Commit 1ee9d9ee6c0b58d2a27f8c69d5fd22737672aa53
1 parent
fe1b7f5f
Exists in
master
and in
1 other branch
use strong_parameters on decent_exposure
See https://github.com/voxdolo/decent_exposure/wiki/Strategies:-Use-with-strong_parameters on how to use strong_parameters with decent_exposure
Showing
2 changed files
with
11 additions
and
4 deletions
Show diff stats
app/controllers/application_controller.rb
| @@ -13,6 +13,16 @@ class ApplicationController < ActionController::Base | @@ -13,6 +13,16 @@ class ApplicationController < ActionController::Base | ||
| 13 | 13 | ||
| 14 | rescue_from ActionController::RedirectBackError, :with => :redirect_to_root | 14 | rescue_from ActionController::RedirectBackError, :with => :redirect_to_root |
| 15 | 15 | ||
| 16 | + class StrongParametersWithEagerAttributesStrategy < DecentExposure::StrongParametersStrategy | ||
| 17 | + def attributes | ||
| 18 | + super | ||
| 19 | + @attributes ||= params[inflector.param_key] || {} | ||
| 20 | + end | ||
| 21 | + end | ||
| 22 | + | ||
| 23 | + decent_configuration do | ||
| 24 | + strategy StrongParametersWithEagerAttributesStrategy | ||
| 25 | + end | ||
| 16 | 26 | ||
| 17 | protected | 27 | protected |
| 18 | 28 | ||
| @@ -36,4 +46,3 @@ protected | @@ -36,4 +46,3 @@ protected | ||
| 36 | end | 46 | end |
| 37 | 47 | ||
| 38 | end | 48 | end |
| 39 | - |
app/controllers/users_controller.rb
| @@ -4,9 +4,7 @@ class UsersController < ApplicationController | @@ -4,9 +4,7 @@ class UsersController < ApplicationController | ||
| 4 | before_filter :require_admin!, :except => [:edit, :update] | 4 | before_filter :require_admin!, :except => [:edit, :update] |
| 5 | before_filter :require_user_edit_priviledges, :only => [:edit, :update] | 5 | before_filter :require_user_edit_priviledges, :only => [:edit, :update] |
| 6 | 6 | ||
| 7 | - expose(:user) { | ||
| 8 | - params[:id] ? User.find(params[:id]) : User.new(user_params) | ||
| 9 | - } | 7 | + expose(:user, :attributes => :user_params) |
| 10 | expose(:users) { | 8 | expose(:users) { |
| 11 | User.all.page(params[:page]).per(current_user.per_page) | 9 | User.all.page(params[:page]).per(current_user.per_page) |
| 12 | } | 10 | } |