diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 18:45:33 +0300 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-26 18:45:33 +0300 |
| commit | e382c8dfc7fb4bdbf57c770338805a1e17915fd1 (patch) | |
| tree | 2553669d7af120c9dd06d53ac18849805771a15d | |
| parent | f86afb732b0842cc1e65e504a60016998385a3dc (diff) | |
| download | gitlab-ce-e382c8dfc7fb4bdbf57c770338805a1e17915fd1.tar.gz | |
team member and hook strong params
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| -rw-r--r-- | app/controllers/projects/hooks_controller.rb | 6 | ||||
| -rw-r--r-- | app/controllers/projects/team_members_controller.rb | 6 | ||||
| -rw-r--r-- | app/models/users_project.rb | 2 | ||||
| -rw-r--r-- | app/models/web_hook.rb | 2 |
4 files changed, 10 insertions, 6 deletions
diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb index c43d26385f7..b34ce5265d9 100644 --- a/app/controllers/projects/hooks_controller.rb +++ b/app/controllers/projects/hooks_controller.rb @@ -12,7 +12,7 @@ class Projects::HooksController < Projects::ApplicationController end def create - @hook = @project.hooks.new(params[:hook]) + @hook = @project.hooks.new(hook_params) @hook.save if @hook.valid? @@ -40,4 +40,8 @@ class Projects::HooksController < Projects::ApplicationController def hook @hook ||= @project.hooks.find(params[:id]) end + + def hook_params + params.require(:hook).permit(:url) + end end diff --git a/app/controllers/projects/team_members_controller.rb b/app/controllers/projects/team_members_controller.rb index 44068878cd1..1de5bac9ee8 100644 --- a/app/controllers/projects/team_members_controller.rb +++ b/app/controllers/projects/team_members_controller.rb @@ -27,7 +27,7 @@ class Projects::TeamMembersController < Projects::ApplicationController def update @user_project_relation = project.users_projects.find_by(user_id: member) - @user_project_relation.update_attributes(params[:team_member]) + @user_project_relation.update_attributes(member_params) unless @user_project_relation.valid? flash[:alert] = "User should have at least one role" @@ -67,4 +67,8 @@ class Projects::TeamMembersController < Projects::ApplicationController def member @member ||= User.find_by(username: params[:id]) end + + def member_params + params.require(:team_member).permit(:user_id, :project_access) + end end diff --git a/app/models/users_project.rb b/app/models/users_project.rb index 409282ec818..69b2d71b436 100644 --- a/app/models/users_project.rb +++ b/app/models/users_project.rb @@ -16,8 +16,6 @@ class UsersProject < ActiveRecord::Base include Notifiable include Gitlab::Access - #attr_accessible :user, :user_id, :project_access - belongs_to :user belongs_to :project diff --git a/app/models/web_hook.rb b/app/models/web_hook.rb index 7a48dcdc272..6cf0c1f683e 100644 --- a/app/models/web_hook.rb +++ b/app/models/web_hook.rb @@ -22,8 +22,6 @@ class WebHook < ActiveRecord::Base default_value_for :issues_events, false default_value_for :merge_requests_events, false - #attr_accessible :url - # HTTParty timeout default_timeout 10 |