Remove protected_attributes gem
We do not enforce the rules, so removing it and switching the existing annotations to strong_parameters does not make our situation worse.
This commit is contained in:
parent
9fc51bdce8
commit
39aff78f11
8 changed files with 32 additions and 29 deletions
1
Gemfile
1
Gemfile
|
@ -42,7 +42,6 @@ gem 'rails-settings-cached', '= 0.4.3' # caching breaks tests until Rails 5 http
|
|||
gem 'resque'
|
||||
gem 'thin'
|
||||
gem 'whenever', require: false # For defining cronjobs, see config/schedule.rb
|
||||
gem 'protected_attributes', '= 1.1.0' # 1.1.0 until tests work work with higher versions
|
||||
gem 'ruby-units'
|
||||
gem 'attribute_normalizer'
|
||||
gem 'ice_cube'
|
||||
|
|
|
@ -285,8 +285,6 @@ GEM
|
|||
ttfunk (~> 1.5)
|
||||
prawn-table (0.2.2)
|
||||
prawn (>= 1.3.0, < 3.0.0)
|
||||
protected_attributes (1.1.0)
|
||||
activemodel (>= 4.0.1, < 5.0)
|
||||
pry (0.12.2)
|
||||
coderay (~> 1.1.0)
|
||||
method_source (~> 0.9.0)
|
||||
|
@ -549,7 +547,6 @@ DEPENDENCIES
|
|||
mysql2 (~> 0.4.0)
|
||||
prawn
|
||||
prawn-table
|
||||
protected_attributes (= 1.1.0)
|
||||
pry-rescue
|
||||
pry-stack_explorer
|
||||
puma
|
||||
|
|
|
@ -26,7 +26,7 @@ class SuppliersController < ApplicationController
|
|||
end
|
||||
|
||||
def create
|
||||
@supplier = Supplier.new(params[:supplier])
|
||||
@supplier = Supplier.new(supplier_params)
|
||||
if @supplier.save
|
||||
flash[:notice] = I18n.t('suppliers.create.notice')
|
||||
redirect_to suppliers_path
|
||||
|
@ -41,7 +41,7 @@ class SuppliersController < ApplicationController
|
|||
|
||||
def update
|
||||
@supplier = Supplier.find(params[:id])
|
||||
if @supplier.update_attributes(params[:supplier])
|
||||
if @supplier.update_attributes(supplier_params)
|
||||
flash[:notice] = I18n.t('suppliers.update.notice')
|
||||
redirect_to @supplier
|
||||
else
|
||||
|
@ -64,4 +64,14 @@ class SuppliersController < ApplicationController
|
|||
@shared_suppliers = SharedSupplier.all
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def supplier_params
|
||||
params
|
||||
.require(:supplier)
|
||||
.permit(:name, :address, :phone, :phone2, :fax, :email, :url, :contact_person, :customer_number,
|
||||
:iban, :custom_fields, :delivery_days, :order_howto, :note,
|
||||
:shared_supplier_id, :min_order_quantity, :shared_sync_method)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -17,7 +17,7 @@ class TasksController < ApplicationController
|
|||
end
|
||||
|
||||
def create
|
||||
@task = Task.new(params[:task])
|
||||
@task = Task.new(task_params, current_user_id: current_user.id)
|
||||
if params[:periodic]
|
||||
@task.periodic_task_group = PeriodicTaskGroup.new
|
||||
end
|
||||
|
@ -44,6 +44,7 @@ class TasksController < ApplicationController
|
|||
task_group = @task.periodic_task_group
|
||||
was_periodic = @task.periodic?
|
||||
prev_due_date = @task.due_date
|
||||
@task.current_user_id = current_user.id
|
||||
@task.attributes=(params[:task])
|
||||
if @task.errors.empty? && @task.save
|
||||
task_group.update_tasks_including(@task, prev_due_date) if params[:periodic]
|
||||
|
@ -111,4 +112,13 @@ class TasksController < ApplicationController
|
|||
redirect_to tasks_url, :alert => I18n.t('tasks.error_not_found')
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def task_params
|
||||
params
|
||||
.require(:task)
|
||||
.permit(:name, :description, :duration, :user_list, :required_users, :workgroup, :due_date, :done)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -10,10 +10,6 @@ class Supplier < ApplicationRecord
|
|||
has_many :invoices
|
||||
belongs_to :shared_supplier # for the sharedLists-App
|
||||
|
||||
include ActiveModel::MassAssignmentSecurity
|
||||
attr_accessible :name, :address, :phone, :phone2, :fax, :email, :url, :contact_person, :customer_number, :iban, :custom_fields,
|
||||
:delivery_days, :order_howto, :note, :shared_supplier_id, :min_order_quantity, :shared_sync_method
|
||||
|
||||
validates :name, :presence => true, :length => { :in => 4..30 }
|
||||
validates :phone, :presence => true, :length => { :in => 8..25 }
|
||||
validates :address, :presence => true, :length => { :in => 8..50 }
|
||||
|
|
|
@ -11,10 +11,6 @@ class Task < ApplicationRecord
|
|||
|
||||
attr_accessor :current_user_id
|
||||
|
||||
# form will send user in string. responsibilities will added later
|
||||
include ActiveModel::MassAssignmentSecurity
|
||||
attr_protected :users
|
||||
|
||||
validates :name, :presence => true, :length => { :minimum => 3 }
|
||||
validates :required_users, :presence => true
|
||||
validates_numericality_of :duration, :required_users, :only_integer => true, :greater_than => 0
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
= form.hidden_field :current_user_id
|
||||
= form.input :name
|
||||
= form.input :description, as: :text, input_html: {rows: 10}
|
||||
= form.input :duration, :as => :select, :collection => 1..3
|
||||
|
|
|
@ -42,12 +42,8 @@ module Foodsoft
|
|||
# like if you have constraints or database-specific column types
|
||||
# config.active_record.schema_format = :sql
|
||||
|
||||
# Enforce whitelist mode for mass assignment.
|
||||
# This will create an empty whitelist of attributes available for mass-assignment for all models
|
||||
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
|
||||
# parameters by using an attr_accessible or attr_protected declaration.
|
||||
# TODO Re-activate this. Uncommenting this line will currently cause rspec to fail.
|
||||
config.active_record.whitelist_attributes = false
|
||||
# TODO Disable this. Uncommenting this line will currently cause rspec to fail.
|
||||
config.action_controller.permit_all_parameters = true
|
||||
|
||||
# Enable the asset pipeline
|
||||
config.assets.enabled = true
|
||||
|
|
Loading…
Reference in a new issue