From a6422e1e736aa771fade2b5f14ff6cfd6c44a64f Mon Sep 17 00:00:00 2001
From: Mohamed Wael Khobalatte <wael.khobalatte@gmail.com>
Date: Fri, 30 Oct 2015 17:58:09 +0100
Subject: [PATCH] Add support for strong params

---
 app/controllers/documents_controller.rb | 11 ++++++++---
 app/models/document.rb                  |  5 -----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb
index 0e0f4f2410..851d675776 100644
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -61,12 +61,12 @@ class DocumentsController < ApplicationController
 
   def new
     @document = @project.documents.build
-    @document.safe_attributes = params[:document]
+    @document.attributes = document_params
   end
 
   def create
     @document = @project.documents.build
-    @document.safe_attributes = params[:document]
+    @document.attributes = document_params
     if @document.save
       attachments = Attachment.attach_files(@document, params[:attachments])
       render_attachment_warning_if_needed(@document)
@@ -82,7 +82,7 @@ class DocumentsController < ApplicationController
   end
 
   def update
-    @document.safe_attributes = params[:document]
+    @document.attributes = document_params
     if @document.save
       flash[:notice] = l(:notice_successful_update)
       redirect_to :action => 'show', :id => @document
@@ -108,4 +108,9 @@ class DocumentsController < ApplicationController
     end
     redirect_to :action => 'show', :id => @document
   end
+
+private
+  def document_params
+    params.require(:document).permit('category_id', 'title', 'description')
+  end
 end
diff --git a/app/models/document.rb b/app/models/document.rb
index 18f8476e80..0a3431bc7d 100644
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -31,7 +31,6 @@
 #++
 
 class Document < ActiveRecord::Base
-  include Redmine::SafeAttributes
   belongs_to :project
   belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id"
   acts_as_attachable :delete_permission => :manage_documents
@@ -66,10 +65,6 @@ class Document < ActiveRecord::Base
 
   after_initialize :set_default_category
 
-  attr_accessible :title, :description, :project, :category, :category_id
-
-  safe_attributes 'category_id', 'title', 'description'
-
   def visible?(user=User.current)
     !user.nil? && user.allowed_to?(:view_documents, project)
   end