Merge branch 'strong-params' of https://github.com/jfnixon/railsgoat into jfnixon-strong-params
This commit is contained in:
Al Snow
@@ -10,3 +10,4 @@
|
|||||||
coverage
|
coverage
|
||||||
.tags
|
.tags
|
||||||
/.vagrant
|
/.vagrant
|
||||||
|
/vendor/ruby
|
||||||
|
|||||||
@@ -56,6 +56,9 @@ end
|
|||||||
|
|
||||||
gem 'jquery-rails'
|
gem 'jquery-rails'
|
||||||
|
|
||||||
|
## strong parameters in Rails 3 (see rails gem above)
|
||||||
|
gem 'strong_parameters'
|
||||||
|
|
||||||
# To use ActiveModel has_secure_password
|
# To use ActiveModel has_secure_password
|
||||||
gem 'bcrypt'
|
gem 'bcrypt'
|
||||||
|
|
||||||
|
|||||||
@@ -267,6 +267,11 @@ GEM
|
|||||||
rack (~> 1.0)
|
rack (~> 1.0)
|
||||||
tilt (~> 1.1, != 1.3.0)
|
tilt (~> 1.1, != 1.3.0)
|
||||||
sqlite3 (1.3.10)
|
sqlite3 (1.3.10)
|
||||||
|
strong_parameters (0.2.3)
|
||||||
|
actionpack (~> 3.0)
|
||||||
|
activemodel (~> 3.0)
|
||||||
|
activesupport (~> 3.0)
|
||||||
|
railties (~> 3.0)
|
||||||
temple (0.6.10)
|
temple (0.6.10)
|
||||||
terminal-table (1.4.5)
|
terminal-table (1.4.5)
|
||||||
therubyracer (0.12.1)
|
therubyracer (0.12.1)
|
||||||
@@ -335,6 +340,7 @@ DEPENDENCIES
|
|||||||
sass-rails
|
sass-rails
|
||||||
simplecov
|
simplecov
|
||||||
sqlite3
|
sqlite3
|
||||||
|
strong_parameters
|
||||||
therubyracer
|
therubyracer
|
||||||
travis-lint
|
travis-lint
|
||||||
uglifier
|
uglifier
|
||||||
|
|||||||
@@ -33,4 +33,10 @@ class MessagesController < ApplicationController
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def message_params
|
||||||
|
params.require(:message).permit(:creator_id, :message, :read, :receiver_id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ class ScheduleController < ApplicationController
|
|||||||
message = false
|
message = false
|
||||||
|
|
||||||
if params[:schedule][:event_type] == "pto"
|
if params[:schedule][:event_type] == "pto"
|
||||||
sched = Schedule.new(params[:schedule])
|
sched = Schedule.new(schedule_params)
|
||||||
sched.date_begin, sched.date_end = format_schedule_date(params[:date_range1])
|
sched.date_begin, sched.date_end = format_schedule_date(params[:date_range1])
|
||||||
sched.user_id = current_user.user_id
|
sched.user_id = current_user.user_id
|
||||||
a = sched.date_end
|
a = sched.date_end
|
||||||
@@ -56,4 +56,10 @@ class ScheduleController < ApplicationController
|
|||||||
end
|
end
|
||||||
return vals
|
return vals
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def schedule_params
|
||||||
|
params.require(:schedule).permit(:date_begin, :date_end, :event_desc, :event_name, :event_type)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ class UsersController < ApplicationController
|
|||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
user = User.new(params[:user])
|
user = User.new(user_params)
|
||||||
user.build_benefits_data
|
user.build_benefits_data
|
||||||
if user.save
|
if user.save
|
||||||
session[:user_id] = user.user_id
|
session[:user_id] = user.user_id
|
||||||
@@ -35,7 +35,7 @@ class UsersController < ApplicationController
|
|||||||
if user
|
if user
|
||||||
user.skip_user_id_assign = true
|
user.skip_user_id_assign = true
|
||||||
user.skip_hash_password = true
|
user.skip_hash_password = true
|
||||||
user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k })
|
user.update_attributes(user_params_without_password)
|
||||||
if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
|
if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
|
||||||
user.skip_hash_password = false
|
user.skip_hash_password = false
|
||||||
user.password = params[:user][:password]
|
user.password = params[:user][:password]
|
||||||
@@ -50,4 +50,15 @@ class UsersController < ApplicationController
|
|||||||
redirect_to user_account_settings_path(:user_id => current_user.user_id)
|
redirect_to user_account_settings_path(:user_id => current_user.user_id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def user_params
|
||||||
|
params.require(:user).permit(:email, :admin, :first_name, :last_name, :user_id, :password, :password_confirmation)
|
||||||
|
end
|
||||||
|
|
||||||
|
# unpermitted attributes are ignored in production
|
||||||
|
def user_params_without_password
|
||||||
|
params.require(:user).permit(:email, :admin, :first_name, :last_name)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -1,6 +1,4 @@
|
|||||||
class Analytics < ActiveRecord::Base
|
class Analytics < ActiveRecord::Base
|
||||||
attr_accessible :ip_address, :referrer, :user_agent
|
|
||||||
|
|
||||||
