diff --git a/Gemfile.lock b/Gemfile.lock index 1cf21b16d3..fdfeaea4bb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -584,7 +584,6 @@ DEPENDENCIES parallel_tests pg (~> 0.18.3) poltergeist - protected_attributes prototype-rails! prototype_legacy_helper (= 0.0.0)! pry-byebug diff --git a/app/controllers/copy_projects_controller.rb b/app/controllers/copy_projects_controller.rb index 230a84e21d..076c955ae6 100644 --- a/app/controllers/copy_projects_controller.rb +++ b/app/controllers/copy_projects_controller.rb @@ -41,12 +41,12 @@ class CopyProjectsController < ApplicationController @copy_project.attributes = permitted_params.project if @copy_project.valid? modules = permitted_params.project[:enabled_module_names] || params[:enabled_modules] - copy_project_job = CopyProjectJob.new(User.current.id, - @project.id, - permitted_params.project, - modules, - params[:only], - params[:notifications] == '1') + copy_project_job = CopyProjectJob.new(user_id: User.current.id, + source_project_id: @project.id, + target_project_params: permitted_params.project, + enabled_modules: modules, + associations_to_copy: params[:only], + send_mails: params[:notifications] == '1') Delayed::Job.enqueue copy_project_job flash[:notice] = I18n.t('copy_project.started', diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index de4d06cfe2..493711c548 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -109,7 +109,7 @@ class VersionsController < ApplicationController end def update - if request.patch? && permitted_params.version.present? + if request.patch? && permitted_params.version attributes = permitted_params.version.dup attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing']) @version.attributes = attributes diff --git a/app/models/permitted_params.rb b/app/models/permitted_params.rb index 4e2548eb16..4bad8773bb 100644 --- a/app/models/permitted_params.rb +++ b/app/models/permitted_params.rb @@ -272,10 +272,6 @@ class PermittedParams :theme) end - def membership - params.require(:membership).permit(:project_id, role_ids: []) - end - def project(instance = nil) whitelist = params.require(:project).permit(:name, :description, @@ -292,8 +288,7 @@ class PermittedParams whitelist.permit(enabled_module_names: []) end - whitelist.tap do - break if params[:project][:custom_field_values].nil? + unless params[:project][:custom_field_values].nil? whitelist[:custom_field_values] = params[:project][:custom_field_values] end @@ -314,6 +309,9 @@ class PermittedParams end def version + # `version_settings_attributes` is from a plugin. Unfortunately as it stands + # now it is less work to do it this way than have the plugin override this + # method. We hopefully will change this in the future. params.require(:version).permit(:name, :description, :effective_date, @@ -322,7 +320,8 @@ class PermittedParams :wiki_page_title, :status, :sharing, - :custom_field_value) + :custom_field_value, + version_settings_attributes: [:id, :display, :project]) end def comment @@ -389,6 +388,10 @@ class PermittedParams params.fetch(:reporting, {}).permit(:reporting_to_project_id, :reported_project_status_id, :reported_project_status_comment) end + def membership + params.require(:membership).permit(*self.class.permitted_attributes[:membership]) + end + protected def custom_field_values(key) @@ -469,6 +472,9 @@ class PermittedParams :reassign_to_id], group: [ :lastname], + membership: [ + :project_id, + role_ids: []], group_membership: [ :membership_id, membership: [