1
0
Fork 0
forked from OpenNeo/impress

Use strong parameters for ClosetList

This commit is contained in:
Matchu 2023-07-29 11:22:15 -07:00
parent 32b1608346
commit a2bd538bb4
2 changed files with 8 additions and 5 deletions

View file

@ -3,7 +3,7 @@ class ClosetListsController < ApplicationController
before_filter :find_closet_list, :only => [:edit, :update, :destroy]
def create
@closet_list = current_user.closet_lists.build params[:closet_list]
@closet_list = current_user.closet_lists.build closet_list_params
if @closet_list.save
save_successful!
else
@ -19,11 +19,11 @@ class ClosetListsController < ApplicationController
end
def new
@closet_list = current_user.closet_lists.build params[:closet_list]
@closet_list = current_user.closet_lists.build closet_list_params
end
def update
if @closet_list.update_attributes(params[:closet_list])
if @closet_list.update_attributes(closet_list_params)
save_successful!
else
save_failed!
@ -33,6 +33,11 @@ class ClosetListsController < ApplicationController
protected
def closet_list_params
params.require(:closet_list).permit(
:description, :hangers_owned, :name, :visibility)
end
def find_closet_list
@closet_list = current_user.closet_lists.find params[:id]
end

View file

@ -3,8 +3,6 @@ class ClosetList < ActiveRecord::Base
has_many :hangers, :class_name => 'ClosetHanger', :foreign_key => 'list_id'
# Nullification of associated records occurs in the ClosetListObserver.
attr_accessible :description, :hangers_owned, :name, :visibility
validates :name, :presence => true, :uniqueness => {:scope => :user_id}
validates :user, :presence => true
validates :hangers_owned, :inclusion => {:in => [true, false], :message => "can't be blank"}