diff options
| author | erdgeist <erdgeist@erdgeist.org> | 2026-06-25 04:34:55 +0200 |
|---|---|---|
| committer | erdgeist <erdgeist@erdgeist.org> | 2026-06-25 04:34:55 +0200 |
| commit | f7a5944a1f44ede9881d368a36eb9f7d82d6ab69 (patch) | |
| tree | 3803e9840eab4976b299a8cce969b7785b018b19 /app/controllers | |
| parent | 3f236c7a0e544db94ef822f120d649ac5ee958f7 (diff) | |
Rails 4.2 model and controller fixes
- Wrap all scopes in lambdas (required in Rails 4)
- Move scopes after associations in page.rb (evaluated at load time in Rails 4)
- Convert association :order options to lambda syntax
- Remove attr_accessible from page.rb and user.rb
- Add Strong Parameters: user_params in UsersController, node_params/page_params in NodesController
- Fix clone_attributes_from: exclude id/page_id/timestamps when cloning translations
- Fix redirect_to :back → request.referer fallback in nodes_controller
- Fix node_path/publish and unlock actions: pass @node argument
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/nodes_controller.rb | 18 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 15 |
2 files changed, 24 insertions, 9 deletions
diff --git a/app/controllers/nodes_controller.rb b/app/controllers/nodes_controller.rb index 7c082c4..2b36b78 100644 --- a/app/controllers/nodes_controller.rb +++ b/app/controllers/nodes_controller.rb | |||
| @@ -21,7 +21,7 @@ class NodesController < ApplicationController | |||
| 21 | end | 21 | end |
| 22 | 22 | ||
| 23 | def new | 23 | def new |
| 24 | @node = Node.new params[:node] | 24 | @node = Node.new node_params |
| 25 | if params.has_key?(:parent_id) | 25 | if params.has_key?(:parent_id) |
| 26 | @parent_id = params[:parent_id] | 26 | @parent_id = params[:parent_id] |
| 27 | @parent_name = Node.find(@parent_id).title | 27 | @parent_name = Node.find(@parent_id).title |
| @@ -62,7 +62,7 @@ class NodesController < ApplicationController | |||
| 62 | rescue LockedByAnotherUser => e | 62 | rescue LockedByAnotherUser => e |
| 63 | flash[:error] = e.message | 63 | flash[:error] = e.message |
| 64 | if request.referer | 64 | if request.referer |
| 65 | redirect_to :back | 65 | redirect_to request.referer || node_path(@node) |
| 66 | else | 66 | else |
| 67 | redirect_to node_path(@node) | 67 | redirect_to node_path(@node) |
| 68 | end | 68 | end |
| @@ -70,10 +70,10 @@ class NodesController < ApplicationController | |||
| 70 | end | 70 | end |
| 71 | 71 | ||
| 72 | def update | 72 | def update |
| 73 | @node.update_attributes(params[:node]) | 73 | @node.update_attributes(node_params) |
| 74 | @draft = @node.find_or_create_draft current_user | 74 | @draft = @node.find_or_create_draft current_user |
| 75 | @draft.tag_list = params[:tag_list] | 75 | @draft.tag_list = params[:tag_list] |
| 76 | if @draft.update_attributes( params[:page] ) | 76 | if @draft.update_attributes( page_params ) |
| 77 | flash[:notice] = "Draft has been saved: #{Time.now}" | 77 | flash[:notice] = "Draft has been saved: #{Time.now}" |
| 78 | respond_to do |format| | 78 | respond_to do |format| |
| 79 | format.html { redirect_to edit_node_path(@node) } | 79 | format.html { redirect_to edit_node_path(@node) } |
| @@ -91,7 +91,7 @@ class NodesController < ApplicationController | |||
| 91 | def publish | 91 | def publish |
| 92 | @node.publish_draft! | 92 | @node.publish_draft! |
| 93 | flash[:notice] = "Draft has been published" | 93 | flash[:notice] = "Draft has been published" |
| 94 | redirect_to node_path | 94 | redirect_to node_path(@node) |
| 95 | end | 95 | end |
| 96 | 96 | ||
| 97 | def unlock | 97 | def unlock |
| @@ -105,6 +105,14 @@ class NodesController < ApplicationController | |||
| 105 | end | 105 | end |
| 106 | 106 | ||
| 107 | private | 107 | private |
| 108 | |||
| 109 | def node_params | ||
| 110 | params.fetch(:node, {}).permit(:slug, :parent_id) | ||
| 111 | end | ||
| 112 | |||
| 113 | def page_params | ||
| 114 | params.fetch(:page, {}).permit(:title, :abstract, :body, :template_name, :published_at, :user_id) | ||
| 115 | end | ||
| 108 | 116 | ||
| 109 | def find_node | 117 | def find_node |
| 110 | @node = Node.find(params[:id]) | 118 | @node = Node.find(params[:id]) |
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index b7914c4..1d85690 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb | |||
| @@ -15,11 +15,11 @@ class UsersController < ApplicationController | |||
| 15 | end | 15 | end |
| 16 | 16 | ||
| 17 | def new | 17 | def new |
| 18 | @user = User.new( params[:user] ) | 18 | @user = User.new |
| 19 | end | 19 | end |
| 20 | 20 | ||
| 21 | def create | 21 | def create |
| 22 | @user = User.new params[:user] | 22 | @user = User.new user_params |
| 23 | 23 | ||
| 24 | if @user.save | 24 | if @user.save |
| 25 | flash[:notice] = "User created #{@user.login}" | 25 | flash[:notice] = "User created #{@user.login}" |
| @@ -33,8 +33,10 @@ class UsersController < ApplicationController | |||
| 33 | end | 33 | end |
| 34 | 34 | ||
| 35 | def update | 35 | def update |
| 36 | params[:user].delete(:admin) unless current_user.is_admin? | 36 | permitted = user_params |
| 37 | if @user.update_attributes(params[:user]) | 37 | permitted.delete(:admin) unless current_user.is_admin? |
| 38 | |||
| 39 | if @user.update_attributes(permitted) | ||
| 38 | flash[:notice] = "Updated user #{@user.login}" | 40 | flash[:notice] = "Updated user #{@user.login}" |
| 39 | redirect_to user_path(@user) | 41 | redirect_to user_path(@user) |
| 40 | else | 42 | else |
| @@ -51,6 +53,11 @@ class UsersController < ApplicationController | |||
| 51 | end | 53 | end |
| 52 | 54 | ||
| 53 | private | 55 | private |
| 56 | |||
| 57 | def user_params | ||
| 58 | params.fetch(:user, {}).permit(:login, :email, :password, :password_confirmation, :admin) | ||
| 59 | end | ||
| 60 | |||
| 54 | def find_user | 61 | def find_user |
| 55 | @user = User.find(params[:id]) | 62 | @user = User.find(params[:id]) |
| 56 | end | 63 | end |
