From 97b5a93bc98c5e3521758a967e3d9aae93bf8830 Mon Sep 17 00:00:00 2001
From: Martin Linkhorst <m.linkhorst@googlemail.com>
Date: Thu, 3 May 2012 17:54:59 +0200
Subject: [PATCH] fix mass assignment bug in hourly rates + some whitespace

---
 app/controllers/hourly_rates_controller.rb | 26 +++++++++++-----------
 app/models/rate.rb                         |  2 +-
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/app/controllers/hourly_rates_controller.rb b/app/controllers/hourly_rates_controller.rb
index 56e7b2955a..5a97757ad0 100644
--- a/app/controllers/hourly_rates_controller.rb
+++ b/app/controllers/hourly_rates_controller.rb
@@ -1,24 +1,24 @@
 class HourlyRatesController < ApplicationController
   unloadable
-  
+
   helper :users
   helper :sort
   include SortHelper
   helper :hourly_rates
   include HourlyRatesHelper
-  
+
   before_filter :find_user, :only => [:show, :edit, :set_rate]
-  
+
   before_filter :find_optional_project, :only => [:show, :edit]
   before_filter :find_project, :only => [:set_rate]
-  
+
   # #show, #edit have their own authorization
   before_filter :authorize, :except => [:show, :edit]
-  
+
   def show
     if @project
       return deny_access unless User.current.allowed_to?(:view_hourly_rates, @project, :for => @user)
-      
+
       @rates = HourlyRate.find(:all,
           :conditions =>  { :user_id => @user, :project_id => @project },
           :order => "#{HourlyRate.table_name}.valid_from desc")
@@ -27,7 +27,7 @@ class HourlyRatesController < ApplicationController
       @rates_default = @rates.delete(nil)
     end
   end
-  
+
   def edit
     if @project
       # Hourly Rate
@@ -36,7 +36,7 @@ class HourlyRatesController < ApplicationController
       # Default Hourly Rate
       return deny_access unless User.current.admin?
     end
-    
+
     if request.post?
       if params[:user].is_a?(Hash)
         new_attributes = params[:user][:new_rate_attributes]
@@ -62,7 +62,7 @@ class HourlyRatesController < ApplicationController
         @rates << @user.default_rates.build({:valid_from => Date.today}) if @rates.empty?
       else
         @rates = @user.rates.select{|r| r.project_id == @project.id}.sort { |a,b| b.valid_from <=> a.valid_from }
-        @rates << @user.rates.build({:valid_from => Date.today, :project_id => @project}) if @rates.empty?
+        @rates << @user.rates.build({:valid_from => Date.today, :project => @project}) if @rates.empty?
       end
       render :action => "edit", :layout => !request.xhr?
     end
@@ -90,7 +90,7 @@ class HourlyRatesController < ApplicationController
       end
     end
   end
-    
+
 
 private
   def find_project
@@ -98,7 +98,7 @@ private
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-  
+
   def find_optional_project
     @project = params[:project_id].blank? ? nil : Project.find(params[:project_id])
   rescue ActiveRecord::RecordNotFound
@@ -107,9 +107,9 @@ private
 
   def find_user
     @user = params[:id] ? User.find(params[:id]) : User.current
-    
+
     p @user.allowed_to?(:view_hourly_rates, nil, :for => @user, :global => true)
-    
+
   rescue ActiveRecord::RecordNotFound
     render_404
   end
diff --git a/app/models/rate.rb b/app/models/rate.rb
index 77f400da50..c569cacc99 100644
--- a/app/models/rate.rb
+++ b/app/models/rate.rb
@@ -6,7 +6,7 @@ class Rate < ActiveRecord::Base
   belongs_to :user
   belongs_to :project
 
-  attr_accessible :rate, :valid_from
+  attr_accessible :rate, :project, :valid_from
 
   def self.clean_currency(value)
     if value && value.is_a?(String)