DG IZ; mass-assignment quick-fix in controllers

app/controllers/albums_controller.rb

@@ -16,7 +16,10 @@ class AlbumsController < ApplicationController
 
   def create
     aspect =  params[:album][:to]
-    @album = current_user.post(:album, params[:album])
+
+    data = clean_hash(params[:album])
+
+    @album = current_user.post(:album, data)
     flash[:notice] = "You've created an album called #{@album.name}."
     redirect_to :action => :show, :id => @album.id, :aspect => aspect
   end
@@ -47,7 +50,10 @@ class AlbumsController < ApplicationController
 
   def update
     @album = current_user.album_by_id params[:id]
-    if @album.update_attributes params[:album]
+
+    data = clean_hash(params[:album])
+
+    if @album.update_attributes data
       flash[:notice] = "Album #{@album.name} successfully edited."
       respond_with @album
     else
@@ -56,4 +62,11 @@ class AlbumsController < ApplicationController
     end
   end
 
+  private
+  def clean_hash(params)
+    return {
+      :name => params[:name],
+      :to   => params[:to]
+    }
+  end
 end

app/controllers/aspects_controller.rb

@@ -52,7 +52,9 @@ class AspectsController < ApplicationController
 
   def update
     @aspect = Aspect.find_by_id(params[:id])
-    @aspect.update_attributes(params[:aspect])
+
+    data = clean_hash(params[:aspect])
+    @aspect.update_attributes( data )
     flash[:notice] = "Your aspect, #{@aspect.name}, has been successfully edited."
     respond_with @aspect
   end
@@ -83,4 +85,12 @@ class AspectsController < ApplicationController
       respond_with Person.first(:id => params[:friend_id])
     end
   end
+
+  private
+  def clean_hash(params)
+    return {
+      :name => params[:name]
+    }
+  end
+
 end

app/controllers/dev_utilities_controller.rb

@@ -7,24 +7,6 @@ class DevUtilitiesController < ApplicationController
   before_filter :authenticate_user!, :except => [:set_backer_number]
   include ApplicationHelper
   include RequestsHelper
-def warzombie
-    render :nothing => true
-    if current_user.email == "tom@tom.joindiaspora.com" && StatusMessage.where(:message => "There's a bomb in the lasagna!?").first == nil
-      current_user.post(:status_message, :message => "There's a bomb in the lasagna!?")
-      current_user.post(:status_message, :message => "xkcd \nhttp://xkcd.com/743/" )
-      current_user.post(:status_message, :message => "I switched to Motoroi today, a Motorola Android-based phone, in Korea. Now, I am using Android phones in both the U.S. and Korea", :created_at => Time.now-930)
-      current_user.post(:status_message, :message => "I had 5 hours to study for it :-( GREs on Thursday. Wunderbar.", :created_at => Time.now-43990)
-      current_user.post(:status_message, :message => "Spotted in toy story 3: google maps, OSX, and windows XP. Two out of three isn't bad.", :created_at => Time.now-4390)
-      current_user.post(:status_message,  :message => "Reddit\nhttp://reddit.com", :created_at => Time.now-54390)
-      current_user.post(:status_message, :message => "Commercials for IE make me SO MAD and my friends just don't get why.", :created_at => Time.now-30900)
-      current_user.post(:status_message, :message => "Zombo.com\nhttp://zombo.com", :created_at => Time.now-9090)
-      current_user.post(:status_message, :message => "Why do I have \"No More Heroes\" by Westlife on repeat all day?", :created_at => Time.now-590000)
-      current_user.post(:status_message, :message => "Mmm. Friday night. Acknowledged.", :created_at => Time.now-503900)
-      current_user.post(:status_message, :message => "Getting a universal remote is the epitome of laziness, I do declare.", :created_at => Time.now-4400)
-      current_user.post(:status_message, :message => "Does anyone know how to merge two Skype contact entries of the same person? (i.e. one Skype ID and one mobile number)", :created_at => Time.now-400239)
-      current_user.post(:status_message, :message => "A cool, cool morning for once.", :created_at => Time.now-150000)
-    end
-  end
 
