Commit 1ee9d9ee6c0b58d2a27f8c69d5fd22737672aa53
1 parent
fe1b7f5f
Exists in
master
and in
1 other branch
use strong_parameters on decent_exposure
See https://github.com/voxdolo/decent_exposure/wiki/Strategies:-Use-with-strong_parameters on how to use strong_parameters with decent_exposure
Showing
2 changed files
with
11 additions
and
4 deletions
Show diff stats
app/controllers/application_controller.rb
| ... | ... | @@ -13,6 +13,16 @@ class ApplicationController < ActionController::Base |
| 13 | 13 | |
| 14 | 14 | rescue_from ActionController::RedirectBackError, :with => :redirect_to_root |
| 15 | 15 | |
| 16 | + class StrongParametersWithEagerAttributesStrategy < DecentExposure::StrongParametersStrategy | |
| 17 | + def attributes | |
| 18 | + super | |
| 19 | + @attributes ||= params[inflector.param_key] || {} | |
| 20 | + end | |
| 21 | + end | |
| 22 | + | |
| 23 | + decent_configuration do | |
| 24 | + strategy StrongParametersWithEagerAttributesStrategy | |
| 25 | + end | |
| 16 | 26 | |
| 17 | 27 | protected |
| 18 | 28 | |
| ... | ... | @@ -36,4 +46,3 @@ protected |
| 36 | 46 | end |
| 37 | 47 | |
| 38 | 48 | end |
| 39 | - | ... | ... |
app/controllers/users_controller.rb
| ... | ... | @@ -4,9 +4,7 @@ class UsersController < ApplicationController |
| 4 | 4 | before_filter :require_admin!, :except => [:edit, :update] |
| 5 | 5 | before_filter :require_user_edit_priviledges, :only => [:edit, :update] |
| 6 | 6 | |
| 7 | - expose(:user) { | |
| 8 | - params[:id] ? User.find(params[:id]) : User.new(user_params) | |
| 9 | - } | |
| 7 | + expose(:user, :attributes => :user_params) | |
| 10 | 8 | expose(:users) { |
| 11 | 9 | User.all.page(params[:page]).per(current_user.per_page) |
| 12 | 10 | } | ... | ... |