diff options
| author | erdgeist <erdgeist@erdgeist.org> | 2026-06-25 04:34:55 +0200 |
|---|---|---|
| committer | erdgeist <erdgeist@erdgeist.org> | 2026-06-25 04:34:55 +0200 |
| commit | f7a5944a1f44ede9881d368a36eb9f7d82d6ab69 (patch) | |
| tree | 3803e9840eab4976b299a8cce969b7785b018b19 /app/controllers/users_controller.rb | |
| parent | 3f236c7a0e544db94ef822f120d649ac5ee958f7 (diff) | |
Rails 4.2 model and controller fixes
- Wrap all scopes in lambdas (required in Rails 4)
- Move scopes after associations in page.rb (evaluated at load time in Rails 4)
- Convert association :order options to lambda syntax
- Remove attr_accessible from page.rb and user.rb
- Add Strong Parameters: user_params in UsersController, node_params/page_params in NodesController
- Fix clone_attributes_from: exclude id/page_id/timestamps when cloning translations
- Fix redirect_to :back → request.referer fallback in nodes_controller
- Fix node_path/publish and unlock actions: pass @node argument
Diffstat (limited to 'app/controllers/users_controller.rb')
| -rw-r--r-- | app/controllers/users_controller.rb | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index b7914c4..1d85690 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb | |||
| @@ -15,11 +15,11 @@ class UsersController < ApplicationController | |||
| 15 | end | 15 | end |
| 16 | 16 | ||
| 17 | def new | 17 | def new |
| 18 | @user = User.new( params[:user] ) | 18 | @user = User.new |
| 19 | end | 19 | end |
| 20 | 20 | ||
| 21 | def create | 21 | def create |
| 22 | @user = User.new params[:user] | 22 | @user = User.new user_params |
| 23 | 23 | ||
| 24 | if @user.save | 24 | if @user.save |
| 25 | flash[:notice] = "User created #{@user.login}" | 25 | flash[:notice] = "User created #{@user.login}" |
| @@ -33,8 +33,10 @@ class UsersController < ApplicationController | |||
| 33 | end | 33 | end |
| 34 | 34 | ||
| 35 | def update | 35 | def update |
| 36 | params[:user].delete(:admin) unless current_user.is_admin? | 36 | permitted = user_params |
| 37 | if @user.update_attributes(params[:user]) | 37 | permitted.delete(:admin) unless current_user.is_admin? |
| 38 | |||
| 39 | if @user.update_attributes(permitted) | ||
| 38 | flash[:notice] = "Updated user #{@user.login}" | 40 | flash[:notice] = "Updated user #{@user.login}" |
| 39 | redirect_to user_path(@user) | 41 | redirect_to user_path(@user) |
| 40 | else | 42 | else |
| @@ -51,6 +53,11 @@ class UsersController < ApplicationController | |||
| 51 | end | 53 | end |
| 52 | 54 | ||
| 53 | private | 55 | private |
| 56 | |||
| 57 | def user_params | ||
| 58 | params.fetch(:user, {}).permit(:login, :email, :password, :password_confirmation, :admin) | ||
| 59 | end | ||
| 60 | |||
| 54 | def find_user | 61 | def find_user |
| 55 | @user = User.find(params[:id]) | 62 | @user = User.find(params[:id]) |
| 56 | end | 63 | end |
