Remove protected_attributes gem
We do not enforce the rules, so removing it and switching the existing annotations to strong_parameters does not make our situation worse.
This commit is contained in:
parent
9fc51bdce8
commit
39aff78f11
8 changed files with 32 additions and 29 deletions
1
Gemfile
1
Gemfile
|
@ -42,7 +42,6 @@ gem 'rails-settings-cached', '= 0.4.3' # caching breaks tests until Rails 5 http
|
||||||
gem 'resque'
|
gem 'resque'
|
||||||
gem 'thin'
|
gem 'thin'
|
||||||
gem 'whenever', require: false # For defining cronjobs, see config/schedule.rb
|
gem 'whenever', require: false # For defining cronjobs, see config/schedule.rb
|
||||||
gem 'protected_attributes', '= 1.1.0' # 1.1.0 until tests work work with higher versions
|
|
||||||
gem 'ruby-units'
|
gem 'ruby-units'
|
||||||
gem 'attribute_normalizer'
|
gem 'attribute_normalizer'
|
||||||
gem 'ice_cube'
|
gem 'ice_cube'
|
||||||
|
|
|
@ -285,8 +285,6 @@ GEM
|
||||||
ttfunk (~> 1.5)
|
ttfunk (~> 1.5)
|
||||||
prawn-table (0.2.2)
|
prawn-table (0.2.2)
|
||||||
prawn (>= 1.3.0, < 3.0.0)
|
prawn (>= 1.3.0, < 3.0.0)
|
||||||
protected_attributes (1.1.0)
|
|
||||||
activemodel (>= 4.0.1, < 5.0)
|
|
||||||
pry (0.12.2)
|
pry (0.12.2)
|
||||||
coderay (~> 1.1.0)
|
coderay (~> 1.1.0)
|
||||||
method_source (~> 0.9.0)
|
method_source (~> 0.9.0)
|
||||||
|
@ -549,7 +547,6 @@ DEPENDENCIES
|
||||||
mysql2 (~> 0.4.0)
|
mysql2 (~> 0.4.0)
|
||||||
prawn
|
prawn
|
||||||
prawn-table
|
prawn-table
|
||||||
protected_attributes (= 1.1.0)
|
|
||||||
pry-rescue
|
pry-rescue
|
||||||
pry-stack_explorer
|
pry-stack_explorer
|
||||||
puma
|
puma
|
||||||
|
|
|
@ -25,23 +25,23 @@ class SuppliersController < ApplicationController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
@supplier = Supplier.new(params[:supplier])
|
@supplier = Supplier.new(supplier_params)
|
||||||
if @supplier.save
|
if @supplier.save
|
||||||
flash[:notice] = I18n.t('suppliers.create.notice')
|
flash[:notice] = I18n.t('suppliers.create.notice')
|
||||||
redirect_to suppliers_path
|
redirect_to suppliers_path
|
||||||
else
|
else
|
||||||
render :action => 'new'
|
render :action => 'new'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def edit
|
def edit
|
||||||
@supplier = Supplier.find(params[:id])
|
@supplier = Supplier.find(params[:id])
|
||||||
end
|
end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
@supplier = Supplier.find(params[:id])
|
@supplier = Supplier.find(params[:id])
|
||||||
if @supplier.update_attributes(params[:supplier])
|
if @supplier.update_attributes(supplier_params)
|
||||||
flash[:notice] = I18n.t('suppliers.update.notice')
|
flash[:notice] = I18n.t('suppliers.update.notice')
|
||||||
redirect_to @supplier
|
redirect_to @supplier
|
||||||
else
|
else
|
||||||
|
@ -57,11 +57,21 @@ class SuppliersController < ApplicationController
|
||||||
rescue => e
|
rescue => e
|
||||||
flash[:error] = I18n.t('errors.general_msg', :msg => e.message)
|
flash[:error] = I18n.t('errors.general_msg', :msg => e.message)
|
||||||
redirect_to @supplier
|
redirect_to @supplier
|
||||||
end
|
end
|
||||||
|
|
||||||
# gives a list with all available shared_suppliers
|
# gives a list with all available shared_suppliers
|
||||||
def shared_suppliers
|
def shared_suppliers
|
||||||
@shared_suppliers = SharedSupplier.all
|
@shared_suppliers = SharedSupplier.all
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def supplier_params
|
||||||
|
params
|
||||||
|
.require(:supplier)
|
||||||
|
.permit(:name, :address, :phone, :phone2, :fax, :email, :url, :contact_person, :customer_number,
|
||||||
|
:iban, :custom_fields, :delivery_days, :order_howto, :note,
|
||||||
|
:shared_supplier_id, :min_order_quantity, :shared_sync_method)
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -17,7 +17,7 @@ class TasksController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
@task = Task.new(params[:task])
|
@task = Task.new(task_params, current_user_id: current_user.id)
|
||||||
if params[:periodic]
|
if params[:periodic]
|
||||||
@task.periodic_task_group = PeriodicTaskGroup.new
|
@task.periodic_task_group = PeriodicTaskGroup.new
|
||||||
end
|
end
|
||||||
|
@ -44,6 +44,7 @@ class TasksController < ApplicationController
|
||||||
task_group = @task.periodic_task_group
|
task_group = @task.periodic_task_group
|
||||||
was_periodic = @task.periodic?
