TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26557 Commits
139 Branches
203 Tags
1.2 GiB
Tag: Branch: Tree: fa8ce9d994
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fa8ce9d994'
${ noResults }
openproject/app/models/permitted_params.rb

657 lines
20 KiB
Raw Normal View History Unescape

updates copyright headers updates more copyright more copyright headers
11 years ago
#-- encoding: UTF-8
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update
12 years ago
#-- copyright
# OpenProject is a project management system.
Update year in copyright header to 2015 [ci skip]
10 years ago
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update
12 years ago
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
new copyright header #1903
11 years ago
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update
12 years ago
# See doc/COPYRIGHT.rdoc for more details.
#++
Refactor PermittedParams to class
9 years ago
class PermittedParams
Fix typos, spelling in model comments Signed-off-by: Alex Coles <alex@alexbcoles.com>
11 years ago
# This class intends to provide a method for all params hashes coming from the
Introduces strong_parameters whithout making use of it yet This introduces the strong_parameters gem. It will be default in rails4 so I consider it a good idea to start using it now. This commit does not yet make use of the possibilities. It is intended so we start using it and in order for it to be available to plugins.
12 years ago
# client and that are used for mass assignment.
#
# A method should look like the following:
#
# def name_of_the_params_key_referenced
# params.require(:name_of_the_params_key_referenced).permit(list_of_whitelisted_params)
# end
#
#
# A controller could use a permitted_params method like this
#
Refactor to allow for strong params We no longer need attr_accessible.
9 years ago
# model_instance.METHOD_USING_ASSIGMENT = permitted_params.name_of_the_params_key_referenced
Introduces strong_parameters whithout making use of it yet This introduces the strong_parameters gem. It will be default in rails4 so I consider it a good idea to start using it now. This commit does not yet make use of the possibilities. It is intended so we start using it and in order for it to be available to plugins.
12 years ago
#
Refactor PermittedParams to class
9 years ago
attr_reader :params, :current_user
def initialize(params, current_user)
@params = params
@current_user = current_user
end
Introduces strong_parameters whithout making use of it yet This introduces the strong_parameters gem. It will be default in rails4 so I consider it a good idea to start using it now. This commit does not yet make use of the possibilities. It is intended so we start using it and in order for it to be available to plugins.
12 years ago
allows for extending permitted_params
11 years ago
def self.permit(key, *params)
raise(ArgumentError, "no permitted params are configured for #{key}") unless permitted_attributes.has_key?(key)
permitted_attributes[key].concat(params)
end
use permitted params for auth_source
11 years ago
def auth_source
params.require(:auth_source).permit(*self.class.permitted_attributes[:auth_source])
end
use permitted params for board
11 years ago
def board
params.require(:board).permit(*self.class.permitted_attributes[:board])
end
def board?
params[:board] ? board : nil
end
sort methods of PermittedParams class
11 years ago
def board_move
params.require(:board).permit(*self.class.permitted_attributes[:move_to])
Open-sources timelines. This represents the timelines plugin that was merged with the OpenProject core and which had its history squashed. The timelines plugin development was sponsored by; Deutsche Telekom AG <opensource@telekom.de> Requirements engineering and management were provided by; Deutsche Telekom AG <opensource@telekom.de> Finn GmbH <info@finn.de> During the timelines development, the following authors have contributed commits; Martin Czuchra <m.czuchra@finn.de> Nils Kenneweg <n.kenneweg@finn.de> Romano Licker <r.licker@finn.de> Gregor Schmidt <g.schmidt@finn.de> Jens Ulferts <j.ulferts@finn.de> Johannes Wollert <j.wollert@finn.de> Quality Assurance was provided by; Erdem Kabadayi <e.kabadayi@telekom.de> Julia Pape <j.pape@finn.de> Christian Rijke <c.rijke@finn.de> Thomas Vogel <th.vogel@external.telekom.de>
12 years ago
end
def color
allows for extending permitted_params
11 years ago
params.require(:color).permit(*self.class.permitted_attributes[:color])
Open-sources timelines. This represents the timelines plugin that was merged with the OpenProject core and which had its history squashed. The timelines plugin development was sponsored by; Deutsche Telekom AG <opensource@telekom.de> Requirements engineering and management were provided by; Deutsche Telekom AG <opensource@telekom.de> Finn GmbH <info@finn.de> During the timelines development, the following authors have contributed commits; Martin Czuchra <m.czuchra@finn.de> Nils Kenneweg <n.kenneweg@finn.de> Romano Licker <r.licker@finn.de> Gregor Schmidt <g.schmidt@finn.de> Jens Ulferts <j.ulferts@finn.de> Johannes Wollert <j.wollert@finn.de> Quality Assurance was provided by; Erdem Kabadayi <e.kabadayi@telekom.de> Julia Pape <j.pape@finn.de> Christian Rijke <c.rijke@finn.de> Thomas Vogel <th.vogel@external.telekom.de>