scope :hits_by_ip, ->(ip,col="*") { select("#{col}").where(:ip_address => ip).order("id DESC")}
|
scope :hits_by_ip, ->(ip,col="*") { select("#{col}").where(:ip_address => ip).order("id DESC")}
|
||||||
|
|
||||||
def self.count_by_col(col)
|
def self.count_by_col(col)
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
class Benefits < ActiveRecord::Base
|
class Benefits < ActiveRecord::Base
|
||||||
attr_accessor :backup
|
|
||||||
|
|
||||||
def self.save(file, backup=false)
|
def self.save(file, backup=false)
|
||||||
data_path = Rails.root.join("public", "data")
|
data_path = Rails.root.join("public", "data")
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
class KeyManagement < ActiveRecord::Base
|
class KeyManagement < ActiveRecord::Base
|
||||||
attr_accessible :iv, :user_id
|
|
||||||
belongs_to :work_info
|
belongs_to :work_info
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
class Message < ActiveRecord::Base
|
class Message < ActiveRecord::Base
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
attr_accessible :creator_id, :message, :read, :receiver_id
|
|
||||||
validates_presence_of :creator_id, :receiver_id, :message
|
validates_presence_of :creator_id, :receiver_id, :message
|
||||||
|
|
||||||
def creator_name
|
def creator_name
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
class PaidTimeOff < ActiveRecord::Base
|
class PaidTimeOff < ActiveRecord::Base
|
||||||
attr_accessible :pto_earned, :pto_taken, :sick_days_earned, :sick_days_taken
|
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
has_many :schedule, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
|
has_many :schedule, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,4 @@
|
|||||||
class Pay < ActiveRecord::Base
|
class Pay < ActiveRecord::Base
|
||||||
# mass-assignable attributes
|
|
||||||
attr_accessible :bank_account_num, :bank_routing_num, :percent_of_deposit
|
|
||||||
|
|
||||||
# Associations
|
# Associations
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
class Performance < ActiveRecord::Base
|
class Performance < ActiveRecord::Base
|
||||||
attr_accessible :comments, :date_submitted, :reviewer, :score
|
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
|
|
||||||
def reviewer_name
|
def reviewer_name
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
class Retirement < ActiveRecord::Base
|
class Retirement < ActiveRecord::Base
|
||||||
attr_accessible :employee_contrib, :employer_contrib, :total
|
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
class Schedule < ActiveRecord::Base
|
class Schedule < ActiveRecord::Base
|
||||||
attr_accessible :date_begin, :date_end, :event_desc, :event_name, :event_type
|
|
||||||
belongs_to :paid_time_off
|
belongs_to :paid_time_off
|
||||||
|
|
||||||
validates_presence_of :date_begin, :date_end, :event_desc, :event_name, :event_type
|
validates_presence_of :date_begin, :date_end, :event_desc, :event_name, :event_type
|
||||||
|
|||||||
@@ -1,7 +1,6 @@
|
|||||||
require 'encryption'
|
require 'encryption'
|
||||||
|
|
||||||
class User < ActiveRecord::Base
|
class User < ActiveRecord::Base
|
||||||
attr_accessible :email, :admin, :first_name, :last_name, :user_id, :password, :password_confirmation
|
|
||||||
validates :password, :presence => true,
|
validates :password, :presence => true,
|
||||||
:confirmation => true,
|
:confirmation => true,
|
||||||
:length => {:within => 6..40},
|
:length => {:within => 6..40},
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
class WorkInfo < ActiveRecord::Base
|
class WorkInfo < ActiveRecord::Base
|
||||||
attr_accessible :DoB, :SSN, :bonuses, :income, :years_worked
|
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
has_one :key_management, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
|
has_one :key_management, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
|
||||||
#before_save :encrypt_ssn
|
#before_save :encrypt_ssn
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
|
||||||
+1
-1
@@ -11,7 +11,7 @@
|
|||||||
#
|
#
|
||||||
# It's strongly recommended to check this file into your version control system.
|
# It's strongly recommended to check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(:version => 20140804171756) do
|
ActiveRecord::Schema.define(:version => 20140408185601) do
|
||||||
|
|
||||||
create_table "analytics", :force => true do |t|
|
create_table "analytics", :force => true do |t|
|
||||||
t.string "ip_address"
|
t.string "ip_address"
|
||||||
|
|||||||
Reference in New Issue
Block a user