Skip to content
Browse files

Use scoped attribute protection

  • Loading branch information...
1 parent 1931da4 commit 67533da9e53a3b9d644cd2daab08c66020fca096 @fredwu committed Mar 6, 2012
Showing with 11 additions and 27 deletions.
  1. +4 −9 app/models/concerns/commentable.rb
  2. +1 −0 app/models/message.rb
  3. +6 −18 app/models/user.rb
View
13 app/models/concerns/commentable.rb
@@ -10,18 +10,13 @@ module Commentable
def add_comment(user, content, options = {})
options = { :is_private => false }.merge(options)
- message = Message.create(
+ Message.create({
:content => content,
:is_private => options[:is_private],
:target_id => id,
- :target_type => self.class.name
- )
-
- message.update_attribute :user_id, user.id
-
- reload
-
- message
+ :target_type => self.class.name,
+ :user_id => user.id
+ }, :as => :internal) && reload
end
def add_private_comment(user, content, options = {})
View
1 app/models/message.rb
@@ -10,6 +10,7 @@ class Message < ActiveRecord::Base
:is_private,
:target_id,
:target_type
+ attr_protected :nil, :as => :internal
validates :content, :presence => true,
:length => { :maximum => 140 }
View
24 app/models/user.rb
@@ -112,34 +112,22 @@ def avatar(size = 80)
end
def send_private_message(target_user, content, extras = {})
- message = messages.create!({
+ messages.create!({
:content => content,
:is_private => true,
:target_id => target_user.id,
:target_type => 'User'
- })
-
- extras.each { |k, v| message.update_attribute k, v }
-
- reload
-
- message
+ }.merge(extras), :as => :internal) && reload
end
def reply_private_message(topic, content, extras = {})
- message = messages.create!({
+ messages.create!({
:content => content,
:is_private => true,
:target_id => topic.user.id,
- :target_type => 'User'
- })
-
- message.update_attribute :topic_id, topic.id
- extras.each { |k, v| message.update_attribute k, v }
-
- reload
-
- message
+ :target_type => 'User',
+ :topic_id => topic.id
+ }.merge(extras), :as => :internal) && reload
end
def add_micro_post(content)

0 comments on commit 67533da

Please sign in to comment.
Something went wrong with that request. Please try again.