Strong parameters.

author: Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> 2017-03-11 02:58:19 +0100
committer: Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> 2017-03-11 02:58:19 +0100
commit: 72f18b0e31fc2b2efac4f475477b44a41e3264d3 (patch)
tree: bdc6c0165bfd33a25a22b1c9f367f38a9f5b4ba0
parent: 9dcf637963216e81277764815ca3703c45cdf059 (diff)
download: ecs-72f18b0e31fc2b2efac4f475477b44a41e3264d3.tar.gz
ecs-72f18b0e31fc2b2efac4f475477b44a41e3264d3.zip
4 files changed, 73 insertions, 8 deletions
diff --git a/app/controllers/admin/communities_controller.rb b/app/controllers/admin/communities_controller.rb
index e358e26..cb6d6d4 100644
--- a/app/controllers/admin/communities_controller.rb
+++ b/app/controllers/admin/communities_controller.rb
@@ -40,7 +40,7 @@ class Admin::CommunitiesController < ApplicationController
   end
 
   def create
-    @community = Community.new(params[:community])
+    @community = Community.new(community_params)
     if @community.save
       flash[:notice] = 'Community was successfully created.'
       redirect_to admin_community_path(@community)
@@ -55,7 +55,7 @@ class Admin::CommunitiesController < ApplicationController
 
   def update
     @community = Community.find(params[:id])
-    if @community.update_attributes(params[:community])
+    if @community.update_attributes(community_params)
       flash[:notice] = 'Community was successfully updated.'
       redirect_to admin_community_path(@community)
     else
@@ -92,4 +92,11 @@ class Admin::CommunitiesController < ApplicationController
     redirect_to index_admin_community_nonparticipants_path(:id=>params[:id])
   end
 
+private
+
+  def community_params
+    params.require(:community).permit(:name, :description)
+  end
+
+
 end
diff --git a/app/controllers/admin/organizations_controller.rb b/app/controllers/admin/organizations_controller.rb
index 238e8c2..e52323e 100644
--- a/app/controllers/admin/organizations_controller.rb
+++ b/app/controllers/admin/organizations_controller.rb
@@ -40,7 +40,7 @@ class Admin::OrganizationsController < ApplicationController
   end
 
   def create
-    @organization = Organization.new(params[:organization])
+    @organization = Organization.new(organization_params)
     if @organization.save
       flash[:notice] = 'Organization was successfully created.'
       redirect_to :action => 'index'
@@ -55,7 +55,7 @@ class Admin::OrganizationsController < ApplicationController
 
   def update
     @organization = Organization.find(params[:id])
-    if @organization.update_attributes(params[:organization])
+    if @organization.update_attributes(organization_params)
       flash[:notice] = 'Organization was successfully updated.'
       redirect_to :action => 'index'
     else
@@ -68,5 +68,11 @@ class Admin::OrganizationsController < ApplicationController
     redirect_to :action => 'index'
   end
 
+private
+
+  def organization_params
+    params.require(:organization).permit(:name, :description, :abrev)
+  end
+
 end
 
diff --git a/app/controllers/admin/participants_controller.rb b/app/controllers/admin/participants_controller.rb
index 88f475f..e2af77e 100644
--- a/app/controllers/admin/participants_controller.rb
+++ b/app/controllers/admin/participants_controller.rb
@@ -70,7 +70,7 @@ class Admin::ParticipantsController < ApplicationController
   end
 