   def zombiefriends
     render :nothing => true

app/controllers/photos_controller.rb

@@ -33,7 +33,11 @@ class PhotosController < ApplicationController
 
 
       params[:user_file] = file
-      @photo = current_user.post(:photo, params)
+
+      data = clean_hash(params)
+
+
+      @photo = current_user.post(:photo, data)
 
       respond_to do |format|
         format.json{render(:layout => false , :json => {"success" => true, "data" => @photo}.to_json )}
@@ -83,7 +87,10 @@ class PhotosController < ApplicationController
 
   def update
     @photo = Photo.find_by_id params[:id]
-    if @photo.update_attributes params[:photo]
+
+    data = clean_hash(params)
+
+    if @photo.update_attributes data[:photo]
       flash[:notice] = "Photo successfully updated."
       respond_with @photo
     else
@@ -91,4 +98,17 @@ class PhotosController < ApplicationController
       render :action => :edit
     end
   end
+
+
+  private
+  def clean_hash(params)
+    return {
+      :photo => {
+        :caption   => params[:photo][:caption],
+      },
+      :album_id  => params[:album_id],
+      :user_file => params[:user_file]
+    }
+  end
+
 end

app/controllers/registrations_controller.rb

@@ -15,9 +15,7 @@ class RegistrationsController < Devise::RegistrationsController
       flash[:error] = e.message
     end
     if user
-      #set_flash_message :notice, :signed_up
       flash[:notice] = "You've joined Diaspora!"
-      #redirect_to root_url
       sign_in_and_redirect(:user, user)
     else
       redirect_to new_user_registration_path

app/controllers/status_messages_controller.rb

@@ -11,7 +11,10 @@ class StatusMessagesController < ApplicationController
 
   def create
     params[:status_message][:to] = params[:aspect_ids]
-    @status_message = current_user.post(:status_message, params[:status_message])
+
+    data = clean_hash params[:status_message]
+
+    @status_message = current_user.post(:status_message, data)
     respond_with @status_message
   end
 
@@ -25,4 +28,12 @@ class StatusMessagesController < ApplicationController
     @status_message = StatusMessage.find_by_id params[:id]
     respond_with @status_message
   end
+
+  private
+  def clean_hash(params)
+    return {
+      :message => params[:message],
+      :to      => params[:to]
+    }
+  end
 end

app/controllers/users_controller.rb

@@ -17,14 +17,15 @@ class UsersController < ApplicationController
 
   def update
     @user = current_user
-    prep_image_url(params[:user])
 
-    @user.update_profile params[:user]
+    data = clean_hash params[:user]
+    prep_image_url(data)
+
+    @user.update_profile data
     respond_with(@user, :location => root_url)
   end
 
   private
-
   def prep_image_url(params)
     if params[:profile][:image_url].empty?
       params[:profile].delete(:image_url)
@@ -32,4 +33,16 @@ class UsersController < ApplicationController
       params[:profile][:image_url] = "http://" + request.host + ":" + request.port.to_s + params[:profile][:image_url]
     end
   end
+
+  def clean_hash(params)
+    return {
+      :profile =>
+        {
+        :first_name => params[:profile][:first_name],
+        :last_name => params[:profile][:last_name],
+        :image_url => params[:profile][:image_url]
+        }
+    }
+  end
+
 end

app/models/aspect.rb

@@ -39,5 +39,6 @@ class Aspect
       }
     }
   end
+
 end
 

app/views/users/edit.html.haml

@@ -53,10 +53,6 @@
       = p.label :last_name 
       = p.text_field :last_name, :value => @profile.last_name
 
-  %p
-    = f.label :email
-    = f.text_field :email
-
   #submit_block
     = link_to "Cancel", root_path
     or