From 686d3baaad0316f98fb71b2b981021efff9514d8 Mon Sep 17 00:00:00 2001
From: James Fleming <jflemingprod@gmail.com>
Date: Thu, 27 Jun 2013 18:47:33 +0200
Subject: [PATCH] Strong parameters for InvitationsController.

Make InvitationsController#create spec pass
---
 app/controllers/invitations_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb
index 538f025aa..3ab954a68 100644
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@@ -50,7 +50,8 @@ class InvitationsController < ApplicationController
   end
 
   def create
-    emails = params[:email_inviter][:emails].split(',').map(&:strip).uniq
+    inviter_params = params.require(:email_inviter).permit(:message, :locale, :emails)
+    emails = inviter_params[:emails].split(',').map(&:strip).uniq
 
     valid_emails, invalid_emails = emails.partition { |email| valid_email?(email) }
 
@@ -60,8 +61,7 @@ class InvitationsController < ApplicationController
     unless valid_emails.empty?
       Workers::Mail::InviteEmail.perform_async(valid_emails.join(','),
                                                current_user.id,
-                                               params[:email_inviter])
-
+                                               inviter_params)
     end
 
     if emails.empty?