   def create
-    @participant = Participant.new(params[:participant])
+    @participant = Participant.new(participant_params)
     @participant.ptype = Participant::TYPE[:main]
     if @participant.save
       flash[:notice] = "Participant \"#{CGI.escapeHTML @participant.name}\" was successfully created."
@@ -100,7 +100,7 @@ class Admin::ParticipantsController < ApplicationController
     @organizations = Organization.all.order(:id)
     @participant = Participant.find(params[:id])
     lmsgs= leaved_messages(@participant, params[:participant][:community_ids])
-    if @participant.update_attributes(params[:participant])
+    if @participant.update_attributes(participant_params)
       generate_destroyed_events_by_leaving_a_community(@participant,lmsgs) unless lmsgs.blank?
       flash[:notice] = 'Participant was successfully updated.'
       redirect_to admin_participant_path(:id => @participant)
@@ -170,4 +170,50 @@ private
     end
     leaved_messages.flatten.compact.uniq
   end
+
+  def participant_params
+    params.require(:participant).permit(:name, :description, :dns, :email, :organization_id, :community_selfrouting, :events_, community_ids: [],
+                                        identities_attributes: [:id, :name, :description, :_destroy])
+    #  Parameter-Example:
+    #    { "utf8"=>"✓",
+    #      "authenticity_token"=>"NQtz97vmdpbhtkRAwEaouDia55K+XXnApAN9+flu2sw=",
+    #      "participant"=>
+    #        {
+    #          "name"=>"Universität Stuttgart ILIAS",
+    #          "description"=>"Zentrale E-Learning Plattform.",
+    #          "dns"=>"ilias3.uni-stuttgart.de",
+    #          "email"=>"christian.bogen@tik.uni-stuttgart.de",
+    #          "organization_id"=>"3",
+    #          "community_selfrouting"=>"0",
+    #          "events_"=>"1",
+    #          "identities_attributes"=>
+    #            {
+    #              "0"=>
+    #                {
+    #                  "name"=>"27_vorkauf@rus.uni-stuttgart.de",
+    #                  "description"=>"X.509 credentials",
+    #                  "_destroy"=>"0",
+    #                  "id"=>"4"
+    #                },
+    #              "1"=>
+    #                {
+    #                  "name"=>"A2_vorkauf@rus.uni-stuttgart.de",
+    #                  "description"=>"X.509 credentials",
+    #                  "_destroy"=>"0",
+    #                  "id"=>"21"
+    #                },
+    #              "2"=>
+    #                {
+    #                  "name"=>"hubba bubba",
+    #                  "description"=>"Und noch mehr"
+    #                }
+    #            },
+    #            "community_ids"=>["1"]
+    #        },
+    #      "commit"=>"Save",
+    #      "id"=>"12"
+    #    }
+  end
+
+ 
 end
diff --git a/app/controllers/admin/ressources_controller.rb b/app/controllers/admin/ressources_controller.rb
index 3c5367b..293681b 100644
--- a/app/controllers/admin/ressources_controller.rb
+++ b/app/controllers/admin/ressources_controller.rb
@@ -42,7 +42,7 @@ class Admin::RessourcesController < ApplicationController
   end
 
   def create
-    @ressource = Ressource.new(params[:ressource])
+    @ressource = Ressource.new(ressource_params)
     if @ressource.save
       flash[:notice] = 'Ressource was successfully created.'
       redirect_to admin_ressources_path
@@ -58,7 +58,7 @@ class Admin::RessourcesController < ApplicationController
   def update
     #params[:participant][:community_ids] ||= []
     @ressource = Ressource.find(params[:id])
-    if @ressource.update_attributes(params[:ressource])
+    if @ressource.update_attributes(ressource_params)
       flash[:notice] = 'Ressource was successfully updated.'
       redirect_to admin_ressource_path(:id => @ressource)
     else
@@ -71,4 +71,10 @@ class Admin::RessourcesController < ApplicationController
     redirect_to admin_ressources_path
   end
 
+private
+
+  def ressource_params
+    params.require(:ressource).permit(:namespace, :ressource, :postroute, :events)
+  end
+
 end
author	Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de>	2017-03-11 02:58:19 +0100
committer	Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de>	2017-03-11 02:58:19 +0100
commit	72f18b0e31fc2b2efac4f475477b44a41e3264d3 (patch)
tree	bdc6c0165bfd33a25a22b1c9f367f38a9f5b4ba0
parent	9dcf637963216e81277764815ca3703c45cdf059 (diff)
download	ecs-72f18b0e31fc2b2efac4f475477b44a41e3264d3.tar.gz ecs-72f18b0e31fc2b2efac4f475477b44a41e3264d3.zip