1
0
Fork 0
forked from OpenNeo/impress

Use strong parameters for Donation

This commit is contained in:
Matchu 2023-07-29 10:29:09 -07:00
parent abf08bb7e7
commit 39a722600c
2 changed files with 7 additions and 3 deletions

View file

@ -25,7 +25,7 @@ class DonationsController < ApplicationController
def update
@donation = Donation.from_param(params[:id])
@donation.update_attributes params[:donation]
@donation.attributes = donation_params
feature_params = params[:feature] || {}
@features = @donation.features.find(feature_params.keys)
@ -47,4 +47,10 @@ class DonationsController < ApplicationController
redirect_to @donation
end
end
private
def donation_params
params.require(:donation).permit(:donor_name)
end
end

View file

@ -1,8 +1,6 @@
class Donation < ActiveRecord::Base
FEATURE_COST = 500 # in cents = $5.00
attr_accessible :donor_name
belongs_to :campaign
belongs_to :user
has_many :features, class_name: 'DonationFeature'