Merge branch 'resource_params' into strong-parameters

app/controllers/calendars_controller.rb

@@ -9,14 +9,17 @@ class CalendarsController < ApplicationController
 
   respond_to :html
 
+  require 'resource_params'
+  include ResourceParams
+
   def new
     @page_title = _('Create calendar')
     @calendar = Calendar.new
     respond_with @calendar
   end
 
   def create
-    @calendar = Calendar.new calendar_params
+    @calendar = Calendar.new resource_params
     if @calendar.save
       make_admin_permission_for @calendar
       redirect_to '/admin', notice: _('Your calendar was successfully created.')
@@ -32,7 +35,7 @@ def edit
   end
 
   def update
-    if @calendar.update_attributes calendar_params
+    if @calendar.update_attributes resource_params
       redirect_to '/admin', notice: _('Your calendar was successfully saved.')
     else
       flash[:error] = _('Couldn\'t save your calendar!')
@@ -48,10 +51,6 @@ def users
 
   private
 
-  def calendar_params
-    params.require(:calendar).permit(*Calendar.permitted_params)
-  end
-
   def load_calendar
     @calendar = Calendar.find params[:id]
   end

app/controllers/events_controller.rb

@@ -14,6 +14,9 @@ class EventsController < ApplicationController
   respond_to :pdf, only: :index
   respond_to :rss, only: :feed
 
+  require 'resource_params'
+  include ResourceParams
+
   def index
     set_table_headers
     @events = current_objects
@@ -32,7 +35,7 @@ def new
   end
 
   def create
-    @event = Event.new event_params
+    @event = Event.new resource_params
     respond_with_flash { @event.save }
   end
 
@@ -46,7 +49,7 @@ def edit
   end
 
   def update
-    respond_with_flash { @event.update_attributes event_params }
+    respond_with_flash { @event.update_attributes resource_params }
   end
 
   def show
@@ -156,10 +159,6 @@ def current_objects
     @current_objects ||= Event.includes(:commitments => :user).where(["calendar_id IN (:calendars) AND #{date_query}", {:calendars => calendars, :from_date => from_date, :to_date => to_date}]).order("#{order} #{direction}")
   end
 
-  def event_params
-    params.require(:event).permit *Event.permitted_params
-  end
-
   # Return an HTTP header with proper MIME type for iCal.
   def ical_header
     headers['Content-Type'] = 'text/calendar'

app/controllers/users_controller.rb

@@ -7,8 +7,11 @@ class UsersController < ApplicationController
   def new
   end
 
+  require 'resource_params'
+  include ResourceParams
+
   def create
-    @user = User.new user_params
+    @user = User.new resource_params
     @user.save
     if @user.errors.empty?
       @user.activate # so we don't have to go through activation right now
@@ -24,14 +27,14 @@ def create
   # TODO: split into edit and update!
   def edit
     if request.post?
-      if user_params[:password].nil? and user_params[:password_confirmation].nil?
+      if resource_params[:password].nil? and resource_params[:password_confirmation].nil?
         # bypass encryption if both passwords are blank:
         # User.encrypt_password will not change anything if password is empty
-        user_params[:password] = ''
-        user_params[:password_confirmation] = ''
+        resource_params[:password] = ''
+        resource_params[:password_confirmation] = ''
       end
       @user = current_user # User.find(params[:id].to_i)
-      @user.update_attributes(user_params)
+      @user.update_attributes(resource_params)
       @user.update_attribute(:coords, nil)
       if @user.errors.empty?
         flash[:notice] = _("Your changes have been saved.")
@@ -95,8 +98,4 @@ def reset
   def get_layout
     current_user ? "standard" : "unauthenticated"
   end
-
-  def user_params
-    params.require(:user).permit *User.permitted_params
-  end
 end

lib/resource_params.rb

@@ -0,0 +1,19 @@
+module ResourceParams
+  def resource_params
+    params.require(resource_name).permit *resource_class.permitted_params
+  end
+
+  private
+
+  def resource_name
+    @_resource_name ||= resource_class_name.underscore.to_sym
+  end
+
+  def resource_class
+    @_resource_class ||= Module.const_get resource_class_name
+  end
+
+  def resource_class_name
+    @_resource_class_name ||= self.class.name.chomp("Controller").singularize
+  end
+end

spec/lib/resource_params_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+require 'resource_params'
+
+describe ResourceParams do
+  describe '#resource_params' do
+    it "returns the model's list of permitted params" do
+      resource_name = Faker::Lorem.words(1).first
+
+      model_name = resource_name.titleize
+
+      model_class = Class.new
+
+      controller_name = "#{model_name.pluralize}Controller"
+      controller_class = Class.new ApplicationController
+      controller_class.class_eval { include ResourceParams }
+
+      permitted_params = Faker::Lorem.words.map &:to_sym
+      model_class.stub permitted_params: permitted_params
+
+      with_consts controller_name => controller_class, model_name => model_class do
+        controller = controller_class.new
+
+        params = mock 'Params'
+        required = mock 'Required'
+        params.should_receive(:require).with(resource_name.to_sym).and_return required
+        required.should_receive(:permit).with *permitted_params
+        controller.stub params: params
+
+        controller.resource_params
+      end
+    end
+  end
+
+  private
+
+  def with_consts(definitions, &block)
+    old_consts = {}
+    definitions.each do |name, value|
+      old_consts.name = value if Object.const_defined? name
+      Object.const_set name, value
+    end
+    yield
+  ensure
+    definitions.keys.each do |name|
+      Object.send :remove_const, name
+    end
+    old_consts.each do |name, value|
+      Object.const_set name, value
+    end
+  end
+end