0d01c33482
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that. The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method. It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments. |
||
|---|---|---|
| .. | ||
| admin_controller_spec.rb | ||
| dashboard_controller_spec.rb | ||
| email_controller_spec.rb | ||
| export_controller_spec.rb | ||
| flags_controller_spec.rb | ||
| groups_controller_spec.rb | ||
| impersonate_controller_spec.rb | ||
| reports_controller_spec.rb | ||
| site_content_types_controller_spec.rb | ||
| site_contents_controller_spec.rb | ||
| site_customizations_controller_spec.rb | ||
| site_settings_controller_spec.rb | ||
| users_controller_spec.rb | ||
| versions_controller_spec.rb | ||