From d1fbc1b178b5e15870d5bb7a831725222450d619 Mon Sep 17 00:00:00 2001 From: Matchu Date: Sat, 29 Jul 2023 11:25:25 -0700 Subject: [PATCH] Use strong parameters for ClosetHanger --- app/controllers/closet_hangers_controller.rb | 12 ++++++++---- app/models/closet_hanger.rb | 2 -- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/app/controllers/closet_hangers_controller.rb b/app/controllers/closet_hangers_controller.rb index 0915a66e..089ef91f 100644 --- a/app/controllers/closet_hangers_controller.rb +++ b/app/controllers/closet_hangers_controller.rb @@ -110,7 +110,7 @@ class ClosetHangersController < ApplicationController end def create - @closet_hanger = current_user.closet_hangers.build(params[:closet_hanger]) + @closet_hanger = current_user.closet_hangers.build(closet_hanger_params) @closet_hanger.item = @item if @closet_hanger.save @@ -132,7 +132,7 @@ class ClosetHangersController < ApplicationController redirect_back!(user_closet_hangers_path(current_user)) else @closet_hanger = current_user.closet_hangers.find(params[:id]) - @closet_hanger.attributes = params[:closet_hanger] + @closet_hanger.attributes = closet_hanger_params @item = @closet_hanger.item unless @closet_hanger.quantity == 0 # save the hanger, new record or not @@ -166,6 +166,10 @@ class ClosetHangersController < ApplicationController end private + + def closet_hanger_params + params.require(:closet_hanger).permit(:list_id, :owned, :quantity) + end def closet_hanger_destroyed respond_to do |format| @@ -249,8 +253,8 @@ class ClosetHangersController < ApplicationController def owned owned = true - if params[:closet_hanger] - owned = case params[:closet_hanger][:owned] + if closet_hanger_params + owned = case closet_hanger_params[:owned] when 'true', '1' then true when 'false', '0' then false end diff --git a/app/models/closet_hanger.rb b/app/models/closet_hanger.rb index 5ba52760..40736801 100644 --- a/app/models/closet_hanger.rb +++ b/app/models/closet_hanger.rb @@ -3,8 +3,6 @@ class ClosetHanger < ActiveRecord::Base belongs_to :list, :class_name => 'ClosetList' belongs_to :user - attr_accessible :list_id, :owned, :quantity - attr_accessor :item_proxy delegate :name, to: :item, prefix: true