12 years ago
end
def color_move
simplify move_to operations in permitted_params.rb
11 years ago
params.require(:color).permit(*self.class.permitted_attributes[:move_to])
Open-sources timelines. This represents the timelines plugin that was merged with the OpenProject core and which had its history squashed. The timelines plugin development was sponsored by; Deutsche Telekom AG <opensource@telekom.de> Requirements engineering and management were provided by; Deutsche Telekom AG <opensource@telekom.de> Finn GmbH <info@finn.de> During the timelines development, the following authors have contributed commits; Martin Czuchra <m.czuchra@finn.de> Nils Kenneweg <n.kenneweg@finn.de> Romano Licker <r.licker@finn.de> Gregor Schmidt <g.schmidt@finn.de> Jens Ulferts <j.ulferts@finn.de> Johannes Wollert <j.wollert@finn.de> Quality Assurance was provided by; Erdem Kabadayi <e.kabadayi@telekom.de> Julia Pape <j.pape@finn.de> Christian Rijke <c.rijke@finn.de> Thomas Vogel <th.vogel@external.telekom.de>
12 years ago
end
whitelist params for custom_fields
11 years ago
def custom_field
params.require(:custom_field).permit(*self.class.permitted_attributes[:custom_field])
end
make custom_fields Rails3ish - use ressource in routes.rb - use *_custom_field_path paths - use strong parameters everywhere
11 years ago
def custom_field_type
params.require(:type)
end
use strong params instead of attr_protected in member
11 years ago
fix unfortunate typos + review feedback
11 years ago
def enumeration_type
Fix legacy and cucumber specs failing because of strong params
9 years ago
params.fetch(:type, {})
feed permitted params to mass assignments in enumerations_controller
11 years ago
end
make custom_fields Rails3ish - use ressource in routes.rb - use *_custom_field_path paths - use strong parameters everywhere
11 years ago
use permitted_params for group_controller
11 years ago
def group
params.require(:group).permit(*self.class.permitted_attributes[:group])
end
def group_membership
params.permit(*self.class.permitted_attributes[:group_membership])
end
sort methods of PermittedParams class
11 years ago
def new_work_package(args = {})
permitted = permitted_attributes(:new_work_package, args)
permitted_params = params.require(:work_package).permit(*permitted)
permitted_params.merge!(custom_field_values(:work_package))
permitted_params
end
use strong params instead of attr_protected in member
11 years ago
def member
params.require(:member).permit(*self.class.permitted_attributes[:member])
end
Open-sources timelines. This represents the timelines plugin that was merged with the OpenProject core and which had its history squashed. The timelines plugin development was sponsored by; Deutsche Telekom AG <opensource@telekom.de> Requirements engineering and management were provided by; Deutsche Telekom AG <opensource@telekom.de> Finn GmbH <info@finn.de> During the timelines development, the following authors have contributed commits; Martin Czuchra <m.czuchra@finn.de> Nils Kenneweg <n.kenneweg@finn.de> Romano Licker <r.licker@finn.de> Gregor Schmidt <g.schmidt@finn.de> Jens Ulferts <j.ulferts@finn.de> Johannes Wollert <j.wollert@finn.de> Quality Assurance was provided by; Erdem Kabadayi <e.kabadayi@telekom.de> Julia Pape <j.pape@finn.de> Christian Rijke <c.rijke@finn.de> Thomas Vogel <th.vogel@external.telekom.de>
12 years ago
def planning_element_type
allows for extending permitted_params
11 years ago
params.require(:planning_element_type).permit(*self.class.permitted_attributes[:planning_element_type])
Open-sources timelines. This represents the timelines plugin that was merged with the OpenProject core and which had its history squashed. The timelines plugin development was sponsored by; Deutsche Telekom AG <opensource@telekom.de> Requirements engineering and management were provided by; Deutsche Telekom AG <opensource@telekom.de> Finn GmbH <info@finn.de> During the timelines development, the following authors have contributed commits; Martin Czuchra <m.czuchra@finn.de> Nils Kenneweg <n.kenneweg@finn.de> Romano Licker <r.licker@finn.de> Gregor Schmidt <g.schmidt@finn.de> Jens Ulferts <j.ulferts@finn.de> Johannes Wollert <j.wollert@finn.de> Quality Assurance was provided by; Erdem Kabadayi <e.kabadayi@telekom.de> Julia Pape <j.pape@finn.de> Christian Rijke <c.rijke@finn.de> Thomas Vogel <th.vogel@external.telekom.de>
12 years ago
end
def planning_element_type_move
simplify move_to operations in permitted_params.rb
11 years ago
params.require(:planning_element_type).permit(*self.class.permitted_attributes[:move_to])
Open-sources timelines. This represents the timelines plugin that was merged with the OpenProject core and which had its history squashed. The timelines plugin development was sponsored by; Deutsche Telekom AG <opensource@telekom.de> Requirements engineering and management were provided by; Deutsche Telekom AG <opensource@telekom.de> Finn GmbH <info@finn.de> During the timelines development, the following authors have contributed commits; Martin Czuchra <m.czuchra@finn.de> Nils Kenneweg <n.kenneweg@finn.de> Romano Licker <r.licker@finn.de> Gregor Schmidt <g.schmidt@finn.de> Jens Ulferts <j.ulferts@finn.de> Johannes Wollert <j.wollert@finn.de> Quality Assurance was provided by; Erdem Kabadayi <e.kabadayi@telekom.de> Julia Pape <j.pape@finn.de> Christian Rijke <c.rijke@finn.de> Thomas Vogel <th.vogel@external.telekom.de>
