nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Strong parameters for User

Browse source 
Fetch user params instead of require.
This commit is contained in:
James Fleming 2013-06-27 20:01:14 +02:00 committed by Jonne Haß
parent 686d3baaad
commit 0e26a496b8
3 changed files with 15 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/registrations_controller.rb
View file

@ -9,7 +9,7 @@ class RegistrationsController < Devise::RegistrationsController
before_filter -> { @css_framework = :bootstrap }, only: [:new] before_filter -> { @css_framework = :bootstrap }, only: [:new]
def create def create
@user = User.build(params[:user]) @user = User.build(user_params)
@user.process_invite_acceptence(invite) if invite.present? @user.process_invite_acceptence(invite) if invite.present?
if @user.save if @user.save
@ -54,4 +54,8 @@ class RegistrationsController < Devise::RegistrationsController
end end
helper_method :invite helper_method :invite
def user_params
params.require(:user).permit(:username, :email, :getting_started, :password, :password_confirmation, :language, :disable_mail, :invitation_service, :invitation_identifier, :show_community_spotlight_in_stream, :auto_follow_back, :auto_follow_back_aspect_id, :remember_me)
end
end end

11
app/controllers/users_controller.rb
View file

@ -24,7 +24,7 @@ class UsersController < ApplicationController
password_changed = false password_changed = false
@user = current_user @user = current_user
if u = params[:user] if u = user_params
u.delete(:password) if u[:password].blank? u.delete(:password) if u[:password].blank?
u.delete(:password_confirmation) if u[:password].blank? and u[:password_confirmation].blank? u.delete(:password_confirmation) if u[:password].blank? and u[:password_confirmation].blank?
u.delete(:language) if u[:language].blank? u.delete(:language) if u[:language].blank?
@ -125,7 +125,8 @@ class UsersController < ApplicationController
def getting_started_completed def getting_started_completed
user = current_user user = current_user
user.update_attributes(:getting_started => false) user.getting_started = false
user.save
redirect_to stream_path redirect_to stream_path
end end
@ -157,4 +158,10 @@ class UsersController < ApplicationController
end end
redirect_to edit_user_path redirect_to edit_user_path
end end
private
def user_params
params.fetch(:user).permit(:username, :email, :current_password, :password, :password_confirmation, :language, :disable_mail, :invitation_service, :invitation_identifier, :show_community_spotlight_in_stream, :auto_follow_back, :auto_follow_back_aspect_id, :remember_me, :email_preferences => [:also_commented, :mentioned, :comment_on_post, :private_message, :started_sharing, :liked, :reshared])
end
end end

16
app/models/user.rb
View file

@ -7,6 +7,7 @@ class User < ActiveRecord::Base
include Connecting include Connecting
include Querying include Querying
include SocialActions include SocialActions
include ActiveModel::ForbiddenAttributesProtection
scope :logged_in_since, lambda { |time| where('last_sign_in_at > ?', time) } scope :logged_in_since, lambda { |time| where('last_sign_in_at > ?', time) }
scope :monthly_actives, lambda { |time = Time.now| logged_in_since(time - 1.month) } scope :monthly_actives, lambda { |time = Time.now| logged_in_since(time - 1.month) }
@ -67,21 +68,6 @@ class User < ActiveRecord::Base
before_save :guard_unconfirmed_email, before_save :guard_unconfirmed_email,
:save_person! :save_person!
attr_accessible :username,
:email,
:getting_started,
:password,
:password_confirmation,
:language,
:disable_mail,
:invitation_service,
:invitation_identifier,
:show_community_spotlight_in_stream,
:auto_follow_back,
:auto_follow_back_aspect_id,
:remember_me
def self.all_sharing_with_person(person) def self.all_sharing_with_person(person)
User.joins(:contacts).where(:contacts => {:person_id => person.id}) User.joins(:contacts).where(:contacts => {:person_id => person.id})
end end