add required params to all controllers

This commit is contained in:
Devin Howard 2015-09-19 16:26:34 +08:00
parent a31a92b321
commit c361349c20
9 changed files with 47 additions and 11 deletions

View file

@ -48,4 +48,10 @@ class MappingsController < ApplicationController
head :no_content head :no_content
end end
private
# Never trust parameters from the scary internet, only allow the white list through.
def mapping_params
params.require(:mapping).permit(:id, :category, :xloc, :yloc, :topic_id, :synapse_id, :map_id, :user_id)
end
end end

View file

@ -238,4 +238,11 @@ class MapsController < ApplicationController
} }
end end
end end
private
# Never trust parameters from the scary internet, only allow the white list through.
def map_params
params.require(:map).permit(:id, :name, :arranged, :desc, :permission, :user_id)
end
end end

View file

@ -2,10 +2,6 @@ class MetacodeSetsController < ApplicationController
before_filter :require_admin before_filter :require_admin
def metacode_set_params
params.require(:metacode_set).permit(:desc, :mapperContributed, :name)
end
# GET /metacode_sets # GET /metacode_sets
# GET /metacode_sets.json # GET /metacode_sets.json
def index def index
@ -120,4 +116,11 @@ class MetacodeSetsController < ApplicationController
format.json { head :no_content } format.json { head :no_content }
end end
end end
private
def metacode_set_params
params.require(:metacode_set).permit(:desc, :mapperContributed, :name)
end
end end

View file

@ -93,4 +93,11 @@ class MetacodesController < ApplicationController
# format.json { head :no_content } # format.json { head :no_content }
# end # end
# end # end
private
# Never trust parameters from the scary internet, only allow the white list through.
def metacode_params
params.require(:metacode).permit(:id, :name, :icon, :color)
end
end end

View file

@ -7,4 +7,4 @@ class Users::RegistrationsController < Devise::RegistrationsController
def after_update_path_for(resource) def after_update_path_for(resource)
signed_in_root_path(resource) signed_in_root_path(resource)
end end
end end

View file

@ -64,4 +64,10 @@ class SynapsesController < ApplicationController
format.json { head :no_content } format.json { head :no_content }
end end
end end
private
def synapse_params
params.require(:synapse).permit(:id, :desc, :category, :weight, :permission, :node1_id, :node2_id, :user_id)
end
end end

View file

@ -10,7 +10,6 @@ class TopicsController < ApplicationController
@current = current_user @current = current_user
term = params[:term] term = params[:term]
if term && !term.empty? if term && !term.empty?
# !connor term here needs to have .downcase
@topics = Topic.where('LOWER("name") like ?', term.downcase + '%').order('"name"') @topics = Topic.where('LOWER("name") like ?', term.downcase + '%').order('"name"')
#read this next line as 'delete a topic if its private and you're either #read this next line as 'delete a topic if its private and you're either
@ -233,4 +232,10 @@ class TopicsController < ApplicationController
format.json { head :no_content } format.json { head :no_content }
end end
end end
private
def topic_params
params.require(:topic).permit(:id, :name, :desc, :link, :permission, :user_id, :metacode_id)
end
end end

View file

@ -3,4 +3,4 @@ class Users::PasswordsController < Devise::PasswordsController
def after_resetting_password_path_for(resource) def after_resetting_password_path_for(resource)
signed_in_root_path(resource) signed_in_root_path(resource)
end end
end end

View file

@ -4,10 +4,6 @@ class UsersController < ApplicationController
respond_to :html, :json respond_to :html, :json
def user_params
params.require(:user).permit(:name, :email, :image, :password,
:password_confirmation, :code, :joinedwithcode, :remember_me)
# GET /users/1.json # GET /users/1.json
def show def show
@user = User.find(params[:id]) @user = User.find(params[:id])
@ -102,4 +98,10 @@ class UsersController < ApplicationController
end end
end end
private
def user_params
params.require(:user).permit(:name, :email, :image, :password,
:password_confirmation, :code, :joinedwithcode, :remember_me)
end end