Permalink
Browse files

Change scaffold_controller to generate and use private method to enca…

…psulate permissible params
  • Loading branch information...
1 parent b4d9a58 commit 8042835c157a4a7b567d23c7552a9b671f50328b @guilleiguaran guilleiguaran committed Jul 19, 2012
@@ -10,6 +10,8 @@ class ScaffoldControllerGenerator < NamedBase
class_option :orm, :banner => "NAME", :type => :string, :required => true,
:desc => "ORM to generate the controller for"
+ argument :attributes, :type => :array, :default => [], :banner => "field:type field:type"
+
def create_controller_files
template "controller.rb", File.join('app/controllers', class_path, "#{controller_file_name}_controller.rb")
end
@@ -45,7 +45,7 @@ def edit
# POST <%= route_url %>
# POST <%= route_url %>.json
def create
- @<%= singular_table_name %> = <%= orm_class.build(class_name, "params[:#{singular_table_name}]") %>
+ @<%= singular_table_name %> = <%= orm_class.build(class_name, "#{singular_table_name}_params") %>
respond_to do |format|
if @<%= orm_instance.save %>
@@ -64,7 +64,7 @@ def update
@<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
respond_to do |format|
- if @<%= orm_instance.update_attributes("params[:#{singular_table_name}]") %>
+ if @<%= orm_instance.update_attributes("#{singular_table_name}_params") %>
format.html { redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully updated.'" %> }
format.json { head :no_content }
else
@@ -85,5 +85,13 @@ def destroy
format.json { head :no_content }
end
end
+
+ private
+
+ # Use this method to whitelist the permissible parameters. Example: params.require(:person).permit(:name, :age)
+ # Also, you can specialize this method with per-user checking of permissible attributes.
+ def <%= "#{singular_table_name}_params" %>
+ params.require(<%= ":#{singular_table_name}" %>).permit(<%= attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>)
+ end
end
<% end -%>
@@ -33,21 +33,24 @@ def test_controller_skeleton_is_created
end
assert_instance_method :create, content do |m|
- assert_match(/@user = User\.new\(params\[:user\]\)/, m)
+ assert_match(/@user = User\.new\(user_params\)/, m)
assert_match(/@user\.save/, m)
assert_match(/@user\.errors/, m)
end
assert_instance_method :update, content do |m|
assert_match(/@user = User\.find\(params\[:id\]\)/, m)
- assert_match(/@user\.update_attributes\(params\[:user\]\)/, m)
+ assert_match(/@user\.update_attributes\(user_params\)/, m)
assert_match(/@user\.errors/, m)
end
assert_instance_method :destroy, content do |m|
assert_match(/@user = User\.find\(params\[:id\]\)/, m)
assert_match(/@user\.destroy/, m)
end
+
+ assert_match(/def user_params/, content)
+ assert_match(/params\.require\(:user\)\.permit\(:age, :name\)/, content)
end
end
@@ -43,14 +43,14 @@ def test_scaffold_on_invoke
end
assert_instance_method :create, content do |m|
- assert_match(/@product_line = ProductLine\.new\(params\[:product_line\]\)/, m)
+ assert_match(/@product_line = ProductLine\.new\(product_line_params\)/, m)
assert_match(/@product_line\.save/, m)
assert_match(/@product_line\.errors/, m)
end
assert_instance_method :update, content do |m|
assert_match(/@product_line = ProductLine\.find\(params\[:id\]\)/, m)
- assert_match(/@product_line\.update_attributes\(params\[:product_line\]\)/, m)
+ assert_match(/@product_line\.update_attributes\(product_line_params\)/, m)
assert_match(/@product_line\.errors/, m)
end
@@ -166,14 +166,14 @@ def test_scaffold_with_namespace_on_invoke
end
assert_instance_method :create, content do |m|
- assert_match(/@admin_role = Admin::Role\.new\(params\[:admin_role\]\)/, m)
+ assert_match(/@admin_role = Admin::Role\.new\(admin_role_params\)/, m)
assert_match(/@admin_role\.save/, m)
assert_match(/@admin_role\.errors/, m)
end
assert_instance_method :update, content do |m|
assert_match(/@admin_role = Admin::Role\.find\(params\[:id\]\)/, m)
- assert_match(/@admin_role\.update_attributes\(params\[:admin_role\]\)/, m)
+ assert_match(/@admin_role\.update_attributes\(admin_role_params\)/, m)
assert_match(/@admin_role\.errors/, m)
end

0 comments on commit 8042835

Please sign in to comment.