From b86b409f7db1997a09fada05fa6a9879f3a266dc Mon Sep 17 00:00:00 2001 From: James Fleming Date: Thu, 27 Jun 2013 18:09:16 +0200 Subject: [PATCH] Strong parameters for Conversation --- app/controllers/conversations_controller.rb | 11 ++++++----- app/models/conversation.rb | 1 + 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/app/controllers/conversations_controller.rb b/app/controllers/conversations_controller.rb index 986bcc145..9e5102cf7 100644 --- a/app/controllers/conversations_controller.rb +++ b/app/controllers/conversations_controller.rb @@ -34,13 +34,14 @@ class ConversationsController < ApplicationController person_ids = Contact.where(:id => params[:contact_ids].split(',')).map(&:person_id) end - params[:conversation][:participant_ids] = [*person_ids] | [current_user.person_id] - params[:conversation][:author] = current_user.person - message_text = params[:conversation].delete(:text) - params[:conversation][:messages_attributes] = [ {:author => current_user.person, :text => message_text }] + @conversation = Conversation.new + @conversation.subject = params[:conversation][:subject] + @conversation.participant_ids = [*person_ids] | [current_user.person_id] + @conversation.author = current_user.person + message_text = params[:conversation][:text] + @conversation.messages_attributes = [ {:author => current_user.person, :text => message_text }] @response = {} - @conversation = Conversation.new(params[:conversation]) if person_ids.present? && @conversation.save Postzord::Dispatcher.build(current_user, @conversation).post @response[:success] = true diff --git a/app/models/conversation.rb b/app/models/conversation.rb index 8d2f25c25..531cd0b9f 100644 --- a/app/models/conversation.rb +++ b/app/models/conversation.rb @@ -1,6 +1,7 @@ class Conversation < ActiveRecord::Base include Diaspora::Federated::Base include Diaspora::Guid + include ActiveModel::ForbiddenAttributesProtection xml_attr :subject xml_attr :created_at