Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #979 from iancmyers/strong-parameters 

All parameters for #create in PostsController pass through strong_parameters
This commit is contained in:
Robin Ward 2013-06-07 09:17:29 -07:00
parent 7c715e76e8 b61e10f9ad
commit 3ae72259a6
5 changed files with 48 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/assets/javascripts/discourse/models/post.js
View File

@ -162,7 +162,10 @@ Discourse.Post = Discourse.Model.extend({
// We're saving a post // We're saving a post
data = { data = {
post: this.getProperties('raw', 'topic_id', 'reply_to_post_number', 'category'), raw: this.get('raw'),
topic_id: this.get('topic_id'),
reply_to_post_number: this.get('reply_to_post_number'),
category: this.get('category'),
archetype: this.get('archetype'), archetype: this.get('archetype'),
title: this.get('title'), title: this.get('title'),
image_sizes: this.get('imageSizes'), image_sizes: this.get('imageSizes'),

33
app/controllers/posts_controller.rb
View File

@ -25,19 +25,7 @@ class PostsController < ApplicationController
end end
def create def create
params.require(:post) post_creator = PostCreator.new(current_user, create_params)
post_creator = PostCreator.new(current_user,
raw: params[:post][:raw],
topic_id: params[:post][:topic_id],
title: params[:title],
archetype: params[:archetype],
category: params[:post][:category],
target_usernames: params[:target_usernames],
reply_to_post_number: params[:post][:reply_to_post_number],
image_sizes: params[:image_sizes],
meta_data: params[:meta_data],
auto_close_days: params[:auto_close_days])
post = post_creator.create post = post_creator.create
if post_creator.errors.present? if post_creator.errors.present?
@ -197,4 +185,23 @@ class PostsController < ApplicationController
guardian.ensure_can_see!(post) guardian.ensure_can_see!(post)
post post
end end
private
def create_params
params.require(:raw)
params.permit(
:raw,
:topic_id,
:title,
:archetype,
:category,
:target_usernames,
:reply_to_post_number,
:image_sizes,
:auto_close_days
).tap do |whitelisted|
whitelisted[:meta_data] = params[:meta_data]
end
end
end end

2
lib/post_creator.rb
View File

@ -38,8 +38,6 @@ class PostCreator
@user = user @user = user
@opts = opts @opts = opts
@spam = false @spam = false
raise Discourse::InvalidParameters.new(:raw) if @opts[:raw].blank?
end end
# True if the post was considered spam # True if the post was considered spam

4
spec/components/post_creator_spec.rb
View File

@ -10,10 +10,6 @@ describe PostCreator do
let(:user) { Fabricate(:user) } let(:user) { Fabricate(:user) }
it 'raises an error without a raw value' do
lambda { PostCreator.new(user, {}) }.should raise_error(Discourse::InvalidParameters)
end
context 'new topic' do context 'new topic' do
let(:category) { Fabricate(:category, user: user) } let(:category) { Fabricate(:category, user: user) }
let(:topic) { Fabricate(:topic, user: user) } let(:topic) { Fabricate(:topic, user: user) }

