Skip to content
Extraits de code Groupes Projets
Valider 0e26a496 rédigé par James Fleming's avatar James Fleming Validation de Jonne Haß
Parcourir les fichiers

Strong parameters for User

Fetch user params instead of require.
parent 686d3baa
Aucune branche associée trouvée
Aucune étiquette associée trouvée
Aucune requête de fusion associée trouvée
...@@ -9,7 +9,7 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -9,7 +9,7 @@ class RegistrationsController < Devise::RegistrationsController
before_filter -> { @css_framework = :bootstrap }, only: [:new] before_filter -> { @css_framework = :bootstrap }, only: [:new]
def create def create
@user = User.build(params[:user]) @user = User.build(user_params)
@user.process_invite_acceptence(invite) if invite.present? @user.process_invite_acceptence(invite) if invite.present?
if @user.save if @user.save
...@@ -54,4 +54,8 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -54,4 +54,8 @@ class RegistrationsController < Devise::RegistrationsController
end end
helper_method :invite helper_method :invite
def user_params
params.require(:user).permit(:username, :email, :getting_started, :password, :password_confirmation, :language, :disable_mail, :invitation_service, :invitation_identifier, :show_community_spotlight_in_stream, :auto_follow_back, :auto_follow_back_aspect_id, :remember_me)
end
end end
...@@ -24,7 +24,7 @@ class UsersController < ApplicationController ...@@ -24,7 +24,7 @@ class UsersController < ApplicationController
password_changed = false password_changed = false
@user = current_user @user = current_user
if u = params[:user] if u = user_params
u.delete(:password) if u[:password].blank? u.delete(:password) if u[:password].blank?
u.delete(:password_confirmation) if u[:password].blank? and u[:password_confirmation].blank? u.delete(:password_confirmation) if u[:password].blank? and u[:password_confirmation].blank?
u.delete(:language) if u[:language].blank? u.delete(:language) if u[:language].blank?
...@@ -125,7 +125,8 @@ class UsersController < ApplicationController ...@@ -125,7 +125,8 @@ class UsersController < ApplicationController
def getting_started_completed def getting_started_completed
user = current_user user = current_user
user.update_attributes(:getting_started => false) user.getting_started = false
user.save
redirect_to stream_path redirect_to stream_path
end end
...@@ -157,4 +158,10 @@ class UsersController < ApplicationController ...@@ -157,4 +158,10 @@ class UsersController < ApplicationController
end end
redirect_to edit_user_path redirect_to edit_user_path
end end
private
def user_params
params.fetch(:user).permit(:username, :email, :current_password, :password, :password_confirmation, :language, :disable_mail, :invitation_service, :invitation_identifier, :show_community_spotlight_in_stream, :auto_follow_back, :auto_follow_back_aspect_id, :remember_me, :email_preferences => [:also_commented, :mentioned, :comment_on_post, :private_message, :started_sharing, :liked, :reshared])
end
end end
...@@ -7,6 +7,7 @@ class User < ActiveRecord::Base ...@@ -7,6 +7,7 @@ class User < ActiveRecord::Base
include Connecting include Connecting
include Querying include Querying
include SocialActions include SocialActions
include ActiveModel::ForbiddenAttributesProtection
scope :logged_in_since, lambda { |time| where('last_sign_in_at > ?', time) } scope :logged_in_since, lambda { |time| where('last_sign_in_at > ?', time) }
scope :monthly_actives, lambda { |time = Time.now| logged_in_since(time - 1.month) } scope :monthly_actives, lambda { |time = Time.now| logged_in_since(time - 1.month) }
...@@ -67,21 +68,6 @@ class User < ActiveRecord::Base ...@@ -67,21 +68,6 @@ class User < ActiveRecord::Base
before_save :guard_unconfirmed_email, before_save :guard_unconfirmed_email,
:save_person! :save_person!
attr_accessible :username,
:email,
:getting_started,
:password,
:password_confirmation,
:language,
:disable_mail,
:invitation_service,
:invitation_identifier,
:show_community_spotlight_in_stream,
:auto_follow_back,
:auto_follow_back_aspect_id,
:remember_me
def self.all_sharing_with_person(person) def self.all_sharing_with_person(person)
User.joins(:contacts).where(:contacts => {:person_id => person.id}) User.joins(:contacts).where(:contacts => {:person_id => person.id})
end end
......
0% Chargement en cours ou .
You are about to add 0 people to the discussion. Proceed with caution.
Terminez d'abord l'édition de ce message.
Veuillez vous inscrire ou vous pour commenter