summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2014-06-26 18:51:11 +0300
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2014-06-26 18:51:11 +0300
commit2acde87e0d223bbc3ecd15777b9a1048d6bc5172 (patch)
tree64f8432402547087a65ba7a1649e32e7bb96f416
parente382c8dfc7fb4bdbf57c770338805a1e17915fd1 (diff)
downloadgitlab-ce-2acde87e0d223bbc3ecd15777b9a1048d6bc5172.tar.gz
Project hook, milestone, snippet strong params
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-rw-r--r--app/controllers/admin/hooks_controller.rb6
-rw-r--r--app/controllers/projects/hooks_controller.rb2
-rw-r--r--app/controllers/projects/milestones_controller.rb8
-rw-r--r--app/controllers/projects/snippets_controller.rb8
-rw-r--r--app/controllers/snippets_controller.rb8
-rw-r--r--app/models/milestone.rb2
-rw-r--r--app/models/project_hook.rb2
-rw-r--r--app/models/snippet.rb2
8 files changed, 24 insertions, 14 deletions
diff --git a/app/controllers/admin/hooks_controller.rb b/app/controllers/admin/hooks_controller.rb
index c5bf76f8c39..0a463239d74 100644
--- a/app/controllers/admin/hooks_controller.rb
+++ b/app/controllers/admin/hooks_controller.rb
@@ -5,7 +5,7 @@ class Admin::HooksController < Admin::ApplicationController
end
def create
- @hook = SystemHook.new(params[:hook])
+ @hook = SystemHook.new(hook_params)
if @hook.save
redirect_to admin_hooks_path, notice: 'Hook was successfully created.'
@@ -37,4 +37,8 @@ class Admin::HooksController < Admin::ApplicationController
redirect_to :back
end
+
+ def hook_params
+ params.require(:hook).permit(:url)
+ end
end
diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb
index b34ce5265d9..268e19f26ee 100644
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@@ -42,6 +42,6 @@ class Projects::HooksController < Projects::ApplicationController
end
def hook_params
- params.require(:hook).permit(:url)
+ params.require(:hook).permit(:url, :push_events, :issues_events, :merge_requests_events, :tag_push_events)
end
end
diff --git a/app/controllers/projects/milestones_controller.rb b/app/controllers/projects/milestones_controller.rb
index c38c77d6b85..d338cdedfaf 100644
--- a/app/controllers/projects/milestones_controller.rb
+++ b/app/controllers/projects/milestones_controller.rb
@@ -37,7 +37,7 @@ class Projects::MilestonesController < Projects::ApplicationController
end
def create
- @milestone = Milestones::CreateService.new(project, current_user, params[:milestone]).execute
+ @milestone = Milestones::CreateService.new(project, current_user, milestone_params).execute
if @milestone.save
redirect_to project_milestone_path(@project, @milestone)
@@ -47,7 +47,7 @@ class Projects::MilestonesController < Projects::ApplicationController
end
def update
- @milestone = Milestones::UpdateService.new(project, current_user, params[:milestone]).execute(milestone)
+ @milestone = Milestones::UpdateService.new(project, current_user, milestone_params).execute(milestone)
respond_to do |format|
format.js
@@ -105,4 +105,8 @@ class Projects::MilestonesController < Projects::ApplicationController
def module_enabled
return render_404 unless @project.issues_enabled
end
+
+ def milestone_params
+ params.require(:milestone).permit(:title, :description, :due_date, :state_event)
+ end
end
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index f93f2d5f9bb..25026973118 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -25,7 +25,7 @@ class Projects::SnippetsController < Projects::ApplicationController
end
def create
- @snippet = @project.snippets.build(params[:project_snippet])
+ @snippet = @project.snippets.build(snippet_params)
@snippet.author = current_user
if @snippet.save
@@ -39,7 +39,7 @@ class Projects::SnippetsController < Projects::ApplicationController
end
def update
- if @snippet.update_attributes(params[:project_snippet])
+ if @snippet.update_attributes(snippet_params)
redirect_to project_snippet_path(@project, @snippet)
else
respond_with(@snippet)
@@ -86,4 +86,8 @@ class Projects::SnippetsController < Projects::ApplicationController
def module_enabled
return render_404 unless @project.snippets_enabled
end
+
+ def snippet_params
+ params.require(:project_snippet).permit(:title, :content, :file_name, :private)
+ end
end
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 4fe98f804dc..e75db61e680 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -51,7 +51,7 @@ class SnippetsController < ApplicationController
end
def create
- @snippet = PersonalSnippet.new(params[:personal_snippet])
+ @snippet = PersonalSnippet.new(snippet_params)
@snippet.author = current_user
if @snippet.save
@@ -65,7 +65,7 @@ class SnippetsController < ApplicationController
end
def update
- if @snippet.update_attributes(params[:personal_snippet])
+ if @snippet.update_attributes(snippet_params)
redirect_to snippet_path(@snippet)
else
respond_with @snippet
@@ -109,4 +109,8 @@ class SnippetsController < ApplicationController
def set_title
@title = 'Snippets'
end
+
+ def snippet_params
+ params.require(:personal_snippet).permit(:title, :content, :file_name, :private)
+ end
end
diff --git a/app/models/milestone.rb b/app/models/milestone.rb
index e28de72c37f..8fd3e56d2ee 100644
--- a/app/models/milestone.rb
+++ b/app/models/milestone.rb
@@ -16,8 +16,6 @@
class Milestone < ActiveRecord::Base
include InternalId
- #attr_accessible :title, :description, :due_date, :state_event
-
belongs_to :project
has_many :issues
has_many :merge_requests
diff --git a/app/models/project_hook.rb b/app/models/project_hook.rb
index ffede4c7025..21867a9316c 100644
--- a/app/models/project_hook.rb
+++ b/app/models/project_hook.rb
@@ -18,8 +18,6 @@
class ProjectHook < WebHook
belongs_to :project
- #attr_accessible :push_events, :issues_events, :merge_requests_events, :tag_push_events
-
scope :push_hooks, -> { where(push_events: true) }
scope :tag_push_hooks, -> { where(tag_push_events: true) }
scope :issue_hooks, -> { where(issues_events: true) }
diff --git a/app/models/snippet.rb b/app/models/snippet.rb
index 958697f70cd..2c38e7939bd 100644
--- a/app/models/snippet.rb
+++ b/app/models/snippet.rb
@@ -18,8 +18,6 @@
class Snippet < ActiveRecord::Base
include Linguist::BlobHelper
- #attr_accessible :title, :content, :file_name, :expires_at, :private
-
default_value_for :private, true
belongs_to :author, class_name: "User"