Ready for Rails 4?

Gemfile

@@ -1,18 +1,18 @@
 source 'http://rubygems.org'
 
-gem 'rails', '3.2.13'
+gem 'rails', '4.0.0.beta1'
 gem 'jquery-rails'
 gem 'dynamic_form'
-gem 'acts_as_tree'
+gem 'acts_as_tree', :github => 'mischa78/acts_as_tree'
 gem 'paperclip'
 
 gem 'sqlite3'
 
 # Gems used only for assets and not required
 # in production environments by default.
 group :assets do
-  gem 'sass-rails', '~> 3.2.3'
-  gem 'coffee-rails', '~> 3.2.1'
+  gem 'sass-rails', '~> 4.0.0.beta1'
+  gem 'coffee-rails', '~> 4.0.0.beta1'
   gem 'uglifier', '>= 1.0.3'
   gem 'jquery-fileupload-rails'
 end

Gemfile.lock

@@ -1,44 +1,47 @@
+GIT
+  remote: git://github.com/mischa78/acts_as_tree.git
+  revision: 4d75a03b3c0334964fca3170741aa67664cc56c3
+  specs:
+    acts_as_tree (1.2.0)
+      activerecord (>= 3.0.0)
+
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (3.2.13)
-      actionpack (= 3.2.13)
+    actionmailer (4.0.0.beta1)
+      actionpack (= 4.0.0.beta1)
       mail (~> 2.5.3)
-    actionpack (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
-      builder (~> 3.0.0)
+    actionpack (4.0.0.beta1)
+      activesupport (= 4.0.0.beta1)
+      builder (~> 3.1.0)
       erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.5)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.13)
-      activesupport (= 3.2.13)
-      builder (~> 3.0.0)
-    activerecord (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
-    activesupport (3.2.13)
-      i18n (= 0.6.1)
-      multi_json (~> 1.0)
-    acts_as_tree (1.2.0)
-      activerecord (>= 3.0.0)
-    arel (3.0.2)
-    builder (3.0.4)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    activemodel (4.0.0.beta1)
+      activesupport (= 4.0.0.beta1)
+      builder (~> 3.1.0)
+    activerecord (4.0.0.beta1)
+      activemodel (= 4.0.0.beta1)
+      activerecord-deprecated_finders (~> 0.0.3)
+      activesupport (= 4.0.0.beta1)
+      arel (~> 4.0.0.beta1)
+    activerecord-deprecated_finders (0.0.3)
+    activesupport (4.0.0.beta1)
+      i18n (~> 0.6.2)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.33)
+    arel (4.0.0.beta2)
+    atomic (1.0.1)
+    builder (3.1.4)
     climate_control (0.0.3)
       activesupport (>= 3.0)
     cocaine (0.5.1)
       climate_control (>= 0.0.3, < 1.0)
-    coffee-rails (3.2.2)
+    coffee-rails (4.0.0.beta1)
       coffee-script (>= 2.2.0)
-      railties (~> 3.2.0)
+      railties (>= 4.0.0.beta, < 5.0)
     coffee-script (2.2.0)
       coffee-script-source
       execjs
@@ -53,8 +56,7 @@ GEM
       factory_girl (~> 4.2.0)
       railties (>= 3.0.0)
     hike (1.2.1)
-    i18n (0.6.1)
-    journey (1.0.4)
+    i18n (0.6.4)
     jquery-fileupload-rails (0.4.1)
       actionpack (>= 3.1)
       railties (>= 3.1)
@@ -67,51 +69,54 @@ GEM
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     mime-types (1.21)
-    multi_json (1.7.1)
+    minitest (4.7.0)
+    multi_json (1.7.2)
     paperclip (3.4.1)
       activemodel (>= 3.0.0)
       activerecord (>= 3.0.0)
       activesupport (>= 3.0.0)
       cocaine (~> 0.5.0)
       mime-types
     polyglot (0.3.3)
-    rack (1.4.5)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.3)
-      rack
+    rack (1.5.2)
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.13)
-      actionmailer (= 3.2.13)
-      actionpack (= 3.2.13)
-      activerecord (= 3.2.13)
-      activeresource (= 3.2.13)
-      activesupport (= 3.2.13)
-      bundler (~> 1.0)
-      railties (= 3.2.13)
-    railties (3.2.13)
-      actionpack (= 3.2.13)
-      activesupport (= 3.2.13)
-      rack-ssl (~> 1.3.2)
+    rails (4.0.0.beta1)
+      actionmailer (= 4.0.0.beta1)
+      actionpack (= 4.0.0.beta1)
+      activerecord (= 4.0.0.beta1)
+      activesupport (= 4.0.0.beta1)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.0.0.beta1)
+      sprockets-rails (~> 2.0.0.rc3)
+    railties (4.0.0.beta1)
+      actionpack (= 4.0.0.beta1)
+      activesupport (= 4.0.0.beta1)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (10.0.3)
+      thor (>= 0.17.0, < 2.0)
+    rake (10.0.4)
     rdoc (3.12.2)
       json (~> 1.4)
     sass (3.2.7)
-    sass-rails (3.2.6)
-      railties (~> 3.2.0)
+    sass-rails (4.0.0.beta1)
+      railties (>= 4.0.0.beta, < 5.0)
       sass (>= 3.1.10)
+      sprockets-rails (~> 2.0.0.rc0)
       tilt (~> 1.3)
-    sprockets (2.2.2)
+    sprockets (2.9.0)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.0.0.rc3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
     sqlite3 (1.3.7)
-    thor (0.17.0)
+    thor (0.18.0)
+    thread_safe (0.1.0)
+      atomic
     tilt (1.3.6)
     treetop (1.4.12)
       polyglot
@@ -125,14 +130,14 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  acts_as_tree
-  coffee-rails (~> 3.2.1)
+  acts_as_tree!
+  coffee-rails (~> 4.0.0.beta1)
   dynamic_form
   factory_girl_rails
   jquery-fileupload-rails
   jquery-rails
   paperclip
-  rails (= 3.2.13)
-  sass-rails (~> 3.2.3)
+  rails (= 4.0.0.beta1)
+  sass-rails (~> 4.0.0.beta1)
   sqlite3
   uglifier (>= 1.0.3)

