From 6c0d0948c6b2aa2c92a5388cbd3b70eef45c6a55 Mon Sep 17 00:00:00 2001 From: Philipp Tessenow Date: Fri, 24 Jan 2014 11:59:52 +0100 Subject: [PATCH 1/2] use permitted_params for role --- .../global_roles/patches/roles_controller_patch.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/open_project/global_roles/patches/roles_controller_patch.rb b/lib/open_project/global_roles/patches/roles_controller_patch.rb index 2cbe555333..511384ae01 100644 --- a/lib/open_project/global_roles/patches/roles_controller_patch.rb +++ b/lib/open_project/global_roles/patches/roles_controller_patch.rb @@ -34,7 +34,7 @@ module OpenProject::GlobalRoles::Patches create_global_role else #we have to duplicate unpatched behaviour here in order to set the parameters for the overwritten views - @role = Role.new(params[:role] || { :permissions => Role.non_member.permissions }) + @role = Role.new(permitted_params.role? || { :permissions => Role.non_member.permissions }) @member_permissions = (@role.setable_permissions || @permissions) @global_permissions = GlobalRole.setable_permissions create_without_global_roles @@ -44,7 +44,7 @@ module OpenProject::GlobalRoles::Patches private def create_global_role - @role = GlobalRole.new params[:role] + @role = GlobalRole.new permitted_params.role if @role.save flash[:notice] = l(:notice_successful_create) redirect_to :action => 'index' From ee671b1013864e3177ebf665350ddd4db520c81b Mon Sep 17 00:00:00 2001 From: Philipp Tessenow Date: Fri, 24 Jan 2014 12:00:34 +0100 Subject: [PATCH 2/2] add changelog entry --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a8044fa87e..504bcca157 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ # Changelog +* `#3333` [CodeClimate] Mass Assignment RolesController * `#2256` [Accessibility] linearisation of issue show form (2) * Rewritten Javascript to exclusively use jQuery