From 24bad5e6288e11b5218eca2204da5e063e74b1a8 Mon Sep 17 00:00:00 2001 From: Marcin Kulik Date: Wed, 12 Feb 2014 20:22:20 +0100 Subject: [PATCH] Use strong_parameters instead of protected_attributes --- Gemfile | 1 - Gemfile.lock | 3 --- app/controllers/asciicasts_controller.rb | 6 +++++- app/controllers/users_controller.rb | 12 ++++++++++-- app/models/api_token.rb | 2 -- app/models/asciicast.rb | 2 -- app/models/comment.rb | 2 -- app/models/user.rb | 2 -- app/services/asciicast_creator.rb | 2 +- spec/controllers/asciicasts_controller_spec.rb | 4 +++- spec/services/asciicast_creator_spec.rb | 3 +-- 11 files changed, 20 insertions(+), 19 deletions(-) diff --git a/Gemfile b/Gemfile index d32f007..52aafcc 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,6 @@ gem 'sass-rails', '~> 4.0.1' gem 'coffee-rails', '~> 4.0.1' gem 'uglifier', '>= 2.3.1' gem 'jquery-rails', '~> 3.0.4' -gem 'protected_attributes', '~> 1.0.5' gem 'pg', '~> 0.14' gem 'carrierwave', '~> 0.8.0' diff --git a/Gemfile.lock b/Gemfile.lock index 2a3af5a..4eaa402 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -205,8 +205,6 @@ GEM multi_json (~> 1.0) websocket-driver (>= 0.2.0) polyglot (0.3.3) - protected_attributes (1.0.5) - activemodel (>= 4.0.1, < 5.0) pry (0.9.12.4) coderay (~> 1.0) method_source (~> 0.8) @@ -372,7 +370,6 @@ DEPENDENCIES open4 (~> 1.3.0) pg (~> 0.14) poltergeist (~> 1.5.0) - protected_attributes (~> 1.0.5) pry-rails (~> 0.3.2) quiet_assets (~> 1.0.1) rails (~> 4.0.2) diff --git a/app/controllers/asciicasts_controller.rb b/app/controllers/asciicasts_controller.rb index 8934147..1266fc7 100644 --- a/app/controllers/asciicasts_controller.rb +++ b/app/controllers/asciicasts_controller.rb @@ -49,7 +49,7 @@ class AsciicastsController < ApplicationController end def update - if asciicast.update_attributes(params[:asciicast]) + if asciicast.update_attributes(update_params) redirect_to asciicast_path(asciicast), :notice => 'Asciicast was updated.' else @@ -84,4 +84,8 @@ class AsciicastsController < ApplicationController @view_counter ||= ViewCounter.new end + def update_params + params.require(:asciicast).permit(:title, :description) + end + end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 4bae9c8..3e363ca 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -32,7 +32,7 @@ class UsersController < ApplicationController def update @user = User.find(current_user.id) - if @user.update_attributes(params[:user]) + if @user.update_attributes(update_params) redirect_to profile_path(@user), notice: 'Account settings saved.' else render :edit, status: 422 @@ -46,10 +46,18 @@ class UsersController < ApplicationController end def build_user - user = User.new(params[:user]) + user = User.new(create_params) user.email = store[:new_user_email] user end + def create_params + params.fetch(:user, {}).permit(:nickname, :name) + end + + def update_params + params.require(:user).permit(:nickname, :name, :email) + end + end diff --git a/app/models/api_token.rb b/app/models/api_token.rb index a1308bf..f556479 100644 --- a/app/models/api_token.rb +++ b/app/models/api_token.rb @@ -7,8 +7,6 @@ class ApiToken < ActiveRecord::Base validates :user, :token, presence: true validates :token, uniqueness: true - attr_accessible :token - def self.for_token(token) ApiToken.where(token: token).first end diff --git a/app/models/asciicast.rb b/app/models/asciicast.rb index 5a3cca1..47012e9 100644 --- a/app/models/asciicast.rb +++ b/app/models/asciicast.rb @@ -25,8 +25,6 @@ class Asciicast < ActiveRecord::Base featured.by_random.limit(n).includes(:user) } - attr_accessible :title, :description, :time_compression - def self.cache_key timestamps = scoped.select(:updated_at).map { |o| o.updated_at.to_i } Digest::MD5.hexdigest timestamps.join('/') diff --git a/app/models/comment.rb b/app/models/comment.rb index d76c225..4cd688b 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -7,6 +7,4 @@ class Comment < ActiveRecord::Base belongs_to :user belongs_to :asciicast, :counter_cache => true - attr_accessible :body - end diff --git a/app/models/user.rb b/app/models/user.rb index ce2a450..9a23eef 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -8,8 +8,6 @@ class User < ActiveRecord::Base has_many :asciicasts, :dependent => :destroy has_many :comments, :dependent => :destroy - attr_accessible :nickname, :email, :name - validates :nickname, presence: true validates :nickname, uniqueness: { scope: :dummy }, unless: :dummy validates :email, presence: true, uniqueness: true, unless: :dummy diff --git a/app/services/asciicast_creator.rb b/app/services/asciicast_creator.rb index a371b27..5ba63b7 100644 --- a/app/services/asciicast_creator.rb +++ b/app/services/asciicast_creator.rb @@ -1,7 +1,7 @@ class AsciicastCreator def create(attributes) - asciicast = Asciicast.create!(attributes, without_protection: true) + asciicast = Asciicast.create!(attributes) AsciicastWorker.perform_async(asciicast.id) asciicast diff --git a/spec/controllers/asciicasts_controller_spec.rb b/spec/controllers/asciicasts_controller_spec.rb index 6c5628a..5eb6e31 100644 --- a/spec/controllers/asciicasts_controller_spec.rb +++ b/spec/controllers/asciicasts_controller_spec.rb @@ -133,7 +133,9 @@ describe AsciicastsController do end describe '#update' do - let(:make_request) { put :update, :id => asciicast.id, :asciicast => { } } + let(:make_request) { + put :update, id: asciicast.id, asciicast: { title: 'title'} + } before do expect(Asciicast).to receive(:find).and_return(asciicast) diff --git a/spec/services/asciicast_creator_spec.rb b/spec/services/asciicast_creator_spec.rb index 21918c1..387562a 100644 --- a/spec/services/asciicast_creator_spec.rb +++ b/spec/services/asciicast_creator_spec.rb @@ -17,8 +17,7 @@ describe AsciicastCreator do it 'calls Asciicast.create! with proper attributes' do subject - expect(Asciicast).to have_received(:create!). - with(attributes, { without_protection: true }) + expect(Asciicast).to have_received(:create!).with(attributes) end it 'enqueues a post-processing job' do