From 1ee9d9ee6c0b58d2a27f8c69d5fd22737672aa53 Mon Sep 17 00:00:00 2001
From: Arthur Neves <arthurnn@gmail.com>
Date: Tue, 6 Aug 2013 23:04:55 -0400
Subject: [PATCH] use strong_parameters on decent_exposure

---
 app/controllers/application_controller.rb | 11 ++++++++++-
 app/controllers/users_controller.rb       |  4 +---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c13ee52..f2e3e82 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -13,6 +13,16 @@ class ApplicationController < ActionController::Base
 
   rescue_from ActionController::RedirectBackError, :with => :redirect_to_root
 
+  class StrongParametersWithEagerAttributesStrategy < DecentExposure::StrongParametersStrategy
+    def attributes
+      super
+      @attributes ||= params[inflector.param_key] || {}
+    end
+  end
+
+  decent_configuration do
+    strategy StrongParametersWithEagerAttributesStrategy
+  end
 
 protected
 
@@ -36,4 +46,3 @@ protected
   end
 
 end
-
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f06e30a..7f93168 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -4,9 +4,7 @@ class UsersController < ApplicationController
   before_filter :require_admin!, :except => [:edit, :update]
   before_filter :require_user_edit_priviledges, :only => [:edit, :update]
 
-  expose(:user) {
-    params[:id] ? User.find(params[:id]) : User.new(user_params)
-  }
+  expose(:user, :attributes => :user_params)
   expose(:users) {
     User.all.page(params[:page]).per(current_user.per_page)
   }
--
libgit2 0.21.2