From 7b34ebdc477cf6718d31b06a610879a3517be41c Mon Sep 17 00:00:00 2001 From: Martin Linkhorst Date: Fri, 30 Mar 2012 10:37:29 +0200 Subject: [PATCH] refactor dealing with mass assignment --- app/models/issue.rb | 4 +++- app/models/member.rb | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/models/issue.rb b/app/models/issue.rb index 626b6667e3..bffb611fa8 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -121,7 +121,9 @@ class Issue < ActiveRecord::Base def copy_from(arg) issue = arg.is_a?(Issue) ? arg : Issue.visible.find(arg) - self.force_attributes = issue.attributes.dup.except("id", "root_id", "parent_id", "lft", "rgt", "created_on", "updated_on") + # project_id is protected from mass-assignment + self.attributes = issue.attributes.dup.except("id", "root_id", "parent_id", "lft", "rgt", "created_on", "updated_on", "project_id") + self.project_id = issue.attributes['project_id'] self.custom_field_values = issue.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h} self.status = issue.status self diff --git a/app/models/member.rb b/app/models/member.rb index 172587a4d7..8459ee2f66 100644 --- a/app/models/member.rb +++ b/app/models/member.rb @@ -74,7 +74,10 @@ class Member < ActiveRecord::Base # Find or initilize a Member with an id, attributes, and for a Principal def self.edit_membership(id, new_attributes, principal=nil) @membership = id.present? ? Member.find(id) : Member.new(:principal => principal) - @membership.force_attributes = new_attributes + # project_id is protected from mass-assignment + project_id = new_attributes.delete('project_id') + @membership.attributes = new_attributes + @membership.project_id = project_id @membership end