diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 18:51:11 +0300 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 18:51:11 +0300 |
commit | 2acde87e0d223bbc3ecd15777b9a1048d6bc5172 (patch) | |
tree | 64f8432402547087a65ba7a1649e32e7bb96f416 | |
parent | e382c8dfc7fb4bdbf57c770338805a1e17915fd1 (diff) | |
download | gitlab-ce-2acde87e0d223bbc3ecd15777b9a1048d6bc5172.tar.gz |
Project hook, milestone, snippet strong params
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-rw-r--r-- | app/controllers/admin/hooks_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/projects/hooks_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/projects/milestones_controller.rb | 8 | ||||
-rw-r--r-- | app/controllers/projects/snippets_controller.rb | 8 | ||||
-rw-r--r-- | app/controllers/snippets_controller.rb | 8 | ||||
-rw-r--r-- | app/models/milestone.rb | 2 | ||||
-rw-r--r-- | app/models/project_hook.rb | 2 | ||||
-rw-r--r-- | app/models/snippet.rb | 2 |
8 files changed, 24 insertions, 14 deletions
diff --git a/app/controllers/admin/hooks_controller.rb b/app/controllers/admin/hooks_controller.rb index c5bf76f8c39..0a463239d74 100644 --- a/app/controllers/admin/hooks_controller.rb +++ b/app/controllers/admin/hooks_controller.rb @@ -5,7 +5,7 @@ class Admin::HooksController < Admin::ApplicationController end def create - @hook = SystemHook.new(params[:hook]) + @hook = SystemHook.new(hook_params) if @hook.save redirect_to admin_hooks_path, notice: 'Hook was successfully created.' @@ -37,4 +37,8 @@ class Admin::HooksController < Admin::ApplicationController redirect_to :back end + + def hook_params + params.require(:hook).permit(:url) + end end diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb index b34ce5265d9..268e19f26ee 100644 --- a/app/controllers/projects/hooks_controller.rb +++ b/app/controllers/projects/hooks_controller.rb @@ -42,6 +42,6 @@ class Projects::HooksController < Projects::ApplicationController end def hook_params - params.require(:hook).permit(:url) + params.require(:hook).permit(:url, :push_events, :issues_events, :merge_requests_events, :tag_push_events) end end diff --git a/app/controllers/projects/milestones_controller.rb b/app/controllers/projects/milestones_controller.rb index c38c77d6b85..d338cdedfaf 100644 --- a/app/controllers/projects/milestones_controller.rb +++ b/app/controllers/projects/milestones_controller.rb @@ -37,7 +37,7 @@ class Projects::MilestonesController < Projects::ApplicationController end def create - @milestone = Milestones::CreateService.new(project, current_user, params[:milestone]).execute + @milestone = Milestones::CreateService.new(project, current_user, milestone_params).execute if @milestone.save redirect_to project_milestone_path(@project, @milestone) @@ -47,7 +47,7 @@ class Projects::MilestonesController < Projects::ApplicationController end def update - @milestone = Milestones::UpdateService.new(project, current_user, params[:milestone]).execute(milestone) + @milestone = Milestones::UpdateService.new(project, current_user, milestone_params).execute(milestone) respond_to do |format| format.js @@ -105,4 +105,8 @@ class Projects::MilestonesController < Projects::ApplicationController def module_enabled return render_404 unless @project.issues_enabled end + + def milestone_params + params.require(:milestone).permit(:title, :description, :due_date, :state_event) + end end diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb index f93f2d5f9bb..25026973118 100644 --- a/app/controllers/projects/snippets_controller.rb +++ b/app/controllers/projects/snippets_controller.rb @@ -25,7 +25,7 @@ class Projects::SnippetsController < Projects::ApplicationController end def create - @snippet = @project.snippets.build(params[:project_snippet]) + @snippet = @project.snippets.build(snippet_params) @snippet.author = current_user if @snippet.save @@ -39,7 +39,7 @@ class Projects::SnippetsController < Projects::ApplicationController end def update - if @snippet.update_attributes(params[:project_snippet]) + if @snippet.update_attributes(snippet_params) redirect_to project_snippet_path(@project, @snippet) else respond_with(@snippet) @@ -86,4 +86,8 @@ class Projects::SnippetsController < Projects::ApplicationController def module_enabled return render_404 unless @project.snippets_enabled end + + def snippet_params + params.require(:project_snippet).permit(:title, :content, :file_name, :private) + end end diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index 4fe98f804dc..e75db61e680 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -51,7 +51,7 @@ class SnippetsController < ApplicationController end def create - @snippet = PersonalSnippet.new(params[:personal_snippet]) + @snippet = PersonalSnippet.new(snippet_params) @snippet.author = current_user if @snippet.save @@ -65,7 +65,7 @@ class SnippetsController < ApplicationController end def update - if @snippet.update_attributes(params[:personal_snippet]) + if @snippet.update_attributes(snippet_params) redirect_to snippet_path(@snippet) else respond_with @snippet @@ -109,4 +109,8 @@ class SnippetsController < ApplicationController def set_title @title = 'Snippets' end + + def snippet_params + params.require(:personal_snippet).permit(:title, :content, :file_name, :private) + end end diff --git a/app/models/milestone.rb b/app/models/milestone.rb index e28de72c37f..8fd3e56d2ee 100644 --- a/app/models/milestone.rb +++ b/app/models/milestone.rb @@ -16,8 +16,6 @@ class Milestone < ActiveRecord::Base include InternalId - #attr_accessible :title, :description, :due_date, :state_event - belongs_to :project has_many :issues has_many :merge_requests diff --git a/app/models/project_hook.rb b/app/models/project_hook.rb index ffede4c7025..21867a9316c 100644 --- a/app/models/project_hook.rb +++ b/app/models/project_hook.rb @@ -18,8 +18,6 @@ class ProjectHook < WebHook belongs_to :project - #attr_accessible :push_events, :issues_events, :merge_requests_events, :tag_push_events - scope :push_hooks, -> { where(push_events: true) } scope :tag_push_hooks, -> { where(tag_push_events: true) } scope :issue_hooks, -> { where(issues_events: true) } diff --git a/app/models/snippet.rb b/app/models/snippet.rb index 958697f70cd..2c38e7939bd 100644 --- a/app/models/snippet.rb +++ b/app/models/snippet.rb @@ -18,8 +18,6 @@ class Snippet < ActiveRecord::Base include Linguist::BlobHelper - #attr_accessible :title, :content, :file_name, :expires_at, :private - default_value_for :private, true belongs_to :author, class_name: "User" |