12 years ago
end
Added additional parameter whitelisting to create work packages via the planning elements controller
11 years ago
def planning_element(args = {})
permitted = permitted_attributes(:planning_element, args)
permitted_params = params.require(:planning_element).permit(*permitted)
permitted_params.merge!(custom_field_values(:planning_element))
permitted_params
Open-sources timelines. This represents the timelines plugin that was merged with the OpenProject core and which had its history squashed. The timelines plugin development was sponsored by; Deutsche Telekom AG <opensource@telekom.de> Requirements engineering and management were provided by; Deutsche Telekom AG <opensource@telekom.de> Finn GmbH <info@finn.de> During the timelines development, the following authors have contributed commits; Martin Czuchra <m.czuchra@finn.de> Nils Kenneweg <n.kenneweg@finn.de> Romano Licker <r.licker@finn.de> Gregor Schmidt <g.schmidt@finn.de> Jens Ulferts <j.ulferts@finn.de> Johannes Wollert <j.wollert@finn.de> Quality Assurance was provided by; Erdem Kabadayi <e.kabadayi@telekom.de> Julia Pape <j.pape@finn.de> Christian Rijke <c.rijke@finn.de> Thomas Vogel <th.vogel@external.telekom.de>
12 years ago
end
Merge branch 'feature/rails3' into feature/rails3_sti Conflicts: app/controllers/timelog_controller.rb app/helpers/application_helper.rb app/models/alternate_date.rb app/models/available_project_status.rb app/models/default_planning_element_type.rb app/models/enabled_planning_element_type.rb app/models/planning_element.rb app/models/planning_element_type.rb app/models/planning_element_type_color.rb app/models/project_association.rb app/models/project_type.rb app/models/query.rb app/models/reporting.rb app/models/scenario.rb app/models/timeline.rb app/views/planning_elements/_form.html.erb features/issues/issue_edit.feature features/step_definitions/timelines_given_steps.rb features/step_definitions/timelines_then_steps.rb features/step_definitions/timelines_when_steps.rb features/support/paths.rb lib/timestamps_compatibility.rb spec/controllers/timelines_planning_elements_controller_spec.rb spec/factories/timelines_planning_element_journal_factory.rb spec/models/alternate_date_spec.rb spec/models/planning_element_spec.rb spec/views/api/v2/planning_elements/_planning_element_api_rsb_spec.rb test/integration/api_test/time_entries_test.rb
12 years ago
sort methods of PermittedParams class
11 years ago
def project_type
params.require(:project_type).permit(*self.class.permitted_attributes[:project_type])
use permitted params for Status#create/update
11 years ago
end
refactor types action on projects controller * Introduced a service to reduce complexity in the controller * Used permitted params to ensure params syntax * Introduced a scope for querying for types used by a work package of the project
9 years ago
def projects_type_ids
params.require(:project).require(:type_ids).map(&:to_i).select { |x| x > 0 }
end
sort methods of PermittedParams class
11 years ago
def project_type_move
params.require(:project_type).permit(*self.class.permitted_attributes[:move_to])
end
reenables setting watchers on create
11 years ago
use permitted params in QueryControllier
11 years ago
def query
Fix typos, spelling in model comments Signed-off-by: Alex Coles <alex@alexbcoles.com>
11 years ago
# there is a weird bug in strong_parameters gem which makes the permit call
# on the sort_criteria pattern return the sort_criteria-hash contents AND
use permitted params in QueryControllier
11 years ago
# the sort_criteria hash itself (again with content) in the same hash.
# Here we try to circumvent this
p = params.require(:query).permit(*self.class.permitted_attributes[:query])
Fix syntax (w/Rubocop) in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
p[:sort_criteria] = params.require(:query).permit(sort_criteria: { '0' => [], '1' => [], '2' => [] })
use permitted params in QueryControllier
11 years ago
p[:sort_criteria].delete :sort_criteria
p
end
use permitted params for role
11 years ago
def role
params.require(:role).permit(*self.class.permitted_attributes[:role])
end
def role?
leaner and cleaner `role?` implementation
11 years ago
params[:role] ? role : nil
use permitted params for role
11 years ago
end
sort methods of PermittedParams class
11 years ago
def status
params.require(:status).permit(*self.class.permitted_attributes[:status])
reenables setting watchers on create
11 years ago
end
fixes custom_field_value permitance for params
11 years ago
alias :update_work_package :new_work_package
Use strong_parameters for User, remove safe_attribtues
11 years ago
def user
permitted_params = params.require(:user).permit(*self.class.permitted_attributes[:user])
permitted_params.merge!(custom_field_values(:user))
Fix PermittedParams#user_register_via_omniauth This fixes an example in the AccountController spec.
