Skip to content

Commit

Permalink
Use Rails 4' strong_parameters instead of protected_attributes
Browse files Browse the repository at this point in the history
  • Loading branch information
@reidab
reidab committed Dec 3, 2013
1 parent d596abc commit 2ed6a8d
Show file tree
Hide file tree
Showing 33 changed files with 187 additions and 283 deletions.
1 change: 0 additions & 1 deletion Gemfile
View file
Expand Up @@ -11,7 +11,6 @@ gem 'rails', '~> 4.0.0'

# Extracted Rails features
gem 'rails-observers'
gem 'protected_attributes' # TODO: Migrate to new controller-based protection

# Database driver
gem 'sqlite3', :require => false
Expand Down
3 changes: 0 additions & 3 deletions Gemfile.lock
View file
Expand Up @@ -196,8 +196,6 @@ GEM
prawn (0.12.0)
pdf-reader (>= 0.9.0)
ttfunk (~> 1.0.2)
protected_attributes (1.0.5)
activemodel (>= 4.0.1, < 5.0)
pry (0.9.12.4)
coderay (~> 1.0)
method_source (~> 0.8)
Expand Down Expand Up @@ -323,7 +321,6 @@ DEPENDENCIES
paperclip
pg
prawn
protected_attributes
pry
rails (~> 4.0.0)
rails-observers
Expand Down
9 changes: 8 additions & 1 deletion app/controllers/comments_controller.rb
View file
Expand Up @@ -36,7 +36,7 @@ def create
end

@proposal = Proposal.find(params[:proposal_id])
@comment = @proposal.comments.new(params[:comment])
@comment = @proposal.comments.new(comment_params)

# Use session to store email address and prefill it as needed
if @comment.email.blank?
Expand Down Expand Up @@ -74,4 +74,11 @@ def destroy
}
end
end

private

def comment_params
params.require(:comment).permit(:name, :email, :message)
end

end
30 changes: 26 additions & 4 deletions app/controllers/manage/events_controller.rb
View file
Expand Up @@ -52,8 +52,7 @@ def edit
# POST /events
# POST /events.xml
def create
@event = Event.new
@event.assign_attributes(params[:event], as: current_role)
@event = Event.new(event_params)

respond_to do |format|
if @event.save
Expand All @@ -71,10 +70,9 @@ def create
# PUT /events/1.xml
def update
@return_to = params[:return_to]
@event.assign_attributes(params[:event], as: current_role)

respond_to do |format|
if @event.save
if @event.update_attributes(event_params)
flash[:notice] = 'Event was successfully updated.'
format.html { redirect_to(@return_to ? @return_to : [:manage, @event]) }
format.xml { head :ok }
Expand Down Expand Up @@ -128,4 +126,28 @@ def notify_speakers
end
redirect_to(manage_event_proposals_path(@event))
end

private

def event_params
params.require(:event).permit(
:slug,
:title,
:deadline,
:open_text,
:closed_text,
:session_text,
:tracks_text,
:start_date,
:end_date,
:proposal_status_published,
:accept_proposal_comments_after_deadline,
:schedule_published,
:proposal_titles_locked,
:accept_selector_votes,
:show_proposal_confirmation_controls,
:parent,
:parent_id
) if admin?
end
end
14 changes: 10 additions & 4 deletions app/controllers/manage/snippets_controller.rb
View file
Expand Up @@ -50,8 +50,7 @@ def edit
# POST /snippets
# POST /snippets.xml
def create
@snippet = Snippet.new
@snippet.assign_attributes(params[:snippet], as: current_role)
@snippet = Snippet.new(snippet_params)

respond_to do |format|
if @snippet.save
Expand All @@ -69,13 +68,12 @@ def create
# PUT /snippets/1.xml
def update
@snippet = Snippet.find(params[:id])
@snippet.assign_attributes(params[:snippet], as: current_role)
add_breadcrumb @snippet.slug, manage_snippet_path(@snippet)

@return_to = params[:return_to]

respond_to do |format|
if @snippet.save
if @snippet.update_attributes(snippet_params)
flash[:notice] = 'Snippet was successfully updated.'
format.html { redirect_to(@return_to ? @return_to : [:manage, @snippet]) }
format.xml { head :ok }
Expand All @@ -97,4 +95,12 @@ def destroy
format.xml { head :ok }
end
end

private

def snippet_params
params.require(:snippet).permit(
:slug, :description, :content, :value, :public
) if admin?
end
end
34 changes: 24 additions & 10 deletions app/controllers/proposals_controller.rb
View file
Expand Up @@ -199,12 +199,7 @@ def edit
# POST /proposals
# POST /proposals.xml
def create
@proposal = Proposal.new
@proposal.assign_attributes(
params[:proposal].slice(*Proposal.accessible_attributes(current_role)),
as: current_role
)
@proposal.event = @event
@proposal = @event.proposals.new(proposal_params)
@proposal.add_user(current_user) if logged_in?
@proposal.transition = transition_from_params if admin?

