a/app/models/forked_project_link.rb +++ b/app/models/forked_project_link.rb @@ -10,10 +10,6 @@ # class ForkedProjectLink < ActiveRecord::Base - attr_accessible :forked_from_project_id, :forked_to_project_id - - # Relations belongs_to :forked_to_project, class_name: Project belongs_to :forked_from_project, class_name: Project - end diff --git a/app/models/protected_branch.rb b/app/models/protected_branch.rb index d2b2b1218d1..1b06dd77523 100644 --- a/app/models/protected_branch.rb +++ b/app/models/protected_branch.rb @@ -12,8 +12,6 @@ class ProtectedBranch < ActiveRecord::Base include Gitlab::ShellAdapter - attr_accessible :name - belongs_to :project validates :name, presence: true validates :project, presence: true diff --git a/app/models/users_group.rb b/app/models/users_group.rb index 242c8abb3ca..270f968ef61 100644 --- a/app/models/users_group.rb +++ b/app/models/users_group.rb @@ -19,8 +19,6 @@ class UsersGroup < ActiveRecord::Base Gitlab::Access.options_with_owner end - attr_accessible :group_access, :user_id - belongs_to :user belongs_to :group -- cgit v1.2.1