Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

#1731 incorporating changes from mrbrdo and implementing suggestion t…

…o make permitting all configurable, leaving in jasperkennis's long controller name fix.
  • Loading branch information...
commit 816f3ae3f59755dfaf94ff2a103c41a2aa1d3e1e 1 parent fef004e
@garysweaver authored
View
3  lib/active_admin/application.rb
@@ -69,6 +69,9 @@ def self.inheritable_setting(name, default)
# Default CSV separator
inheritable_setting :csv_column_separator, ','
+ # Strong Parameters patch behavior
+ inheritable_setting :strong_parameters_permit_all, false
+
# Active Admin makes educated guesses when displaying objects, this is
# the list of methods it tries calling in order
setting :display_name_methods, [ :display_name,
View
23 lib/active_admin/strong_parameters_patch.rb
@@ -9,24 +9,16 @@ module StrongParametersPatch
def initialize
@instance_name = active_admin_config.resource_name.gsub(/(.)([A-Z])/,'\1_\2').downcase
- @klass = active_admin_config.resource_name.constantize
-
- @column_names = @klass.columns.map do |column|
- unless [:id, :created_at, :updated_at].include?(column.name.to_sym)
- case column.type
- when :datetime, :date, :time
- ([column.name.to_sym] + (1..5).inject([]) { |acc, x| acc << :"#{column.name}(#{x}i)" })
- else
- column.name.to_sym
- end
- end
- end.flatten
+ @klass = active_admin_config.resource_class
super
end
def create
- resource_obj = instance_variable_set("@#{@instance_name}", @klass.new(params[@instance_name.to_sym].permit!))
+ # TODO: allow controller-specified attribute permits
+ instance_param = !!active_admin_config.options.strong_parameters_permit_all ? params[@instance_name.to_sym].permit! : params[@instance_name.to_sym]
+
+ resource_obj = instance_variable_set("@#{@instance_name}", @klass.new(instance_param))
if resource_obj.save
redirect_to send("admin_#{@instance_name}_path", resource_obj), notice: "Created #{@instance_name}."
@@ -36,9 +28,12 @@ def create
end
def update
+ # TODO: allow controller-specified attribute permits
+ instance_param = !!active_admin_config.options.strong_parameters_permit_all ? params[@instance_name.to_sym].permit! : params[@instance_name.to_sym]
+
resource_obj = instance_variable_set("@#{@instance_name}", @klass.find(params[:id]))
- if resource_obj.update_attributes(params[@instance_name.to_sym].permit!)
+ if resource_obj.update_attributes(instance_param)
redirect_to send("admin_#{@instance_name}_path", resource_obj), notice: "Updated #{@instance_name}."
else
render :edit
View
6 lib/generators/active_admin/install/templates/active_admin.rb.erb
@@ -146,4 +146,10 @@ ActiveAdmin.setup do |config|
#
# Set the CSV builder separator (default is ",")
# config.csv_column_separator = ','
+
+ # == Strong Parameters options
+ #
+ # If using support_strong_parameters in your controller, permit all attributes.
+ #
+ config.strong_parameters_permit_all = true
end
Please sign in to comment.
Something went wrong with that request. Please try again.