forked from OpenNeo/impress
Use strong parameters for Outfit
This commit is contained in:
parent
1ffcb59f4a
commit
4250e009d7
2 changed files with 7 additions and 4 deletions
|
@ -2,7 +2,7 @@ class OutfitsController < ApplicationController
|
|||
before_filter :find_authorized_outfit, :only => [:update, :destroy]
|
||||
|
||||
def create
|
||||
@outfit = Outfit.build_for_user(current_user, params[:outfit])
|
||||
@outfit = Outfit.build_for_user(current_user, outfit_params)
|
||||
if @outfit.save
|
||||
render :json => @outfit
|
||||
else
|
||||
|
@ -108,7 +108,7 @@ class OutfitsController < ApplicationController
|
|||
end
|
||||
|
||||
def update
|
||||
if @outfit.update_attributes(params[:outfit])
|
||||
if @outfit.update_attributes(outfit_params)
|
||||
render :json => @outfit
|
||||
else
|
||||
render_outfit_errors
|
||||
|
@ -117,6 +117,11 @@ class OutfitsController < ApplicationController
|
|||
|
||||
private
|
||||
|
||||
def outfit_params
|
||||
params.require(:outfit).permit(
|
||||
:name, :pet_state_id, :starred, :worn_and_unworn_item_ids)
|
||||
end
|
||||
|
||||
def find_authorized_outfit
|
||||
raise ActiveRecord::RecordNotFound unless user_signed_in?
|
||||
@outfit = current_user.outfits.find(params[:id])
|
||||
|
|
|
@ -11,8 +11,6 @@ class Outfit < ActiveRecord::Base
|
|||
|
||||
delegate :color, to: :pet_state
|
||||
|
||||
attr_accessible :name, :pet_state_id, :starred, :worn_and_unworn_item_ids
|
||||
|
||||
scope :wardrobe_order, -> { order('starred DESC', :name) }
|
||||
|
||||
# NOTE: We no longer save images, but we've left the code here for now.
|
||||
|
|
Loading…
Reference in a new issue