TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Used strong parameters style mass assignments in cost_objects_controller and cost_types_controller

Browse Source
pull/6827/head
Sebastian Schuster 12 years ago
parent 053793e97c
commit 3f542a4c4d
2 changed files with 7 additions and 14 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      app/controllers/cost_objects_controller.rb
  2. 12
      app/controllers/cost_types_controller.rb

9
app/controllers/cost_objects_controller.rb
Unescape View File

@ -105,8 +105,7 @@ class CostObjectsController < ApplicationController
else
@cost_object.fixed_date = Date.today
end
@cost_object.attributes = params[:cost_object]
permitted_params.cost_object if params[:cost_object]
render :layout => !request.xhr?
end
@ -137,7 +136,7 @@ class CostObjectsController < ApplicationController
@cost_object.fixed_date = Date.today
end
@cost_object.attributes = params[:cost_object]
@cost_object.attributes = permitted_params.cost_object
if @cost_object.save
Attachment.attach_files(@cost_object, params[:attachments])
@ -156,7 +155,7 @@ class CostObjectsController < ApplicationController
# TODO: This method used to be responsible for both edit and update
# Please remove code where necessary
# check whether this method is needed at all
@cost_object.attributes = params[:cost_object] if params[:cost_object]
@cost_object.attributes = permitted_params.cost_object if params[:cost_object]
end
@ -168,7 +167,7 @@ class CostObjectsController < ApplicationController
# TODO: use better way to prevent mass assignment errors
params[:cost_object].delete(:kind)
@cost_object.attributes = params[:cost_object] if params[:cost_object]
@cost_object.attributes = permitted_params.cost_object if params[:cost_object]
if @cost_object.save
Attachment.attach_files(@cost_object, params[:attachments])

12
app/controllers/cost_types_controller.rb
Unescape View File

@ -38,9 +38,7 @@ class CostTypesController < ApplicationController
@cost_type = CostType.new()
end
if params[:cost_type]
@cost_type.attributes = params[:cost_type]
end
@cost_type.attributes = permitted_params.cost_type if params[:cost_type]
if request.post? && @cost_type.save
flash[:notice] = l(:notice_successful_update)
@ -61,9 +59,7 @@ class CostTypesController < ApplicationController
@cost_type = CostType.new()
end
if params[:cost_type]
@cost_type.attributes = params[:cost_type]
end
@cost_type.attributes = permitted_params.cost_type if params[:cost_type]
if @cost_type.save
flash[:notice] = l(:notice_successful_update)
@ -84,9 +80,7 @@ class CostTypesController < ApplicationController
@cost_type = CostType.new()
end
if params[:cost_type]
@cost_type.attributes = params[:cost_type]
end
@cost_type.attributes = permitted_params.cost_type if params[:cost_type]
if request.post? && @cost_type.save
flash[:notice] = l(:notice_successful_update)

Write Preview
Loading…
Cancel
Save