Merge pull request #960 from iancmyers/strong-parameters
Began implementing strong_parameters
This commit is contained in:
commit
112d57e899
|
@ -27,7 +27,6 @@ class CategoriesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
requires_parameters(*required_param_keys)
|
|
||||||
guardian.ensure_can_create!(Category)
|
guardian.ensure_can_create!(Category)
|
||||||
|
|
||||||
@category = Category.create(category_params.merge(user: current_user))
|
@category = Category.create(category_params.merge(user: current_user))
|
||||||
|
@ -37,7 +36,6 @@ class CategoriesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
requires_parameters(*required_param_keys)
|
|
||||||
guardian.ensure_can_edit!(@category)
|
guardian.ensure_can_edit!(@category)
|
||||||
json_result(@category, serializer: CategorySerializer) { |cat| cat.update_attributes(category_params) }
|
json_result(@category, serializer: CategorySerializer) { |cat| cat.update_attributes(category_params) }
|
||||||
end
|
end
|
||||||
|
@ -59,7 +57,11 @@ class CategoriesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def category_params
|
def category_params
|
||||||
params.slice(*category_param_keys)
|
required_param_keys.each do |key|
|
||||||
|
params.require(key)
|
||||||
|
end
|
||||||
|
|
||||||
|
params.permit(*category_param_keys)
|
||||||
end
|
end
|
||||||
|
|
||||||
def fetch_category
|
def fetch_category
|
||||||
|
|
|
@ -29,7 +29,7 @@ class InvitesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
requires_parameter(:email)
|
params.require(:email)
|
||||||
|
|
||||||
invite = Invite.where(invited_by_id: current_user.id, email: params[:email]).first
|
invite = Invite.where(invited_by_id: current_user.id, email: params[:email]).first
|
||||||
raise Discourse::InvalidParameters.new(:email) if invite.blank?
|
raise Discourse::InvalidParameters.new(:email) if invite.blank?
|
||||||
|
|
|
@ -70,7 +70,7 @@ class PostActionsController < ApplicationController
|
||||||
private
|
private
|
||||||
|
|
||||||
def fetch_post_from_params
|
def fetch_post_from_params
|
||||||
requires_parameter(:id)
|
params.require(:id)
|
||||||
finder = Post.where(id: params[:id])
|
finder = Post.where(id: params[:id])
|
||||||
|
|
||||||
# Include deleted posts if the user is a moderator (to guardian ?)
|
# Include deleted posts if the user is a moderator (to guardian ?)
|
||||||
|
@ -81,7 +81,7 @@ class PostActionsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def fetch_post_action_type_id_from_params
|
def fetch_post_action_type_id_from_params
|
||||||
requires_parameter(:post_action_type_id)
|
params.require(:post_action_type_id)
|
||||||
@post_action_type_id = params[:post_action_type_id].to_i
|
@post_action_type_id = params[:post_action_type_id].to_i
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,7 +2,7 @@ class UploadsController < ApplicationController
|
||||||
before_filter :ensure_logged_in
|
before_filter :ensure_logged_in
|
||||||
|
|
||||||
def create
|
def create
|
||||||
requires_parameter(:topic_id)
|
params.require(:topic_id)
|
||||||
file = params[:file] || params[:files].first
|
file = params[:file] || params[:files].first
|
||||||
|
|
||||||
# only supports images for now
|
# only supports images for now
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
class Category < ActiveRecord::Base
|
class Category < ActiveRecord::Base
|
||||||
|
include ActiveModel::ForbiddenAttributesProtection
|
||||||
|
|
||||||
belongs_to :topic, dependent: :destroy
|
belongs_to :topic, dependent: :destroy
|
||||||
belongs_to :topic_only_relative_url,
|
belongs_to :topic_only_relative_url,
|
||||||
select: "id, title, slug",
|
select: "id, title, slug",
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
require_dependency 'trashable'
|
require_dependency 'trashable'
|
||||||
|
|
||||||
class Invite < ActiveRecord::Base
|
class Invite < ActiveRecord::Base
|
||||||
|
include ActiveModel::ForbiddenAttributesProtection
|
||||||
include Trashable
|
include Trashable
|
||||||
|
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
|
|
|
@ -5,6 +5,7 @@ require_dependency 'trashable'
|
||||||
class PostAction < ActiveRecord::Base
|
class PostAction < ActiveRecord::Base
|
||||||
class AlreadyActed < StandardError; end
|
class AlreadyActed < StandardError; end
|
||||||
|
|
||||||
|
include ActiveModel::ForbiddenAttributesProtection
|
||||||
include RateLimiter::OnCreateRecord
|
include RateLimiter::OnCreateRecord
|
||||||
include Trashable
|
include Trashable
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,8 @@ require 's3'
|
||||||
require 'local_store'
|
require 'local_store'
|
||||||
|
|
||||||
class Upload < ActiveRecord::Base
|
class Upload < ActiveRecord::Base
|
||||||
|
include ActiveModel::ForbiddenAttributesProtection
|
||||||
|
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
belongs_to :topic
|
belongs_to :topic
|
||||||
|
|
||||||
|
|
|
@ -19,15 +19,15 @@ describe CategoriesController do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'raises an exception when the name is missing' do
|
it 'raises an exception when the name is missing' do
|
||||||
lambda { xhr :post, :create, color: 'ff0', text_color: 'fff' }.should raise_error(Discourse::InvalidParameters)
|
lambda { xhr :post, :create, color: 'ff0', text_color: 'fff' }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'raises an exception when the color is missing' do
|
it 'raises an exception when the color is missing' do
|
||||||
lambda { xhr :post, :create, name: 'hello', text_color: 'fff' }.should raise_error(Discourse::InvalidParameters)
|