|
was_periodic = @task.periodic?
|
||||||
prev_due_date = @task.due_date
|
prev_due_date = @task.due_date
|
||||||
|
@task.current_user_id = current_user.id
|
||||||
@task.attributes=(params[:task])
|
@task.attributes=(params[:task])
|
||||||
if @task.errors.empty? && @task.save
|
if @task.errors.empty? && @task.save
|
||||||
task_group.update_tasks_including(@task, prev_due_date) if params[:periodic]
|
task_group.update_tasks_including(@task, prev_due_date) if params[:periodic]
|
||||||
|
@ -111,4 +112,13 @@ class TasksController < ApplicationController
|
||||||
redirect_to tasks_url, :alert => I18n.t('tasks.error_not_found')
|
redirect_to tasks_url, :alert => I18n.t('tasks.error_not_found')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def task_params
|
||||||
|
params
|
||||||
|
.require(:task)
|
||||||
|
.permit(:name, :description, :duration, :user_list, :required_users, :workgroup, :due_date, :done)
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -10,10 +10,6 @@ class Supplier < ApplicationRecord
|
||||||
has_many :invoices
|
has_many :invoices
|
||||||
belongs_to :shared_supplier # for the sharedLists-App
|
belongs_to :shared_supplier # for the sharedLists-App
|
||||||
|
|
||||||
include ActiveModel::MassAssignmentSecurity
|
|
||||||
attr_accessible :name, :address, :phone, :phone2, :fax, :email, :url, :contact_person, :customer_number, :iban, :custom_fields,
|
|
||||||
:delivery_days, :order_howto, :note, :shared_supplier_id, :min_order_quantity, :shared_sync_method
|
|
||||||
|
|
||||||
validates :name, :presence => true, :length => { :in => 4..30 }
|
validates :name, :presence => true, :length => { :in => 4..30 }
|
||||||
validates :phone, :presence => true, :length => { :in => 8..25 }
|
validates :phone, :presence => true, :length => { :in => 8..25 }
|
||||||
validates :address, :presence => true, :length => { :in => 8..50 }
|
validates :address, :presence => true, :length => { :in => 8..50 }
|
||||||
|
|
|
@ -11,10 +11,6 @@ class Task < ApplicationRecord
|
||||||
|
|
||||||
attr_accessor :current_user_id
|
attr_accessor :current_user_id
|
||||||
|
|
||||||
# form will send user in string. responsibilities will added later
|
|
||||||
include ActiveModel::MassAssignmentSecurity
|
|
||||||
attr_protected :users
|
|
||||||
|
|
||||||
validates :name, :presence => true, :length => { :minimum => 3 }
|
validates :name, :presence => true, :length => { :minimum => 3 }
|
||||||
validates :required_users, :presence => true
|
validates :required_users, :presence => true
|
||||||
validates_numericality_of :duration, :required_users, :only_integer => true, :greater_than => 0
|
validates_numericality_of :duration, :required_users, :only_integer => true, :greater_than => 0
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
= form.hidden_field :current_user_id
|
|
||||||
= form.input :name
|
= form.input :name
|
||||||
= form.input :description, as: :text, input_html: {rows: 10}
|
= form.input :description, as: :text, input_html: {rows: 10}
|
||||||
= form.input :duration, :as => :select, :collection => 1..3
|
= form.input :duration, :as => :select, :collection => 1..3
|
||||||
|
|
|
@ -42,12 +42,8 @@ module Foodsoft
|
||||||
# like if you have constraints or database-specific column types
|
# like if you have constraints or database-specific column types
|
||||||
# config.active_record.schema_format = :sql
|
# config.active_record.schema_format = :sql
|
||||||
|
|
||||||
# Enforce whitelist mode for mass assignment.
|
# TODO Disable this. Uncommenting this line will currently cause rspec to fail.
|
||||||
# This will create an empty whitelist of attributes available for mass-assignment for all models
|
config.action_controller.permit_all_parameters = true
|
||||||
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
|
|
||||||
# parameters by using an attr_accessible or attr_protected declaration.
|
|
||||||
# TODO Re-activate this. Uncommenting this line will currently cause rspec to fail.
|
|
||||||
config.active_record.whitelist_attributes = false
|
|
||||||
|
|
||||||
# Enable the asset pipeline
|
# Enable the asset pipeline
|
||||||
config.assets.enabled = true
|
config.assets.enabled = true
|
||||||
|
|
Loading…
Reference in a new issue