app/controllers/admins_controller.rb

@@ -7,7 +7,7 @@ def new
   end
 
   def create
-    @user = User.new(params[:user])
+    @user = User.new(permitted_params.user)
     @user.password_required = true
     @user.is_admin = true
 

app/controllers/application_controller.rb

@@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base
   before_filter :require_admin_in_system
   before_filter :require_login
 
-  helper_method :clipboard, :current_user, :signed_in?
+  helper_method :clipboard, :current_user, :signed_in?, :permitted_params
 
   protected
 
@@ -20,6 +20,10 @@ def signed_in?
     !!current_user
   end
 
+  def permitted_params
+    @permitted_params ||= PermittedParams.new(params, current_user)
+  end
+
   def require_admin_in_system
     redirect_to new_admin_url if User.no_admin_yet?
   end

app/controllers/files_controller.rb

@@ -19,7 +19,7 @@ def new
 
   # @target_folder is set in require_existing_target_folder
   def create
-    @file = @target_folder.user_files.create(params[:user_file])
+    @file = @target_folder.user_files.create(permitted_params.user_file)
     render :nothing => true
   end
 
@@ -29,7 +29,7 @@ def edit
 
   # @file and @folder are set in require_existing_file
   def update
-    if @file.update_attributes(params[:user_file])
+    if @file.update_attributes(permitted_params.user_file)
       redirect_to edit_file_url(@file), :notice => t(:your_changes_were_saved)
     else
       render :action => 'edit'

app/controllers/folders_controller.rb

@@ -23,7 +23,7 @@ def new
 
   # Note: @target_folder is set in require_existing_target_folder
   def create
-    @folder = @target_folder.children.build(params[:folder])
+    @folder = @target_folder.children.build(permitted_params.folder)
 
     if @folder.save
       redirect_to @target_folder
@@ -38,7 +38,7 @@ def edit
 
   # Note: @folder is set in require_existing_folder
   def update
-    if @folder.update_attributes(params[:folder])
+    if @folder.update_attributes(permitted_params.folder)
       redirect_to edit_folder_url(@folder), :notice => t(:your_changes_were_saved)
     else
       render :action => 'edit'

app/controllers/groups_controller.rb

@@ -4,15 +4,15 @@ class GroupsController < ApplicationController
   before_filter :require_group_isnt_admins_group, :only => [:edit, :update, :destroy]
 
   def index
-    @groups = Group.all(:order => 'name')
+    @groups = Group.order(:name)
   end
 