11 years ago
permitted_params
Use strong_parameters for User, remove safe_attribtues
11 years ago
end
Omniauth: Allow correcting validation errors via registration form This also sets User#password_change_allowed? to false for users authenticated via Omniauth and thus hides login and passwords fields from the register form when using Omniauth.
11 years ago
def user_register_via_omniauth
Account/register: Show login field when registering via Omniauth There's no reason to prevent a user from changing their login, it might actually be required if the login has already been taken.
11 years ago
permitted_params = params.require(:user) \
Fix syntax (w/Rubocop) in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
.permit(:login, :firstname, :lastname, :mail, :language)
Omniauth: Allow correcting validation errors via registration form This also sets User#password_change_allowed? to false for users authenticated via Omniauth and thus hides login and passwords fields from the register form when using Omniauth.
11 years ago
permitted_params.merge!(custom_field_values(:user))
Fix PermittedParams#user_register_via_omniauth This fixes an example in the AccountController spec.
11 years ago
permitted_params
Omniauth: Allow correcting validation errors via registration form This also sets User#password_change_allowed? to false for users authenticated via Omniauth and thus hides login and passwords fields from the register form when using Omniauth.
11 years ago
end
User: Make sure force_password_change can only be activated if allowed
11 years ago
def user_update_as_admin(external_authentication, change_password_allowed)
User: Move auth_source_id filtering to PermittedParams
11 years ago
# Found group_ids in safe_attributes and added them here as I
# didn't know the consequences of removing these.
# They were not allowed on create.
Use 1.9+ Hash syntax in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
user_create_as_admin(external_authentication, change_password_allowed, [group_ids: []])
Use strong_parameters for User, remove safe_attribtues
11 years ago
end
User: Make sure force_password_change can only be activated if allowed
11 years ago
def user_create_as_admin(external_authentication, change_password_allowed, additional_params = [])
Use strong_parameters for User, remove safe_attribtues
11 years ago
if current_user.admin?
User: Move auth_source_id filtering to PermittedParams
11 years ago
additional_params << :auth_source_id unless external_authentication
User: Make sure force_password_change can only be activated if allowed
11 years ago
additional_params << :force_password_change if change_password_allowed
User: Move auth_source_id filtering to PermittedParams
11 years ago
Use strong_parameters for User, remove safe_attribtues
11 years ago
allowed_params = self.class.permitted_attributes[:user] + \
User: Move auth_source_id filtering to PermittedParams
11 years ago
additional_params + \
Fix syntax (w/Rubocop) in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
[:admin, :login]
Use strong_parameters for User, remove safe_attribtues
11 years ago
permitted_params = params.require(:user).permit(*allowed_params)
fixes custom_field_value permitance for params
11 years ago
permitted_params.merge!(custom_field_values(:user))
permitted_params
Fix updating group_ids for User, fix admin test
11 years ago
else
Fix syntax (w/Rubocop) in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
params.require(:user).permit
User update: Use strong_parameters, disallow status change
11 years ago
end
end
Use strong parameters for type
11 years ago
def type
params.require(:type).permit(*self.class.permitted_attributes[:type])
end
Fix type sort
11 years ago
def type_move
simplify move_to operations in permitted_params.rb
11 years ago
params.require(:type).permit(*self.class.permitted_attributes[:move_to])
Fix type sort
11 years ago
end
Merge branch 'feature/rails3' into feature/rails3_sti Conflicts: app/controllers/timelog_controller.rb app/helpers/application_helper.rb app/models/alternate_date.rb app/models/available_project_status.rb app/models/default_planning_element_type.rb app/models/enabled_planning_element_type.rb app/models/planning_element.rb app/models/planning_element_type.rb app/models/planning_element_type_color.rb app/models/project_association.rb app/models/project_type.rb app/models/query.rb app/models/reporting.rb app/models/scenario.rb app/models/timeline.rb app/views/planning_elements/_form.html.erb features/issues/issue_edit.feature features/step_definitions/timelines_given_steps.rb features/step_definitions/timelines_then_steps.rb features/step_definitions/timelines_when_steps.rb features/support/paths.rb lib/timestamps_compatibility.rb spec/controllers/timelines_planning_elements_controller_spec.rb spec/factories/timelines_planning_element_journal_factory.rb spec/models/alternate_date_spec.rb spec/models/planning_element_spec.rb spec/views/api/v2/planning_elements/_planning_element_api_rsb_spec.rb test/integration/api_test/time_entries_test.rb
