removed attr_accessible from all the models and instead used strong p…

…arams.
rot-13 · Apr 9, 2014 · 270378c · 270378c
1 parent c74e566
commit 270378c
Show file tree

Hide file tree

Showing 15 changed files with 19 additions and 28 deletions.
diff --git a/app/controllers/offices_controller.rb b/app/controllers/offices_controller.rb
@@ -7,9 +7,14 @@ def index
   end
 
   def create
-    office = Office.create(params[:office])
+    office = Office.create(office_create_params)
     respond_with office
   end
 
+  private
+
+  def office_create_params
+    params.require(:office).permit(:name, :location_attributes => [:latitude, :longitude, :street, :city])
+  end
 
 end
diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
@@ -6,15 +6,13 @@ class SessionController < ApplicationController
   before_filter :sign_in_required, :only => [:update]
 
   def create
-    account = Account.find_or_create_by_provider_and_uid(
-        auth_hash[:provider],
-        auth_hash[:uid],
-        :user_attributes => {
-            :first_name => auth_hash[:info][:first_name],
-            :last_name => auth_hash[:info][:last_name],
-            :email => auth_hash[:info][:email],
-            :avatar_url => auth_hash[:info][:image]
-        }
+    account = Account.find_or_create_by(:provider => auth_hash[:provider], :uid => auth_hash[:uid]).update(
+      :user_attributes => {
+        :first_name => auth_hash[:info][:first_name],
+        :last_name => auth_hash[:info][:last_name],
+        :email => auth_hash[:info][:email],
+        :avatar_url => auth_hash[:info][:image]
+      }
     )
     user = account.user
     sign_in(user)
@@ -43,6 +41,10 @@ def destroy
 
   private
 
+  def user_update_params
+    params.require(:user).permit(:office_id, office_attributes: [:name, location_attributes: [:latitude, :longitude, :street, :city]])
+  end
+
   def auth_hash
     request.env['omniauth.auth']
   end

diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb
@@ -9,7 +9,7 @@ class TagError < StandardError; end
   respond_to :json
 
   def create
-    tag_definition = TagDefinition.find_by_name(params[:name])
+    tag_definition = TagDefinition.find_by(name: params[:name])
     if tag_definition.present?
       tag = restaurant.tags.build(:tag_definition => tag_definition)
       tag.users << current_user
@@ -61,4 +61,5 @@ def load_restaurant
     @restaurant = Restaurant.find(params[:restaurant_id])
   end
 
+
 end
diff --git a/app/models/account.rb b/app/models/account.rb
@@ -1,5 +1,4 @@
 class Account < ActiveRecord::Base
   belongs_to :user
-  attr_accessible :provider, :uid, :user_attributes
   accepts_nested_attributes_for :user
 end
diff --git a/app/models/location.rb b/app/models/location.rb
@@ -1,5 +1,4 @@
 class Location < ActiveRecord::Base
-  attr_accessible :latitude, :longitude, :street, :city
   acts_as_mappable default_units: :kms, lat_column_name: :latitude, lng_column_name: :longitude
 
   def address

diff --git a/app/models/lunch.rb b/app/models/lunch.rb
@@ -3,8 +3,6 @@ class Lunch < ActiveRecord::Base
   has_many :visits, dependent: :destroy
   has_many :surveys, dependent: :destroy
 
-  attr_accessible :date
-
   def self.today
     find_by_date(Date.today)
   end

diff --git a/app/models/office.rb b/app/models/office.rb
@@ -2,6 +2,5 @@ class Office < ActiveRecord::Base
   belongs_to :location, :dependent => :destroy
   has_many :users, :dependent => :nullify
 
-  attr_accessible :name, :location_attributes
   accepts_nested_attributes_for :location
 end
diff --git a/app/models/payment_method.rb b/app/models/payment_method.rb
@@ -1,5 +1,3 @@
 class PaymentMethod < ActiveRecord::Base
   has_and_belongs_to_many :restaurants, :join_table => :accepted_payment_methods
-
-  attr_accessible :logo_url, :name
 end
diff --git a/app/models/restaurant.rb b/app/models/restaurant.rb
@@ -5,7 +5,6 @@ class Restaurant < ActiveRecord::Base
 
   mount_uploader :logo, LogoUploader
 
-  attr_accessible :name, :localized_name, :logo, :location_attributes, :tags_attributes, :payment_methods
   accepts_nested_attributes_for :location
   accepts_nested_attributes_for :tags
 end
diff --git a/app/models/survey.rb b/app/models/survey.rb
@@ -1,7 +1,6 @@
 class Survey < ActiveRecord::Base
   belongs_to :user
   belongs_to :lunch
-  attr_accessible :status, :user
 
   enum :status, [:skipped, :completed]
 end
diff --git a/app/models/tag.rb b/app/models/tag.rb
@@ -2,6 +2,4 @@ class Tag < ActiveRecord::Base
   belongs_to :tag_definition
   belongs_to :restaurant
   has_and_belongs_to_many :users, :join_table => :users_tags
-
-  attr_accessible :quantity, :tag_definition
 end
diff --git a/app/models/tag_definition.rb b/app/models/tag_definition.rb
@@ -1,3 +1,2 @@
 class TagDefinition < ActiveRecord::Base
-  attr_accessible :name
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -3,7 +3,6 @@ class User < ActiveRecord::Base
   has_many :votes, :dependent => :destroy
   belongs_to :office
 
-  attr_accessible :avatar_url, :email, :first_name, :last_name, :account_attributes, :office_id, :office_attributes
   accepts_nested_attributes_for :account
   accepts_nested_attributes_for :office
 

diff --git a/app/models/visit.rb b/app/models/visit.rb
@@ -4,6 +4,4 @@ class Visit < ActiveRecord::Base
   belongs_to :restaurant
 
   scope :for_user, ->(user) { where(user_id: user.id) }
-
-  attr_accessible :user, :restaurant
 end
diff --git a/app/models/vote.rb b/app/models/vote.rb
@@ -2,6 +2,4 @@ class Vote < ActiveRecord::Base
   belongs_to :lunch
   belongs_to :user
   belongs_to :restaurant
-
-  attr_accessible :user, :restaurant
 end