diff options
author | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2017-03-11 02:58:19 +0100 |
---|---|---|
committer | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2017-03-11 02:58:19 +0100 |
commit | 72f18b0e31fc2b2efac4f475477b44a41e3264d3 (patch) | |
tree | bdc6c0165bfd33a25a22b1c9f367f38a9f5b4ba0 | |
parent | 9dcf637963216e81277764815ca3703c45cdf059 (diff) | |
download | ecs-72f18b0e31fc2b2efac4f475477b44a41e3264d3.tar.gz ecs-72f18b0e31fc2b2efac4f475477b44a41e3264d3.zip |
Strong parameters.
-rw-r--r-- | app/controllers/admin/communities_controller.rb | 11 | ||||
-rw-r--r-- | app/controllers/admin/organizations_controller.rb | 10 | ||||
-rw-r--r-- | app/controllers/admin/participants_controller.rb | 50 | ||||
-rw-r--r-- | app/controllers/admin/ressources_controller.rb | 10 |
4 files changed, 73 insertions, 8 deletions
diff --git a/app/controllers/admin/communities_controller.rb b/app/controllers/admin/communities_controller.rb index e358e26..cb6d6d4 100644 --- a/app/controllers/admin/communities_controller.rb +++ b/app/controllers/admin/communities_controller.rb @@ -40,7 +40,7 @@ class Admin::CommunitiesController < ApplicationController end def create - @community = Community.new(params[:community]) + @community = Community.new(community_params) if @community.save flash[:notice] = 'Community was successfully created.' redirect_to admin_community_path(@community) @@ -55,7 +55,7 @@ class Admin::CommunitiesController < ApplicationController def update @community = Community.find(params[:id]) - if @community.update_attributes(params[:community]) + if @community.update_attributes(community_params) flash[:notice] = 'Community was successfully updated.' redirect_to admin_community_path(@community) else @@ -92,4 +92,11 @@ class Admin::CommunitiesController < ApplicationController redirect_to index_admin_community_nonparticipants_path(:id=>params[:id]) end +private + + def community_params + params.require(:community).permit(:name, :description) + end + + end diff --git a/app/controllers/admin/organizations_controller.rb b/app/controllers/admin/organizations_controller.rb index 238e8c2..e52323e 100644 --- a/app/controllers/admin/organizations_controller.rb +++ b/app/controllers/admin/organizations_controller.rb @@ -40,7 +40,7 @@ class Admin::OrganizationsController < ApplicationController end def create - @organization = Organization.new(params[:organization]) + @organization = Organization.new(organization_params) if @organization.save flash[:notice] = 'Organization was successfully created.' redirect_to :action => 'index' @@ -55,7 +55,7 @@ class Admin::OrganizationsController < ApplicationController def update @organization = Organization.find(params[:id]) - if @organization.update_attributes(params[:organization]) + if @organization.update_attributes(organization_params) flash[:notice] = 'Organization was successfully updated.' redirect_to :action => 'index' else @@ -68,5 +68,11 @@ class Admin::OrganizationsController < ApplicationController redirect_to :action => 'index' end +private + + def organization_params + params.require(:organization).permit(:name, :description, :abrev) + end + end diff --git a/app/controllers/admin/participants_controller.rb b/app/controllers/admin/participants_controller.rb index 88f475f..e2af77e 100644 --- a/app/controllers/admin/participants_controller.rb +++ b/app/controllers/admin/participants_controller.rb @@ -70,7 +70,7 @@ class Admin::ParticipantsController < ApplicationController end def create - @participant = Participant.new(params[:participant]) + @participant = Participant.new(participant_params) @participant.ptype = Participant::TYPE[:main] if @participant.save flash[:notice] = "Participant \"#{CGI.escapeHTML @participant.name}\" was successfully created." @@ -100,7 +100,7 @@ class Admin::ParticipantsController < ApplicationController @organizations = Organization.all.order(:id) @participant = Participant.find(params[:id]) lmsgs= leaved_messages(@participant, params[:participant][:community_ids]) - if @participant.update_attributes(params[:participant]) + if @participant.update_attributes(participant_params) generate_destroyed_events_by_leaving_a_community(@participant,lmsgs) unless lmsgs.blank? flash[:notice] = 'Participant was successfully updated.' redirect_to admin_participant_path(:id => @participant) @@ -170,4 +170,50 @@ private end leaved_messages.flatten.compact.uniq end + + def participant_params + params.require(:participant).permit(:name, :description, :dns, :email, :organization_id, :community_selfrouting, :events_, community_ids: [], + identities_attributes: [:id, :name, :description, :_destroy]) + # Parameter-Example: + # { "utf8"=>"✓", + # "authenticity_token"=>"NQtz97vmdpbhtkRAwEaouDia55K+XXnApAN9+flu2sw=", + # "participant"=> + # { + # "name"=>"Universität Stuttgart ILIAS", + # "description"=>"Zentrale E-Learning Plattform.", + # "dns"=>"ilias3.uni-stuttgart.de", + # "email"=>"christian.bogen@tik.uni-stuttgart.de", + # "organization_id"=>"3", + # "community_selfrouting"=>"0", + # "events_"=>"1", + # "identities_attributes"=> + # { + # "0"=> + # { + # "name"=>"27_vorkauf@rus.uni-stuttgart.de", + # "description"=>"X.509 credentials", + # "_destroy"=>"0", + # "id"=>"4" + # }, + # "1"=> + # { + # "name"=>"A2_vorkauf@rus.uni-stuttgart.de", + # "description"=>"X.509 credentials", + # "_destroy"=>"0", + # "id"=>"21" + # }, + # "2"=> + # { + # "name"=>"hubba bubba", + # "description"=>"Und noch mehr" + # } + # }, + # "community_ids"=>["1"] + # }, + # "commit"=>"Save", + # "id"=>"12" + # } + end + + end diff --git a/app/controllers/admin/ressources_controller.rb b/app/controllers/admin/ressources_controller.rb index 3c5367b..293681b 100644 --- a/app/controllers/admin/ressources_controller.rb +++ b/app/controllers/admin/ressources_controller.rb @@ -42,7 +42,7 @@ class Admin::RessourcesController < ApplicationController end def create - @ressource = Ressource.new(params[:ressource]) + @ressource = Ressource.new(ressource_params) if @ressource.save flash[:notice] = 'Ressource was successfully created.' redirect_to admin_ressources_path @@ -58,7 +58,7 @@ class Admin::RessourcesController < ApplicationController def update #params[:participant][:community_ids] ||= [] @ressource = Ressource.find(params[:id]) - if @ressource.update_attributes(params[:ressource]) + if @ressource.update_attributes(ressource_params) flash[:notice] = 'Ressource was successfully updated.' redirect_to admin_ressource_path(:id => @ressource) else @@ -71,4 +71,10 @@ class Admin::RessourcesController < ApplicationController redirect_to admin_ressources_path end +private + + def ressource_params + params.require(:ressource).permit(:namespace, :ressource, :postroute, :events) + end + end |