   def new
     @group = Group.new
   end
 
   def create
-    @group = Group.new(params[:group])
+    @group = Group.new(permitted_params.group)
 
     if @group.save
       redirect_to groups_url
@@ -27,7 +27,7 @@ def edit
 
   # Note: @group is set in require_existing_group
   def update
-    if @group.update_attributes(params[:group])
+    if @group.update_attributes(permitted_params.group)
       redirect_to edit_group_url(@group), :notice => t(:your_changes_were_saved)
     else
       render :action => 'edit'

app/controllers/permissions_controller.rb

@@ -2,10 +2,13 @@ class PermissionsController < ApplicationController
   before_filter :require_admin
 
   def update_multiple
-    permissions = Permission.update(params[:permissions].keys, params[:permissions].values)
-    folder = permissions.first.folder
-    folder.copy_permissions_to_children(permissions) if params[:recursive] && folder.has_children?
-    redirect_to folder
+    if params[:permissions]
+      permissions = Permission.update(params[:permissions].keys, params[:permissions].values)
+      folder = permissions.first.folder
+      folder.copy_permissions_to_children(permissions) if params[:recursive] && folder.has_children?
+    end
+
+    redirect_to :back
   rescue ActiveRecord::RecordNotFound # Folder was deleted, so permissions are gone too
     redirect_to Folder.root, :alert => t(:already_deleted, :type => t(:this_folder))
   end

app/controllers/reset_password_controller.rb

@@ -22,7 +22,7 @@ def edit
 
   # Note: @user is set in require_valid_token
   def update
-    if @user.update_attributes(params[:user].merge({ :password_required => true }))
+    if @user.update_attributes(permitted_params.user.merge({ :password_required => true }))
       redirect_to new_session_url, :notice => t(:password_reset_successfully)
     else
       render :action => 'edit'

app/controllers/share_links_controller.rb

@@ -23,7 +23,7 @@ def new
 
   # Note: @file and @folder are set in require_existing_file
   def create
-    @share_link = @file.share_links.build(params[:share_link])
+    @share_link = @file.share_links.build(permitted_params.share_link)
 
     if @share_link.save
       UserMailer.share_link_email(current_user, @share_link).deliver

app/controllers/signup_controller.rb

@@ -8,7 +8,7 @@ def edit
 
   # Note: @user is set in require_valid_token
   def update
-    if @user.update_attributes(params[:user].merge({ :password_required => true }))
+    if @user.update_attributes(permitted_params.user.merge({ :password_required => true }))
       redirect_to new_session_url, :notice => t(:signed_up_successfully)
     else
       render :action => 'edit'

app/controllers/users_controller.rb

@@ -13,11 +13,9 @@ def new
   end
 
   def create
-    group_ids = params[:user].delete(:group_ids)
-    @user = User.new(params[:user])
+    @user = User.new(permitted_params.user)
 
     if @user.save
-      set_groups(group_ids)
       UserMailer.signup_email(@user).deliver
       redirect_to users_url
     else
@@ -31,10 +29,7 @@ def edit
 
   # Note: @user is set in require_existing_user
   def update
-    group_ids = params[:user].delete(:group_ids)
-
-    if @user.update_attributes(params[:user].merge({ :password_required => false }))
-      set_groups(group_ids)
+    if @user.update_attributes(permitted_params.user.merge({ :password_required => false }))
       redirect_to edit_user_url(@user), :notice => t(:your_changes_were_saved)
     else
       render :action => 'edit'
@@ -73,11 +68,4 @@ def require_deleted_user_isnt_admin
       redirect_to users_url, :alert => t(:admin_user_cannot_be_deleted)
     end
   end
-
-  def set_groups(group_ids)
-    if current_user.member_of_admins?
-      @user.group_ids = group_ids
-      @user.groups << Group.find_by_name('Admins') if @user.is_admin
-    end
-  end
 end

app/models/folder.rb

@@ -1,11 +1,10 @@
 class Folder < ActiveRecord::Base
   acts_as_tree :order => 'name'
 
-  has_many :user_files, :dependent => :destroy, :order => 'attachment_file_name'
+  has_many :user_files, -> { order :attachment_file_name }, :dependent => :destroy
   has_many :permissions, :dependent => :destroy
 
   attr_accessor :is_copied_folder
-  attr_accessible :name
 
   validates_uniqueness_of :name, :scope => :parent_id
   validates_presence_of :name