Use strong parameters for User
This commit is contained in:
parent
523137253c
commit
248e710fcb
2 changed files with 6 additions and 4 deletions
|
@ -17,7 +17,7 @@ class UsersController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
success = @user.update_attributes params[:user]
|
success = @user.update_attributes user_params
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html {
|
format.html {
|
||||||
if success
|
if success
|
||||||
|
@ -41,6 +41,11 @@ class UsersController < ApplicationController
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
|
def user_params
|
||||||
|
params.require(:user).permit(:owned_closet_hangers_visibility,
|
||||||
|
:wanted_closet_hangers_visibility, :contact_neopets_connection_id)
|
||||||
|
end
|
||||||
|
|
||||||
def find_and_authorize_user!
|
def find_and_authorize_user!
|
||||||
if current_user.id == params[:id].to_i
|
if current_user.id == params[:id].to_i
|
||||||
@user = current_user
|
@user = current_user
|
||||||
|
|
|
@ -21,9 +21,6 @@ class User < ActiveRecord::Base
|
||||||
|
|
||||||
devise :rememberable
|
devise :rememberable
|
||||||
|
|
||||||
attr_accessible :owned_closet_hangers_visibility,
|
|
||||||
:wanted_closet_hangers_visibility, :contact_neopets_connection_id
|
|
||||||
|
|
||||||
def admin?
|
def admin?
|
||||||
name == 'matchu' # you know that's right.
|
name == 'matchu' # you know that's right.
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue