Use strong parameters for Outfit

This commit is contained in:
Matchu 2023-07-29 10:52:23 -07:00
parent 1ffcb59f4a
commit 4250e009d7
2 changed files with 7 additions and 4 deletions

View file

@ -2,7 +2,7 @@ class OutfitsController < ApplicationController
before_filter :find_authorized_outfit, :only => [:update, :destroy] before_filter :find_authorized_outfit, :only => [:update, :destroy]
def create def create
@outfit = Outfit.build_for_user(current_user, params[:outfit]) @outfit = Outfit.build_for_user(current_user, outfit_params)
if @outfit.save if @outfit.save
render :json => @outfit render :json => @outfit
else else
@ -108,7 +108,7 @@ class OutfitsController < ApplicationController
end end
def update def update
if @outfit.update_attributes(params[:outfit]) if @outfit.update_attributes(outfit_params)
render :json => @outfit render :json => @outfit
else else
render_outfit_errors render_outfit_errors
@ -117,6 +117,11 @@ class OutfitsController < ApplicationController
private private
def outfit_params
params.require(:outfit).permit(
:name, :pet_state_id, :starred, :worn_and_unworn_item_ids)
end
def find_authorized_outfit def find_authorized_outfit
raise ActiveRecord::RecordNotFound unless user_signed_in? raise ActiveRecord::RecordNotFound unless user_signed_in?
@outfit = current_user.outfits.find(params[:id]) @outfit = current_user.outfits.find(params[:id])

View file

@ -11,8 +11,6 @@ class Outfit < ActiveRecord::Base
delegate :color, to: :pet_state delegate :color, to: :pet_state
attr_accessible :name, :pet_state_id, :starred, :worn_and_unworn_item_ids
scope :wardrobe_order, -> { order('starred DESC', :name) } scope :wardrobe_order, -> { order('starred DESC', :name) }
# NOTE: We no longer save images, but we've left the code here for now. # NOTE: We no longer save images, but we've left the code here for now.