12 years ago
def work_package
params.require(:work_package).permit(:subject,
:description,
:start_date,
Renames permitted param
11 years ago
:due_date,
Merge branch 'feature/rails3' into feature/rails3_sti Conflicts: app/controllers/timelog_controller.rb app/helpers/application_helper.rb app/models/alternate_date.rb app/models/available_project_status.rb app/models/default_planning_element_type.rb app/models/enabled_planning_element_type.rb app/models/planning_element.rb app/models/planning_element_type.rb app/models/planning_element_type_color.rb app/models/project_association.rb app/models/project_type.rb app/models/query.rb app/models/reporting.rb app/models/scenario.rb app/models/timeline.rb app/views/planning_elements/_form.html.erb features/issues/issue_edit.feature features/step_definitions/timelines_given_steps.rb features/step_definitions/timelines_then_steps.rb features/step_definitions/timelines_when_steps.rb features/support/paths.rb lib/timestamps_compatibility.rb spec/controllers/timelines_planning_elements_controller_spec.rb spec/factories/timelines_planning_element_journal_factory.rb spec/models/alternate_date_spec.rb spec/models/planning_element_spec.rb spec/views/api/v2/planning_elements/_planning_element_api_rsb_spec.rb test/integration/api_test/time_entries_test.rb
12 years ago
:note,
:planning_element_type_id,
:planning_element_status_comment,
:planning_element_status_id,
:parent_id,
Fixed non-functional optimistic locking for work_package editing
11 years ago
:responsible_id,
:lock_version)
Merge branch 'feature/rails3' into feature/rails3_sti Conflicts: app/controllers/timelog_controller.rb app/helpers/application_helper.rb app/models/alternate_date.rb app/models/available_project_status.rb app/models/default_planning_element_type.rb app/models/enabled_planning_element_type.rb app/models/planning_element.rb app/models/planning_element_type.rb app/models/planning_element_type_color.rb app/models/project_association.rb app/models/project_type.rb app/models/query.rb app/models/reporting.rb app/models/scenario.rb app/models/timeline.rb app/views/planning_elements/_form.html.erb features/issues/issue_edit.feature features/step_definitions/timelines_given_steps.rb features/step_definitions/timelines_then_steps.rb features/step_definitions/timelines_when_steps.rb features/support/paths.rb lib/timestamps_compatibility.rb spec/controllers/timelines_planning_elements_controller_spec.rb spec/factories/timelines_planning_element_journal_factory.rb spec/models/alternate_date_spec.rb spec/models/planning_element_spec.rb spec/views/api/v2/planning_elements/_planning_element_api_rsb_spec.rb test/integration/api_test/time_entries_test.rb
12 years ago
end
Merge remote-tracking branch 'opf/feature/rails3' into feature/rails3_work_package_creation Conflicts: app/models/permitted_params.rb spec/models/permitted_params_spec.rb
11 years ago
fix test_unit tests
10 years ago
def wiki_page_rename
permitted = permitted_attributes(:wiki_page)
params.require(:page).permit(*permitted)
end
Uses permitted params in wiki controller
11 years ago
def wiki_page
permitted = permitted_attributes(:wiki_page)
fix tests for wiki and permitted params
10 years ago
permitted_params = params.require(:content).require(:page).permit(*permitted)
Uses permitted params in wiki controller
11 years ago
permitted_params
end
def wiki_content
params.require(:content).permit(*self.class.permitted_attributes[:wiki_content])
end
Refactor to allow for strong params We no longer need attr_accessible.
9 years ago
def timeline
Fix legacy and cucumber specs failing because of strong params
9 years ago
acceptable_options_params = ["exist", "zoom_factor", "initial_outline_expansion", "timeframe_start",
"timeframe_end", "columns", "project_sort", "compare_to_relative", "compare_to_relative_unit",
"compare_to_absolute", "vertical_planning_elements", "exclude_own_planning_elements",
"planning_element_status", "planning_element_types", "planning_element_responsibles",
"planning_element_assignee", "exclude_reporters", "exclude_empty", "project_types",
"project_status", "project_responsibles", "parents", "planning_element_time_types",
"planning_element_time_absolute_one", "planning_element_time_absolute_two",
"planning_element_time_relative_one", "planning_element_time_relative_one_unit",
"planning_element_time_relative_two", "planning_element_time_relative_two_unit",
"grouping_one_enabled", "grouping_one_selection", "grouping_one_sort", "hide_other_group"]
# Options here will be empty. This is just initializing it.
whitelist = params.require(:timeline).permit(:name, options: {})
Add specs for new strong_params methods
9 years ago
if params['timeline'].has_key?('options')
params['timeline']['options'].each do |key, _value|
whitelist['options'][key] = params['timeline']['options'][key]
end
end
Fix legacy and cucumber specs failing because of strong params
9 years ago
whitelist.permit!