46
spec/controllers/posts_controller_spec.rb
View File

@ -257,19 +257,19 @@ describe PostsController do
let!(:user) { log_in } let!(:user) { log_in }
let(:new_post) { Fabricate.build(:post, user: user) } let(:new_post) { Fabricate.build(:post, user: user) }
it "raises an exception without a post parameter" do it "raises an exception without a raw parameter" do
lambda { xhr :post, :create }.should raise_error(ActionController::ParameterMissing) lambda { xhr :post, :create }.should raise_error(ActionController::ParameterMissing)
end end
it 'calls the post creator' do it 'calls the post creator' do
PostCreator.any_instance.expects(:create).returns(new_post) PostCreator.any_instance.expects(:create).returns(new_post)
xhr :post, :create, post: {raw: 'test'} xhr :post, :create, {raw: 'test'}
response.should be_success response.should be_success
end end
it 'returns JSON of the post' do it 'returns JSON of the post' do
PostCreator.any_instance.expects(:create).returns(new_post) PostCreator.any_instance.expects(:create).returns(new_post)
xhr :post, :create, post: {raw: 'test'} xhr :post, :create, {raw: 'test'}
::JSON.parse(response.body).should be_present ::JSON.parse(response.body).should be_present
end end
@ -284,7 +284,7 @@ describe PostsController do
end end
it "does not succeed" do it "does not succeed" do
xhr :post, :create, post: {raw: 'test'} xhr :post, :create, {raw: 'test'}
User.any_instance.expects(:flag_linked_posts_as_spam).never User.any_instance.expects(:flag_linked_posts_as_spam).never
response.should_not be_success response.should_not be_success
end end
@ -292,7 +292,7 @@ describe PostsController do
it "it triggers flag_linked_posts_as_spam when the post creator returns spam" do it "it triggers flag_linked_posts_as_spam when the post creator returns spam" do
PostCreator.any_instance.expects(:spam?).returns(true) PostCreator.any_instance.expects(:spam?).returns(true)
User.any_instance.expects(:flag_linked_posts_as_spam) User.any_instance.expects(:flag_linked_posts_as_spam)
xhr :post, :create, post: {raw: 'test'} xhr :post, :create, {raw: 'test'}
end end
end end
@ -308,48 +308,48 @@ describe PostsController do
end end
it "passes raw through" do it "passes raw through" do
PostCreator.expects(:new).with(user, has_entries(raw: 'hello')).returns(post_creator) PostCreator.expects(:new).with(user, has_entries('raw' => 'hello')).returns(post_creator)
xhr :post, :create, post: {raw: 'hello'} xhr :post, :create, {raw: 'hello'}
end end
it "passes title through" do it "passes title through" do
PostCreator.expects(:new).with(user, has_entries(title: 'new topic title')).returns(post_creator) PostCreator.expects(:new).with(user, has_entries('title' => 'new topic title')).returns(post_creator)
xhr :post, :create, post: {raw: 'hello'}, title: 'new topic title' xhr :post, :create, {raw: 'hello', title: 'new topic title'}
end end
it "passes topic_id through" do it "passes topic_id through" do
PostCreator.expects(:new).with(user, has_entries(topic_id: '1234')).returns(post_creator) PostCreator.expects(:new).with(user, has_entries('topic_id' => '1234')).returns(post_creator)
xhr :post, :create, post: {raw: 'hello', topic_id: 1234} xhr :post, :create, {raw: 'hello', topic_id: 1234}
end end
it "passes archetype through" do it "passes archetype through" do
PostCreator.expects(:new).with(user, has_entries(archetype: 'private_message')).returns(post_creator) PostCreator.expects(:new).with(user, has_entries('archetype' => 'private_message')).returns(post_creator)
xhr :post, :create, post: {raw: 'hello'}, archetype: 'private_message' xhr :post, :create, {raw: 'hello', archetype: 'private_message'}
end end
it "passes category through" do it "passes category through" do
PostCreator.expects(:new).with(user, has_entries(category: 'cool')).returns(post_creator) PostCreator.expects(:new).with(user, has_entries('category' => 'cool')).returns(post_creator)
xhr :post, :create, post: {raw: 'hello', category: 'cool'} xhr :post, :create, {raw: 'hello', category: 'cool'}
end end
it "passes target_usernames through" do it "passes target_usernames through" do
PostCreator.expects(:new).with(user, has_entries(target_usernames: 'evil,trout')).returns(post_creator) PostCreator.expects(:new).with(user, has_entries('target_usernames' => 'evil,trout')).returns(post_creator)
xhr :post, :create, post: {raw: 'hello'}, target_usernames: 'evil,trout' xhr :post, :create, {raw: 'hello', target_usernames: 'evil,trout'}
end end
it "passes reply_to_post_number through" do it "passes reply_to_post_number through" do
PostCreator.expects(:new).with(user, has_entries(reply_to_post_number: '6789')).returns(post_creator) PostCreator.expects(:new).with(user, has_entries('reply_to_post_number' => '6789')).returns(post_creator)
xhr :post, :create, post: {raw: 'hello', reply_to_post_number: 6789} xhr :post, :create, {raw: 'hello', reply_to_post_number: 6789}
end end
it "passes image_sizes through" do it "passes image_sizes through" do
PostCreator.expects(:new).with(user, has_entries(image_sizes: 'test')).returns(post_creator) PostCreator.expects(:new).with(user, has_entries('image_sizes' => 'test')).returns(post_creator)
xhr :post, :create, post: {raw: 'hello'}, image_sizes: 'test' xhr :post, :create, {raw: 'hello', image_sizes: 'test'}
end end
it "passes meta_data through" do it "passes meta_data through" do
PostCreator.expects(:new).with(user, has_entries(meta_data: {'xyz' => 'abc'})).returns(post_creator) PostCreator.expects(:new).with(user, has_entries('meta_data' => {'xyz' => 'abc'})).returns(post_creator)
xhr :post, :create, post: {raw: 'hello'}, meta_data: {xyz: 'abc'} xhr :post, :create, {raw: 'hello', meta_data: {xyz: 'abc'}}
end end
end end