github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 03:31:13 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Enabled strong_parameters across all models/controllers.

Browse Source 
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
This commit is contained in:
Ian Christian Myers
2013-06-06 00:14:32 -07:00
parent a3d62fdf69
commit 0d01c33482
34 changed files with 67 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
spec/controllers/users_controller_spec.rb
View File

@ -178,7 +178,7 @@ describe UsersController do
let!(:user) { log_in }
it 'raises an error without an email parameter' do
lambda { xhr :put, :change_email, username: user.username }.should raise_error(Discourse::InvalidParameters)
lambda { xhr :put, :change_email, username: user.username }.should raise_error(ActionController::ParameterMissing)
end
it "raises an error if you can't edit the user" do
@ -489,7 +489,7 @@ describe UsersController do
let(:new_username) { "#{user.username}1234" }
it 'raises an error without a new_username param' do
lambda { xhr :put, :username, username: user.username }.should raise_error(Discourse::InvalidParameters)
lambda { xhr :put, :username, username: user.username }.should raise_error(ActionController::ParameterMissing)
end
it 'raises an error when you don\'t have permission to change the user' do
@ -518,7 +518,7 @@ describe UsersController do
end
it 'raises an error without a username parameter' do
lambda { xhr :get, :check_username }.should raise_error(Discourse::InvalidParameters)
lambda { xhr :get, :check_username }.should raise_error(ActionController::ParameterMissing)
end
shared_examples_for 'when username is unavailable locally' do