Refactor to allow for strong params We no longer need attr_accessible.
9 years ago
end
def pref
params.require(:pref).permit(:hide_mail, :time_zone, :impaired,
:comments_sorting, :warn_on_leaving_unsaved,
:theme)
end
Fix legacy and cucumber specs failing because of strong params
9 years ago
def project(instance = nil)
whitelist = params.require(:project).permit(:name,
:description,
:is_public,
Allow responsible_id in projects settings This fixes two issues: 1. `responsible_id` was missing in allowed params for projects controller / settings. 2. When the value is not set from Rails, undefined is showing. There may be a workaround solely in the frontend, but for now I return (none) to the autocompletion as a responsible name instead of an empty string.
9 years ago
:responsible_id,
Fix legacy and cucumber specs failing because of strong params
9 years ago
:identifier,
:project_type_id,
custom_fields: [],
work_package_custom_field_ids: [],
type_ids: [],
enabled_module_names: [])
if instance && (instance.new_record? || current_user.allowed_to?(:select_project_modules, instance))
whitelist.permit(enabled_module_names: [])
end
Permit parent_id only if user is allowed to create subprojects
9 years ago
if instance && current_user.allowed_to?(:add_subprojects, instance)
whitelist.permit(:parent_id)
end
Ensure versions params play well with plugins
9 years ago
unless params[:project][:custom_field_values].nil?
Fix legacy and cucumber specs failing because of strong params
9 years ago
whitelist[:custom_field_values] = params[:project][:custom_field_values]
end
whitelist
Refactor to allow for strong params We no longer need attr_accessible.
9 years ago
end
def time_entry
allow arbitrary custom field IDs
9 years ago
permitted_params = params.fetch(:time_entry, {}).permit(
:hours, :comments, :work_package_id, :activity_id, :spent_on)
retain old behaviour per default to be safe
9 years ago
permitted_params.merge(custom_field_values(:time_entry, required: false))
Refactor to allow for strong params We no longer need attr_accessible.
9 years ago
end
def news
params.require(:news).permit(:title, :summary, :description)
end
def category
params.require(:category).permit(:name, :assigned_to_id)
end
def version
Ensure versions params play well with plugins
9 years ago
# `version_settings_attributes` is from a plugin. Unfortunately as it stands
# now it is less work to do it this way than have the plugin override this
# method. We hopefully will change this in the future.
fix setting custom values on version
9 years ago
permitted_params = params.fetch(:version, {}).permit(:name,
:description,
:effective_date,
:due_date,
:start_date,
:wiki_page_title,
:status,
:sharing,
version_settings_attributes: [:id,
:display,
:project_id])
permitted_params.merge(custom_field_values(:version, required: false))
Refactor to allow for strong params We no longer need attr_accessible.
9 years ago
end
def comment
params.require(:comment).permit(:commented, :author, :comments)
end
# `params.fetch` and not `require` because the update controller action associated
# with this is doing multiple things, therefore not requiring a message hash
# all the time.
def message(instance = nil)
if instance && current_user.allowed_to?(:edit_messages, instance.project)
params.fetch(:message, {}).permit(:subject, :content, :board_id, :locked, :sticky)
else
params.fetch(:message, {}).permit(:subject, :content, :board_id)
end
end
def attachments
params.permit(attachments: [:file, :description])['attachments']
end
Fix legacy and cucumber specs failing because of strong params
9 years ago
def enumerations
acceptable_params = [:active, :is_default, :move_to, :name, :reassign_to_i, :parent_id,
:custom_field_values, :reassign_to_id]
whitelist = ActionController::Parameters.new
# Sometimes we receive one enumeration, sometimes many in params, hence
# the following branching.
if params[:enumerations].present?
params[:enumerations].each do |enum, value|
enum.tap do
whitelist[enum] = {}
acceptable_params.each do |param|
# We rely on enum being an integer, an id that is. This will blow up
# otherwise, which is fine.
next if params[:enumerations][enum][param].nil?
whitelist[enum][param] = params[:enumerations][enum][param]
end
end
end
else
params[:enumeration].each do |key, _value|
whitelist[key] = params[:enumeration][key]
end
end
whitelist.permit!
end
def watcher
params.require(:watcher).permit(:watchable, :user, :user_id)
end
def reply
params.require(:reply).permit(:content, :subject)
end
def wiki
params.require(:wiki).permit(:start_page)
end
def reporting
params.fetch(:reporting, {}).permit(:reporting_to_project_id, :reported_project_status_id, :reported_project_status_comment)
end
Ensure versions params play well with plugins
9 years ago
def membership
params.require(:membership).permit(*self.class.permitted_attributes[:membership])
end
Merge remote-tracking branch 'opf/feature/rails3' into feature/rails3_work_package_creation Conflicts: app/models/permitted_params.rb spec/models/permitted_params_spec.rb
11 years ago
protected
retain old behaviour per default to be safe
9 years ago
def custom_field_values(key, required: true)
fixes custom_field_value permitance for params
11 years ago
# a hash of arbitrary values is not supported by strong params
# thus we do it by hand
retain old behaviour per default to be safe
9 years ago
object = required ? params.require(key) : params.fetch(key, {})
values = object[:custom_field_values] || {}
fixes custom_field_value permitance for params
11 years ago
# only permit values following the schema
# 'id as string' => 'value as string'
Fix syntax (w/Rubocop) in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
9 years ago
values.reject! do |k, v| k.to_i < 1 || !v.is_a?(String) end
fixes custom_field_value permitance for params
11 years ago
values.empty? ?