Expand Down Expand Up @@ -245,10 +240,7 @@ def update
end
end

@proposal.assign_attributes(
params[:proposal].slice(*Proposal.accessible_attributes(current_role)),
as: current_role
)
@proposal.assign_attributes(proposal_params)

add_breadcrumb @event.title, event_proposals_path(@event)
add_breadcrumb @proposal.title, proposal_path(@proposal)
Expand Down Expand Up @@ -349,6 +341,28 @@ def speaker_decline

protected

def proposal_params
permitted = [
:presenter,
:affiliation,
:email,
:website,
:biography,
:title,
:description,
:excerpt,
:agreement,
:note_to_organizers,
:track_id,
:session_type_id,
:speaking_experience,
:audience_level]

permitted += [:status, :room_id, :start_time, :audio_url] if admin?

params.require(:proposal).permit(permitted)
end

# Is this event accepting proposals? If not, redirect with a warning.
def assert_accepting_proposals
unless accepting_proposals? || admin?
Expand Down
22 changes: 17 additions & 5 deletions app/controllers/rooms_controller.rb
View file
Expand Up @@ -52,9 +52,7 @@ def edit
# POST /rooms
# POST /rooms.xml
def create
@room = Room.new
@room.assign_attributes(params[:room], as: current_role)
@room.event = @event
@room = @event.rooms.new(room_params)

respond_to do |format|
if @room.save
Expand All @@ -71,9 +69,8 @@ def create
# PUT /rooms/1
# PUT /rooms/1.xml
def update
@room.assign_attributes(params[:room], as: current_role)
respond_to do |format|
if @room.save
if @room.update_attributes(room_params)
flash[:notice] = 'Room was successfully updated.'
format.html { redirect_to(@room) }
format.xml { head :ok }
Expand All @@ -97,6 +94,21 @@ def destroy

protected

def room_params
params.require(:room).permit(
:name,
:capacity,
:size,
:seating_configuration,
:description,
:image,
:image_file_name,
:image_content_type,
:image_file_size,
:image_updated_at
) if admin?
end

def add_event_breadcrumb
add_breadcrumb @event.title, @event
end
Expand Down
18 changes: 13 additions & 5 deletions app/controllers/schedule_items_controller.rb
View file
Expand Up @@ -49,9 +49,7 @@ def edit
# POST /schedule_items
# POST /schedule_items.xml
def create
@schedule_item = ScheduleItem.new
@schedule_item.assign_attributes(params[:schedule_item], as: current_role)
@schedule_item.event = @event
@schedule_item = @event.schedule_items.new(schedule_item_params)

respond_to do |format|
if @schedule_item.save
Expand All @@ -70,9 +68,8 @@ def create
# PUT /schedule_items/1
# PUT /schedule_items/1.xml
def update
@schedule_item.assign_attributes(params[:schedule_item], as: current_role)
respond_to do |format|
if @schedule_item.save
if @schedule_item.update_attributes(schedule_item_params)
flash[:notice] = 'ScheduleItem was successfully updated.'
format.html { redirect_to(@schedule_item) }
format.json { head :ok }
Expand All @@ -99,6 +96,17 @@ def destroy

protected

def schedule_item_params
params.require(:schedule_item).permit(
:title,
:description,
:excerpt,
:start_time,
:duration,
:room_id
) if admin?
end

def add_event_breadcrumb
add_breadcrumb @event.title, @event
end
Expand Down
8 changes: 7 additions & 1 deletion app/controllers/selector_votes_controller.rb
View file
Expand Up @@ -40,7 +40,7 @@ def index
# ROUTE: /proposals/:proposal_id/selector_vote
def create
@selector_vote = SelectorVote.find_or_initialize_by(user_id: current_user.id, proposal_id: params[:proposal_id].to_i)
@selector_vote.assign_attributes(params[:selector_vote].slice(:rating, :comment))
@selector_vote.assign_attributes(selector_vote_params)

respond_to do |format|
if @selector_vote.save
Expand All @@ -60,4 +60,10 @@ def create
end
end
end

private

def selector_vote_params
params.require(:selector_vote).permit(:rating, :comment) if selector?
end
end
14 changes: 8 additions & 6 deletions app/controllers/session_types_controller.rb
View file
Expand Up @@ -48,9 +48,7 @@ def edit
# POST /session_types
# POST /session_types.xml
def create
@session_type = SessionType.new
@session_type.assign_attributes(params[:session_type], as: current_role)
@session_type.event = @event
@session_type = @event.session_types.new(session_type_params)

respond_to do |format|
if @session_type.save
Expand All @@ -69,10 +67,8 @@ def create
# PUT /session_types/1
# PUT /session_types/1.xml
def update
@session_type.assign_attributes(params[:session_type], as: current_role)

respond_to do |format|
if @session_type.save
if @session_type.update_attributes(session_type_params)
flash[:notice] = 'SessionType was successfully updated.'
format.html { redirect_to(@session_type) }
format.json { head :ok }
Expand All @@ -99,6 +95,12 @@ def destroy

protected

def session_type_params
params.require(:session_type).permit(
:title, :description, :duration
) if admin?
end

def add_event_breadcrumb
add_breadcrumb @event.title, @event
end
Expand Down
14 changes: 8 additions & 6 deletions app/controllers/tracks_controller.rb
View file
Expand Up @@ -48,9 +48,7 @@ def edit
# POST /tracks
# POST /tracks.xml
def create
@track = Track.new
@track.assign_attributes(params[:track], as: current_role)
@track.event = @event
@track = @event.tracks.new(track_params)

respond_to do |format|
if @track.save
Expand All @@ -67,10 +65,8 @@ def create
# PUT /tracks/1
# PUT /tracks/1.xml
def update
@track.assign_attributes(params[:track], as: current_role)

respond_to do |format|
if @track.save
if @track.update_attributes(track_params)
flash[:success] = 'Track was successfully updated.'
format.html { redirect_to(track_path(@track)) }
format.xml { head :ok }
Expand All @@ -94,6 +90,12 @@ def destroy

protected

def track_params
params.require(:track).permit(
:title, :description, :color, :excerpt
) if admin?
end

def add_event_breadcrumb
add_breadcrumb @event.title, @event
end
Expand Down

0 comments on commit 2ed6a8d

Please sign in to comment.