Use strong parameters for User

This commit is contained in:
Matchu 2023-07-29 11:07:14 -07:00
parent 4250e009d7
commit 59580ab47b
2 changed files with 6 additions and 4 deletions

View file

@ -17,7 +17,7 @@ class UsersController < ApplicationController
end
def update
success = @user.update_attributes params[:user]
success = @user.update_attributes user_params
respond_to do |format|
format.html {
if success
@ -41,6 +41,11 @@ class UsersController < ApplicationController
protected
def user_params
params.require(:user).permit(:owned_closet_hangers_visibility,
:wanted_closet_hangers_visibility, :contact_neopets_connection_id)
end
def find_and_authorize_user!
if current_user.id == params[:id].to_i
@user = current_user

View file

@ -21,9 +21,6 @@ class User < ActiveRecord::Base
devise :rememberable
attr_accessible :owned_closet_hangers_visibility,
:wanted_closet_hangers_visibility, :contact_neopets_connection_id
def admin?
name == 'matchu' # you know that's right.
end