{} :
Fix syntax (w/Rubocop) in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
{ 'custom_field_values' => values }
fixes custom_field_value permitance for params
11 years ago
end
adds params for update work_package to permitted params
11 years ago
def permitted_attributes(key, additions = {})
Use 1.9+ Hash syntax in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
merged_args = { params: params, current_user: current_user }.merge(additions)
reenables setting watchers on create
11 years ago
Fix syntax (w/Rubocop) in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
9 years ago
self.class.permitted_attributes[key].map { |permission|
reenables setting watchers on create
11 years ago
if permission.respond_to?(:call)
permission.call(merged_args)
else
permission
end
Fix syntax (w/Rubocop) in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
9 years ago
}.compact
allows for extending permitted_params
11 years ago
end
def self.permitted_attributes
Allow PermittedParams to receive new keys from plugins Previously, PermittedParams allowed only the extension of existing keys with new attributes from plugins. Since we now need to extend strong_params from global roles in impermanent memberships, we can prevent load-order dependencies by injecting a new key in the permitted params hash into the core.
9 years ago
@whitelisted_params ||= begin
params = {
auth_source: [
whitelist params for custom_fields
11 years ago
:name,
Allow PermittedParams to receive new keys from plugins Previously, PermittedParams allowed only the extension of existing keys with new attributes from plugins. Since we now need to extend strong_params from global roles in impermanent memberships, we can prevent load-order dependencies by injecting a new key in the permitted params hash into the core.
9 years ago
:host,
:port,
:tls,
:account,
:account_password,
:base_dn,
:onthefly_register,
:attr_login,
:attr_firstname,
:attr_lastname,
:attr_mail],
board: [
:name,
:description],
color: [
:name,
:hexcode,
:move_to],
custom_field: [
:editable,
:field_format,
:is_filter,
:is_for_all,
:is_required,
:max_length,
:min_length,
:move_to,
:name,
:possible_values,
:regexp,
:searchable,
:visible,
translations_attributes: [
:_destroy,
:default_value,
:id,
:locale,
:name,
:possible_values],
type_ids: []],
enumeration: [
:active,
:is_default,
:move_to,
:name,
:reassign_to_id],
group: [
:lastname],
Use 1.9+ Hash syntax in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
membership: [
use permitted_params for group_controller
11 years ago
:project_id,
Allow PermittedParams to receive new keys from plugins Previously, PermittedParams allowed only the extension of existing keys with new attributes from plugins. Since we now need to extend strong_params from global roles in impermanent memberships, we can prevent load-order dependencies by injecting a new key in the permitted params hash into the core.
9 years ago
role_ids: []],
group_membership: [
:membership_id,
membership: [
:project_id,
role_ids: []]],
member: [
role_ids: []],
new_work_package: [
# attributes common with :planning_element below
:assigned_to_id,
{ attachments: [:file, :description] },
:category_id,
:description,
:done_ratio,
:due_date,
:estimated_hours,
:fixed_version_id,
:parent_id,
:priority_id,
:responsible_id,
:start_date,
:status_id,
:type_id,
:subject,
Proc.new do |args|
# avoid costly allowed_to? if the param is not there at all
if args[:params]['work_package'] &&
args[:params]['work_package'].has_key?('watcher_user_ids') &&
args[:current_user].allowed_to?(:add_work_package_watchers, args[:project])
{ watcher_user_ids: [] }
end
end,
Proc.new do |args|
# avoid costly allowed_to? if the param is not there at all
if args[:params]['work_package'] &&
args[:params]['work_package'].has_key?('time_entry') &&
args[:current_user].allowed_to?(:log_time, args[:project])
{ time_entry: [:hours, :activity_id, :comments] }
end
end,
# attributes unique to :new_work_package
:journal_notes,
:lock_version],
planning_element: [
# attributes common with :new_work_package above
:assigned_to_id,
{ attachments: [:file, :description] },
:category_id,
:description,
:done_ratio,
:due_date,
:estimated_hours,
:fixed_version_id,
:parent_id,
:priority_id,
:responsible_id,
:start_date,
:status_id,
:type_id,
:subject,
Proc.new do |args|
# avoid costly allowed_to? if the param is not there at all
if args[:params]['planning_element'] &&
args[:params]['planning_element'].has_key?('watcher_user_ids') &&
args[:current_user].allowed_to?(:add_work_package_watchers, args[:project])
{ watcher_user_ids: [] }
end
end,
Proc.new do |args|
# avoid costly allowed_to? if the param is not there at all
if args[:params]['planning_element'] &&
args[:params]['planning_element'].has_key?('time_entry') &&
args[:current_user].allowed_to?(:log_time, args[:project])
{ time_entry: [:hours, :activity_id, :comments] }
end
end,
# attributes unique to planning_element
:note,
:planning_element_status_comment,
custom_fields: [ # json
give permitted params some sane whitespace
11 years ago
:id,
Allow PermittedParams to receive new keys from plugins Previously, PermittedParams allowed only the extension of existing keys with new attributes from plugins. Since we now need to extend strong_params from global roles in impermanent memberships, we can prevent load-order dependencies by injecting a new key in the permitted params hash into the core.
