diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index b542d502..fd35f261 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -17,7 +17,7 @@ class UsersController < ApplicationController end def update - success = @user.update_attributes params[:user] + success = @user.update_attributes user_params respond_to do |format| format.html { if success @@ -41,6 +41,11 @@ class UsersController < ApplicationController protected + def user_params + params.require(:user).permit(:owned_closet_hangers_visibility, + :wanted_closet_hangers_visibility, :contact_neopets_connection_id) + end + def find_and_authorize_user! if current_user.id == params[:id].to_i @user = current_user diff --git a/app/models/user.rb b/app/models/user.rb index 4abdd054..5d3df686 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -21,9 +21,6 @@ class User < ActiveRecord::Base devise :rememberable - attr_accessible :owned_closet_hangers_visibility, - :wanted_closet_hangers_visibility, :contact_neopets_connection_id - def admin? name == 'matchu' # you know that's right. end