github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 16:21:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358)

Browse Source
This commit is contained in:
David Taylor
2018-09-04 11:45:36 +01:00
committed by Sam
parent d1af89e3b3
commit 4382fb5fac
4 changed files with 60 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/users_controller.rb
View File

@ -104,7 +104,7 @@ class UsersController < ApplicationController
attributes.delete(:username)
if params[:user_fields].present?
attributes[:custom_fields] = {}
attributes[:custom_fields] ||= {}
fields = UserField.all
fields = fields.where(editable: true) unless current_user.staff?
@ -1167,6 +1167,7 @@ class UsersController < ApplicationController
:card_background
]
permitted << { custom_fields: User.editable_user_custom_fields } unless User.editable_user_custom_fields.blank?
permitted.concat UserUpdater::OPTION_ATTR
permitted.concat UserUpdater::CATEGORY_IDS.keys.map { |k| { k => [] } }
permitted.concat UserUpdater::TAG_NAMES.keys