9 years ago
:value,
custom_field: [ # xml
:id,
:value]]],
planning_element_type: [
:name,
:in_aggregation,
:is_milestone,
:is_default,
:color_id],
project_type: [
:name,
:allows_association,
type_ids: [],
reported_project_status_ids: []],
query: [
:name,
:display_sums,
:is_public,
:group_by],
role: [
:name,
:assignable,
:move_to,
permissions: []],
status: [
:name,
:default_done_ratio,
:is_closed,
:is_default,
:move_to],
type: [
:name,
:is_in_roadmap,
:in_aggregation,
:is_milestone,
:is_default,
:color_id,
project_ids: [],
custom_field_ids: []],
user: [
:firstname,
:lastname,
:mail,
:mail_notification,
:language,
:custom_fields],
wiki_page: [
:title,
:parent_id,
:redirect_existing_links],
wiki_content: [
:comments,
:text,
:lock_version],
move_to: [:move_to]
}
# Accept new parameters, defaulting to an empty array
params.default = []
params
end
Merge branch 'feature/rails3' into feature/rails3_sti Conflicts: app/controllers/timelog_controller.rb app/helpers/application_helper.rb app/models/alternate_date.rb app/models/available_project_status.rb app/models/default_planning_element_type.rb app/models/enabled_planning_element_type.rb app/models/planning_element.rb app/models/planning_element_type.rb app/models/planning_element_type_color.rb app/models/project_association.rb app/models/project_type.rb app/models/query.rb app/models/reporting.rb app/models/scenario.rb app/models/timeline.rb app/views/planning_elements/_form.html.erb features/issues/issue_edit.feature features/step_definitions/timelines_given_steps.rb features/step_definitions/timelines_then_steps.rb features/step_definitions/timelines_when_steps.rb features/support/paths.rb lib/timestamps_compatibility.rb spec/controllers/timelines_planning_elements_controller_spec.rb spec/factories/timelines_planning_element_journal_factory.rb spec/models/alternate_date_spec.rb spec/models/planning_element_spec.rb spec/views/api/v2/planning_elements/_planning_element_api_rsb_spec.rb test/integration/api_test/time_entries_test.rb
12 years ago
end
Allow plugins to add permitted attributes
11 years ago
private
Fix syntax (w/Rubocop) in (Rails) models Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
Allow plugins to add permitted attributes
11 years ago
## Add attributes as permitted attributes (only to be used by the plugins plugin)
#
# attributes should be given as a Hash in the form
Move to ruby1-9 syntax once and for all
9 years ago
# {key: [:param1, :param2]}
Allow plugins to add permitted attributes
11 years ago
def self.add_permitted_attributes(attributes)
attributes.each_pair do |key, attrs|
Allow PermittedParams to receive new keys from plugins Previously, PermittedParams allowed only the extension of existing keys with new attributes from plugins. Since we now need to extend strong_params from global roles in impermanent memberships, we can prevent load-order dependencies by injecting a new key in the permitted params hash into the core.
9 years ago
permitted_attributes[key] += attrs
Allow plugins to add permitted attributes
11 years ago
end
end
Open-sources timelines. This represents the timelines plugin that was merged with the OpenProject core and which had its history squashed. The timelines plugin development was sponsored by; Deutsche Telekom AG <opensource@telekom.de> Requirements engineering and management were provided by; Deutsche Telekom AG <opensource@telekom.de> Finn GmbH <info@finn.de> During the timelines development, the following authors have contributed commits; Martin Czuchra <m.czuchra@finn.de> Nils Kenneweg <n.kenneweg@finn.de> Romano Licker <r.licker@finn.de> Gregor Schmidt <g.schmidt@finn.de> Jens Ulferts <j.ulferts@finn.de> Johannes Wollert <j.wollert@finn.de> Quality Assurance was provided by; Erdem Kabadayi <e.kabadayi@telekom.de> Julia Pape <j.pape@finn.de> Christian Rijke <c.rijke@finn.de> Thomas Vogel <th.vogel@external.telekom.de>
12 years ago
end