lambda { xhr :post, :create, name: 'hello', text_color: 'fff' }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'raises an exception when the text color is missing' do
|
it 'raises an exception when the text color is missing' do
|
||||||
lambda { xhr :post, :create, name: 'hello', color: 'ff0' }.should raise_error(Discourse::InvalidParameters)
|
lambda { xhr :post, :create, name: 'hello', color: 'ff0' }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'failure' do
|
describe 'failure' do
|
||||||
|
@ -106,15 +106,15 @@ describe CategoriesController do
|
||||||
end
|
end
|
||||||
|
|
||||||
it "requires a name" do
|
it "requires a name" do
|
||||||
lambda { xhr :put, :update, id: @category.slug, color: 'fff', text_color: '0ff' }.should raise_error(Discourse::InvalidParameters)
|
lambda { xhr :put, :update, id: @category.slug, color: 'fff', text_color: '0ff' }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "requires a color" do
|
it "requires a color" do
|
||||||
lambda { xhr :put, :update, id: @category.slug, name: 'asdf', text_color: '0ff' }.should raise_error(Discourse::InvalidParameters)
|
lambda { xhr :put, :update, id: @category.slug, name: 'asdf', text_color: '0ff' }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "requires a text color" do
|
it "requires a text color" do
|
||||||
lambda { xhr :put, :update, id: @category.slug, name: 'asdf', color: 'fff' }.should raise_error(Discourse::InvalidParameters)
|
lambda { xhr :put, :update, id: @category.slug, name: 'asdf', color: 'fff' }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'failure' do
|
describe 'failure' do
|
||||||
|
|
|
@ -17,7 +17,7 @@ describe InvitesController do
|
||||||
|
|
||||||
|
|
||||||
it 'raises an error when the email is missing' do
|
it 'raises an error when the email is missing' do
|
||||||
lambda { delete :destroy }.should raise_error(Discourse::InvalidParameters)
|
lambda { delete :destroy }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "raises an error when the email cannot be found" do
|
it "raises an error when the email cannot be found" do
|
||||||
|
|
|
@ -14,11 +14,11 @@ describe PostActionsController do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'raises an error when the id is missing' do
|
it 'raises an error when the id is missing' do
|
||||||
lambda { xhr :post, :create, post_action_type_id: PostActionType.types[:like] }.should raise_error(Discourse::InvalidParameters)
|
lambda { xhr :post, :create, post_action_type_id: PostActionType.types[:like] }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'raises an error when the post_action_type_id index is missing' do
|
it 'raises an error when the post_action_type_id index is missing' do
|
||||||
lambda { xhr :post, :create, id: @post.id }.should raise_error(Discourse::InvalidParameters)
|
lambda { xhr :post, :create, id: @post.id }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "fails when the user doesn't have permission to see the post" do
|
it "fails when the user doesn't have permission to see the post" do
|
||||||
|
@ -70,7 +70,7 @@ describe PostActionsController do
|
||||||
let!(:user) { log_in }
|
let!(:user) { log_in }
|
||||||
|
|
||||||
it 'raises an error when the post_action_type_id is missing' do
|
it 'raises an error when the post_action_type_id is missing' do
|
||||||
lambda { xhr :delete, :destroy, id: post.id }.should raise_error(Discourse::InvalidParameters)
|
lambda { xhr :delete, :destroy, id: post.id }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "returns 404 when the post action type doesn't exist for that user" do
|
it "returns 404 when the post action type doesn't exist for that user" do
|
||||||
|
@ -116,7 +116,7 @@ describe PostActionsController do
|
||||||
let!(:user) { log_in(:moderator) }
|
let!(:user) { log_in(:moderator) }
|
||||||
|
|
||||||
it "raises an error without a post_action_type_id" do
|
it "raises an error without a post_action_type_id" do
|
||||||
-> { xhr :post, :clear_flags, id: flagged_post.id }.should raise_error(Discourse::InvalidParameters)
|
-> { xhr :post, :clear_flags, id: flagged_post.id }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "raises an error when the user doesn't have access" do
|
it "raises an error when the user doesn't have access" do
|
||||||
|
@ -160,13 +160,13 @@ describe PostActionsController do
|
||||||
it 'raises an error without an id' do
|
it 'raises an error without an id' do
|
||||||
lambda {
|
lambda {
|
||||||
xhr :get, :users, post_action_type_id: PostActionType.types[:like]
|
xhr :get, :users, post_action_type_id: PostActionType.types[:like]
|
||||||
}.should raise_error(Discourse::InvalidParameters)
|
}.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'raises an error without a post action type' do
|
it 'raises an error without a post action type' do
|
||||||
lambda {
|
lambda {
|
||||||
xhr :get, :users, id: post.id
|
xhr :get, :users, id: post.id
|
||||||
}.should raise_error(Discourse::InvalidParameters)
|
}.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "fails when the user doesn't have permission to see the post" do
|
it "fails when the user doesn't have permission to see the post" do
|
||||||
|
|
|
@ -16,7 +16,7 @@ describe UploadsController do
|
||||||
|
|
||||||
context 'missing params' do
|
context 'missing params' do
|
||||||
it 'raises an error without the topic_id param' do
|
it 'raises an error without the topic_id param' do
|
||||||
-> { xhr :post, :create }.should raise_error(Discourse::InvalidParameters)
|
-> { xhr :post, :create }.should raise_error(ActionController::ParameterMissing)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue