Use strong_parameters instead of protected_attributes

10 years ago · 24bad5e628
parent 9b32e2dc37
commit 24bad5e628
11 changed files with 20 additions and 19 deletions
--- a/1
+++ b/1
@ -6,7 +6,6 @@ gem 'sass-rails',           '~> 4.0.1'
 gem 'coffee-rails',         '~> 4.0.1'
 gem 'uglifier',             '>= 2.3.1'
 gem 'jquery-rails',         '~> 3.0.4'
-gem 'protected_attributes', '~> 1.0.5'

 gem 'pg',                   '~> 0.14'
 gem 'carrierwave',          '~> 0.8.0'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -205,8 +205,6 @@ GEM
      multi_json (~> 1.0)
      websocket-driver (>= 0.2.0)
    polyglot (0.3.3)
-    protected_attributes (1.0.5)
-      activemodel (>= 4.0.1, < 5.0)
    pry (0.9.12.4)
      coderay (~> 1.0)
      method_source (~> 0.8)
@ -372,7 +370,6 @@ DEPENDENCIES
  open4 (~> 1.3.0)
  pg (~> 0.14)
  poltergeist (~> 1.5.0)
-  protected_attributes (~> 1.0.5)
  pry-rails (~> 0.3.2)
  quiet_assets (~> 1.0.1)
  rails (~> 4.0.2)
--- a/app/controllers/asciicasts_controller.rb
+++ b/app/controllers/asciicasts_controller.rb
@ -49,7 +49,7 @@ class AsciicastsController < ApplicationController
  end

  def update
-    if asciicast.update_attributes(params[:asciicast])
+    if asciicast.update_attributes(update_params)
      redirect_to asciicast_path(asciicast),
                  :notice => 'Asciicast was updated.'
    else
@ -84,4 +84,8 @@ class AsciicastsController < ApplicationController
    @view_counter ||= ViewCounter.new
  end

+  def update_params
+    params.require(:asciicast).permit(:title, :description)
+  end
+
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -32,7 +32,7 @@ class UsersController < ApplicationController
  def update
    @user = User.find(current_user.id)

-    if @user.update_attributes(params[:user])
+    if @user.update_attributes(update_params)
      redirect_to profile_path(@user), notice: 'Account settings saved.'
    else
      render :edit, status: 422
@ -46,10 +46,18 @@ class UsersController < ApplicationController
  end

  def build_user
-    user = User.new(params[:user])
+    user = User.new(create_params)
    user.email = store[:new_user_email]

    user
  end

+  def create_params
+    params.fetch(:user, {}).permit(:nickname, :name)
+  end
+
+  def update_params
+    params.require(:user).permit(:nickname, :name, :email)
+  end
+
 end
--- a/app/models/api_token.rb
+++ b/app/models/api_token.rb
@ -7,8 +7,6 @@ class ApiToken < ActiveRecord::Base
  validates :user, :token, presence: true
  validates :token, uniqueness: true

-  attr_accessible :token
-
  def self.for_token(token)
    ApiToken.where(token: token).first
  end
--- a/app/models/asciicast.rb
+++ b/app/models/asciicast.rb
@ -25,8 +25,6 @@ class Asciicast < ActiveRecord::Base
    featured.by_random.limit(n).includes(:user)
  }

-  attr_accessible :title, :description, :time_compression
-
  def self.cache_key
    timestamps = scoped.select(:updated_at).map { |o| o.updated_at.to_i }
    Digest::MD5.hexdigest timestamps.join('/')
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@ -7,6 +7,4 @@ class Comment < ActiveRecord::Base
  belongs_to :user
  belongs_to :asciicast, :counter_cache => true

-  attr_accessible :body
-
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -8,8 +8,6 @@ class User < ActiveRecord::Base
  has_many :asciicasts, :dependent => :destroy
  has_many :comments, :dependent => :destroy

-  attr_accessible :nickname, :email, :name
-
  validates :nickname, presence: true
  validates :nickname, uniqueness: { scope: :dummy }, unless: :dummy
  validates :email, presence: true, uniqueness: true, unless: :dummy
--- a/app/services/asciicast_creator.rb
+++ b/app/services/asciicast_creator.rb
@ -1,7 +1,7 @@
 class AsciicastCreator

  def create(attributes)
-    asciicast = Asciicast.create!(attributes, without_protection: true)
+    asciicast = Asciicast.create!(attributes)
    AsciicastWorker.perform_async(asciicast.id)

    asciicast
--- a/spec/controllers/asciicasts_controller_spec.rb
+++ b/spec/controllers/asciicasts_controller_spec.rb
@ -133,7 +133,9 @@ describe AsciicastsController do
  end

  describe '#update' do
-    let(:make_request) { put :update, :id => asciicast.id, :asciicast => { } }
+    let(:make_request) {
+      put :update, id: asciicast.id, asciicast: { title: 'title'}
+    }

    before do
      expect(Asciicast).to receive(:find).and_return(asciicast)
--- a/spec/services/asciicast_creator_spec.rb
+++ b/spec/services/asciicast_creator_spec.rb
@ -17,8 +17,7 @@ describe AsciicastCreator do
    it 'calls Asciicast.create! with proper attributes' do
      subject

-      expect(Asciicast).to have_received(:create!).
-        with(attributes, { without_protection: true })
+      expect(Asciicast).to have_received(:create!).with(attributes)
    end

    it 'enqueues a post-processing job' do