From 0810f6c34b1bf511c2f49d81836e796682838bee Mon Sep 17 00:00:00 2001
From: Matchu <matchu1993@@gmail.com>
Date: Sat, 29 Jul 2023 11:22:15 -0700
Subject: [PATCH] Use strong parameters for ClosetList

---
 app/controllers/closet_lists_controller.rb | 11 ++++++++---
 app/models/closet_list.rb                  |  2 --
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/app/controllers/closet_lists_controller.rb b/app/controllers/closet_lists_controller.rb
index 55bb75ce..cefd9de6 100644
--- a/app/controllers/closet_lists_controller.rb
+++ b/app/controllers/closet_lists_controller.rb
@@ -3,7 +3,7 @@ class ClosetListsController < ApplicationController
   before_filter :find_closet_list, :only => [:edit, :update, :destroy]
 
   def create
-    @closet_list = current_user.closet_lists.build params[:closet_list]
+    @closet_list = current_user.closet_lists.build closet_list_params
     if @closet_list.save
       save_successful!
     else
@@ -19,11 +19,11 @@ class ClosetListsController < ApplicationController
   end
 
   def new
-    @closet_list = current_user.closet_lists.build params[:closet_list]
+    @closet_list = current_user.closet_lists.build closet_list_params
   end
 
   def update
-    if @closet_list.update_attributes(params[:closet_list])
+    if @closet_list.update_attributes(closet_list_params)
       save_successful!
     else
       save_failed!
@@ -33,6 +33,11 @@ class ClosetListsController < ApplicationController
 
   protected
 
+  def closet_list_params
+    params.require(:closet_list).permit(
+      :description, :hangers_owned, :name, :visibility)
+  end
+
   def find_closet_list
     @closet_list = current_user.closet_lists.find params[:id]
   end
diff --git a/app/models/closet_list.rb b/app/models/closet_list.rb
index 8ca55e80..02f62959 100644
--- a/app/models/closet_list.rb
+++ b/app/models/closet_list.rb
@@ -3,8 +3,6 @@ class ClosetList < ActiveRecord::Base
   has_many :hangers, :class_name => 'ClosetHanger', :foreign_key => 'list_id'
   # Nullification of associated records occurs in the ClosetListObserver.
 
-  attr_accessible :description, :hangers_owned, :name, :visibility
-
   validates :name, :presence => true, :uniqueness => {:scope => :user_id}
   validates :user, :presence => true
   validates :hangers_owned, :inclusion => {:in => [true, false], :message => "can't be blank"}