Add support for strong params

9 years ago · a6422e1e73
parent 7ad5e8d50b
commit a6422e1e73
2 changed files with 8 additions and 8 deletions
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@ -61,12 +61,12 @@ class DocumentsController < ApplicationController

  def new
    @document = @project.documents.build
-    @document.safe_attributes = params[:document]
+    @document.attributes = document_params
  end

  def create
    @document = @project.documents.build
-    @document.safe_attributes = params[:document]
+    @document.attributes = document_params
    if @document.save
      attachments = Attachment.attach_files(@document, params[:attachments])
      render_attachment_warning_if_needed(@document)
@ -82,7 +82,7 @@ class DocumentsController < ApplicationController
  end

  def update
-    @document.safe_attributes = params[:document]
+    @document.attributes = document_params
    if @document.save
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'show', :id => @document
@ -108,4 +108,9 @@ class DocumentsController < ApplicationController
    end
    redirect_to :action => 'show', :id => @document
  end
+
+private
+  def document_params
+    params.require(:document).permit('category_id', 'title', 'description')
+  end
 end
--- a/app/models/document.rb
+++ b/app/models/document.rb
@ -31,7 +31,6 @@
 #++

 class Document < ActiveRecord::Base
-  include Redmine::SafeAttributes
  belongs_to :project
  belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id"
  acts_as_attachable :delete_permission => :manage_documents
@ -66,10 +65,6 @@ class Document < ActiveRecord::Base

  after_initialize :set_default_category

-  attr_accessible :title, :description, :project, :category, :category_id
-
-  safe_attributes 'category_id', 'title', 'description'
-
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_documents, project)
  end