add required params to all controllers

app/controllers/mappings_controller.rb

@@ -48,4 +48,10 @@ class MappingsController < ApplicationController
 
     head :no_content 
   end
+
+  private
+    # Never trust parameters from the scary internet, only allow the white list through.
+    def mapping_params
+      params.require(:mapping).permit(:id, :category, :xloc, :yloc, :topic_id, :synapse_id, :map_id, :user_id)
+    end
 end

app/controllers/maps_controller.rb

@@ -238,4 +238,11 @@ class MapsController < ApplicationController
             }
         end
     end
+
+    private
+
+    # Never trust parameters from the scary internet, only allow the white list through.
+    def map_params
+      params.require(:map).permit(:id, :name, :arranged, :desc, :permission, :user_id)
+    end
 end

app/controllers/metacode_sets_controller.rb

@@ -2,10 +2,6 @@ class MetacodeSetsController < ApplicationController
   
   before_filter :require_admin
 
-  def metacode_set_params
-    params.require(:metacode_set).permit(:desc, :mapperContributed, :name)
-  end
-    
   # GET /metacode_sets
   # GET /metacode_sets.json
   def index
@@ -120,4 +116,11 @@ class MetacodeSetsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def metacode_set_params
+    params.require(:metacode_set).permit(:desc, :mapperContributed, :name)
+  end
+    
 end

app/controllers/metacodes_controller.rb

@@ -93,4 +93,11 @@ class MetacodesController < ApplicationController
 #      format.json { head :no_content }
 #    end
 #  end
+
+  private
+
+    # Never trust parameters from the scary internet, only allow the white list through.      
+    def metacode_params
+      params.require(:metacode).permit(:id, :name, :icon, :color)
+    end
 end

app/controllers/registrations_controller.rb

@@ -7,4 +7,4 @@ class Users::RegistrationsController < Devise::RegistrationsController
     def after_update_path_for(resource)
       signed_in_root_path(resource)
     end
-end
+end

app/controllers/synapses_controller.rb

@@ -64,4 +64,10 @@ class SynapsesController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def synapse_params
+    params.require(:synapse).permit(:id, :desc, :category, :weight, :permission, :node1_id, :node2_id, :user_id)
+  end
 end

app/controllers/topics_controller.rb

@@ -10,7 +10,6 @@ class TopicsController < ApplicationController
         @current = current_user
         term = params[:term]
         if term && !term.empty?
-            # !connor term here needs to have .downcase
             @topics = Topic.where('LOWER("name") like ?', term.downcase + '%').order('"name"')
 
             #read this next line as 'delete a topic if its private and you're either 
@@ -233,4 +232,10 @@ class TopicsController < ApplicationController
             format.json { head :no_content }
         end
     end
+
+  private
+
+  def topic_params
+    params.require(:topic).permit(:id, :name, :desc, :link, :permission, :user_id, :metacode_id)
+  end
 end

app/controllers/users/passwords_controller.rb

@@ -3,4 +3,4 @@ class Users::PasswordsController < Devise::PasswordsController
     def after_resetting_password_path_for(resource)
       signed_in_root_path(resource)
     end
-end
+end

app/controllers/users_controller.rb

@@ -4,10 +4,6 @@ class UsersController < ApplicationController
     
   respond_to :html, :json 
 
-  def user_params
-    params.require(:user).permit(:name, :email, :image, :password, 
-    :password_confirmation, :code, :joinedwithcode, :remember_me)
-  
   # GET /users/1.json
   def show
     @user = User.find(params[:id])
@@ -102,4 +98,10 @@ class UsersController < ApplicationController
     end
   end
 
+  private
+
+  def user_params
+    params.require(:user).permit(:name, :email, :image, :password, 
+    :password_confirmation, :code, :joinedwithcode, :remember_me)
+
 end