From 3f542a4c4d161da562c47d32cc4373d3a0768e6d Mon Sep 17 00:00:00 2001 From: Sebastian Schuster Date: Wed, 8 May 2013 10:24:02 +0200 Subject: [PATCH] Used strong parameters style mass assignments in cost_objects_controller and cost_types_controller --- app/controllers/cost_objects_controller.rb | 9 ++++----- app/controllers/cost_types_controller.rb | 12 +++--------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/app/controllers/cost_objects_controller.rb b/app/controllers/cost_objects_controller.rb index 790d1bd8d4..4e5074b0bf 100644 --- a/app/controllers/cost_objects_controller.rb +++ b/app/controllers/cost_objects_controller.rb @@ -105,8 +105,7 @@ class CostObjectsController < ApplicationController else @cost_object.fixed_date = Date.today end - - @cost_object.attributes = params[:cost_object] + permitted_params.cost_object if params[:cost_object] render :layout => !request.xhr? end @@ -137,7 +136,7 @@ class CostObjectsController < ApplicationController @cost_object.fixed_date = Date.today end - @cost_object.attributes = params[:cost_object] + @cost_object.attributes = permitted_params.cost_object if @cost_object.save Attachment.attach_files(@cost_object, params[:attachments]) @@ -156,7 +155,7 @@ class CostObjectsController < ApplicationController # TODO: This method used to be responsible for both edit and update # Please remove code where necessary # check whether this method is needed at all - @cost_object.attributes = params[:cost_object] if params[:cost_object] + @cost_object.attributes = permitted_params.cost_object if params[:cost_object] end @@ -168,7 +167,7 @@ class CostObjectsController < ApplicationController # TODO: use better way to prevent mass assignment errors params[:cost_object].delete(:kind) - @cost_object.attributes = params[:cost_object] if params[:cost_object] + @cost_object.attributes = permitted_params.cost_object if params[:cost_object] if @cost_object.save Attachment.attach_files(@cost_object, params[:attachments]) diff --git a/app/controllers/cost_types_controller.rb b/app/controllers/cost_types_controller.rb index 26aa6d7d89..f95862bbdb 100644 --- a/app/controllers/cost_types_controller.rb +++ b/app/controllers/cost_types_controller.rb @@ -38,9 +38,7 @@ class CostTypesController < ApplicationController @cost_type = CostType.new() end - if params[:cost_type] - @cost_type.attributes = params[:cost_type] - end + @cost_type.attributes = permitted_params.cost_type if params[:cost_type] if request.post? && @cost_type.save flash[:notice] = l(:notice_successful_update) @@ -61,9 +59,7 @@ class CostTypesController < ApplicationController @cost_type = CostType.new() end - if params[:cost_type] - @cost_type.attributes = params[:cost_type] - end + @cost_type.attributes = permitted_params.cost_type if params[:cost_type] if @cost_type.save flash[:notice] = l(:notice_successful_update) @@ -84,9 +80,7 @@ class CostTypesController < ApplicationController @cost_type = CostType.new() end - if params[:cost_type] - @cost_type.attributes = params[:cost_type] - end + @cost_type.attributes = permitted_params.cost_type if params[:cost_type] if request.post? && @cost_type.save flash[:notice] = l(:notice_successful_update)