Use strong parameters for User
This commit is contained in:
parent
4250e009d7
commit
59580ab47b
2 changed files with 6 additions and 4 deletions
|
@ -17,7 +17,7 @@ class UsersController < ApplicationController
|
|||
end
|
||||
|
||||
def update
|
||||
success = @user.update_attributes params[:user]
|
||||
success = @user.update_attributes user_params
|
||||
respond_to do |format|
|
||||
format.html {
|
||||
if success
|
||||
|
@ -41,6 +41,11 @@ class UsersController < ApplicationController
|
|||
|
||||
protected
|
||||
|
||||
def user_params
|
||||
params.require(:user).permit(:owned_closet_hangers_visibility,
|
||||
:wanted_closet_hangers_visibility, :contact_neopets_connection_id)
|
||||
end
|
||||
|
||||
def find_and_authorize_user!
|
||||
if current_user.id == params[:id].to_i
|
||||
@user = current_user
|
||||
|
|
|
@ -21,9 +21,6 @@ class User < ActiveRecord::Base
|
|||
|
||||
devise :rememberable
|
||||
|
||||
attr_accessible :owned_closet_hangers_visibility,
|
||||
:wanted_closet_hangers_visibility, :contact_neopets_connection_id
|
||||
|
||||
def admin?
|
||||
name == 'matchu' # you know that's right.
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue