From e9cb8561fac4812677c774170fffc2bd9edcbb2e Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Sat, 19 Sep 2015 16:26:34 +0800 Subject: [PATCH] add required params to all controllers --- app/controllers/mappings_controller.rb | 6 ++++++ app/controllers/maps_controller.rb | 7 +++++++ app/controllers/metacode_sets_controller.rb | 11 +++++++---- app/controllers/metacodes_controller.rb | 7 +++++++ app/controllers/registrations_controller.rb | 2 +- app/controllers/synapses_controller.rb | 6 ++++++ app/controllers/topics_controller.rb | 7 ++++++- app/controllers/users/passwords_controller.rb | 2 +- app/controllers/users_controller.rb | 10 ++++++---- 9 files changed, 47 insertions(+), 11 deletions(-) diff --git a/app/controllers/mappings_controller.rb b/app/controllers/mappings_controller.rb index b28c7638..4898ceb4 100644 --- a/app/controllers/mappings_controller.rb +++ b/app/controllers/mappings_controller.rb @@ -48,4 +48,10 @@ class MappingsController < ApplicationController head :no_content end + + private + # Never trust parameters from the scary internet, only allow the white list through. + def mapping_params + params.require(:mapping).permit(:id, :category, :xloc, :yloc, :topic_id, :synapse_id, :map_id, :user_id) + end end diff --git a/app/controllers/maps_controller.rb b/app/controllers/maps_controller.rb index 8f0ced9b..d37be5a3 100644 --- a/app/controllers/maps_controller.rb +++ b/app/controllers/maps_controller.rb @@ -238,4 +238,11 @@ class MapsController < ApplicationController } end end + + private + + # Never trust parameters from the scary internet, only allow the white list through. + def map_params + params.require(:map).permit(:id, :name, :arranged, :desc, :permission, :user_id) + end end diff --git a/app/controllers/metacode_sets_controller.rb b/app/controllers/metacode_sets_controller.rb index 6560492a..376babe5 100644 --- a/app/controllers/metacode_sets_controller.rb +++ b/app/controllers/metacode_sets_controller.rb @@ -2,10 +2,6 @@ class MetacodeSetsController < ApplicationController before_filter :require_admin - def metacode_set_params - params.require(:metacode_set).permit(:desc, :mapperContributed, :name) - end - # GET /metacode_sets # GET /metacode_sets.json def index @@ -120,4 +116,11 @@ class MetacodeSetsController < ApplicationController format.json { head :no_content } end end + + private + + def metacode_set_params + params.require(:metacode_set).permit(:desc, :mapperContributed, :name) + end + end diff --git a/app/controllers/metacodes_controller.rb b/app/controllers/metacodes_controller.rb index 810981dc..25a7c096 100644 --- a/app/controllers/metacodes_controller.rb +++ b/app/controllers/metacodes_controller.rb @@ -93,4 +93,11 @@ class MetacodesController < ApplicationController # format.json { head :no_content } # end # end + + private + + # Never trust parameters from the scary internet, only allow the white list through. + def metacode_params + params.require(:metacode).permit(:id, :name, :icon, :color) + end end diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 0f0be9ba..5fff2f1c 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -7,4 +7,4 @@ class Users::RegistrationsController < Devise::RegistrationsController def after_update_path_for(resource) signed_in_root_path(resource) end -end \ No newline at end of file +end diff --git a/app/controllers/synapses_controller.rb b/app/controllers/synapses_controller.rb index 6ff1537b..40941960 100644 --- a/app/controllers/synapses_controller.rb +++ b/app/controllers/synapses_controller.rb @@ -64,4 +64,10 @@ class SynapsesController < ApplicationController format.json { head :no_content } end end + + private + + def synapse_params + params.require(:synapse).permit(:id, :desc, :category, :weight, :permission, :node1_id, :node2_id, :user_id) + end end diff --git a/app/controllers/topics_controller.rb b/app/controllers/topics_controller.rb index ca24d1fb..7929c5ac 100644 --- a/app/controllers/topics_controller.rb +++ b/app/controllers/topics_controller.rb @@ -10,7 +10,6 @@ class TopicsController < ApplicationController @current = current_user term = params[:term] if term && !term.empty? - # !connor term here needs to have .downcase @topics = Topic.where('LOWER("name") like ?', term.downcase + '%').order('"name"') #read this next line as 'delete a topic if its private and you're either @@ -233,4 +232,10 @@ class TopicsController < ApplicationController format.json { head :no_content } end end + + private + + def topic_params + params.require(:topic).permit(:id, :name, :desc, :link, :permission, :user_id, :metacode_id) + end end diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb index d1405f6a..ae5517e8 100644 --- a/app/controllers/users/passwords_controller.rb +++ b/app/controllers/users/passwords_controller.rb @@ -3,4 +3,4 @@ class Users::PasswordsController < Devise::PasswordsController def after_resetting_password_path_for(resource) signed_in_root_path(resource) end -end \ No newline at end of file +end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 81ed2122..0141e52d 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -4,10 +4,6 @@ class UsersController < ApplicationController respond_to :html, :json - def user_params - params.require(:user).permit(:name, :email, :image, :password, - :password_confirmation, :code, :joinedwithcode, :remember_me) - # GET /users/1.json def show @user = User.find(params[:id]) @@ -102,4 +98,10 @@ class UsersController < ApplicationController end end + private + + def user_params + params.require(:user).permit(:name, :email, :image, :password, + :password_confirmation, :code, :joinedwithcode, :remember_me) + end