From f7a5944a1f44ede9881d368a36eb9f7d82d6ab69 Mon Sep 17 00:00:00 2001 From: erdgeist Date: Thu, 25 Jun 2026 04:34:55 +0200 Subject: Rails 4.2 model and controller fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Wrap all scopes in lambdas (required in Rails 4) - Move scopes after associations in page.rb (evaluated at load time in Rails 4) - Convert association :order options to lambda syntax - Remove attr_accessible from page.rb and user.rb - Add Strong Parameters: user_params in UsersController, node_params/page_params in NodesController - Fix clone_attributes_from: exclude id/page_id/timestamps when cloning translations - Fix redirect_to :back → request.referer fallback in nodes_controller - Fix node_path/publish and unlock actions: pass @node argument --- app/controllers/users_controller.rb | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'app/controllers/users_controller.rb') diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index b7914c4..1d85690 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -15,11 +15,11 @@ class UsersController < ApplicationController end def new - @user = User.new( params[:user] ) + @user = User.new end def create - @user = User.new params[:user] + @user = User.new user_params if @user.save flash[:notice] = "User created #{@user.login}" @@ -33,8 +33,10 @@ class UsersController < ApplicationController end def update - params[:user].delete(:admin) unless current_user.is_admin? - if @user.update_attributes(params[:user]) + permitted = user_params + permitted.delete(:admin) unless current_user.is_admin? + + if @user.update_attributes(permitted) flash[:notice] = "Updated user #{@user.login}" redirect_to user_path(@user) else @@ -51,6 +53,11 @@ class UsersController < ApplicationController end private + + def user_params + params.fetch(:user, {}).permit(:login, :email, :password, :password_confirmation, :admin) + end + def find_user @user = User.find(params[:id]) end -- cgit v1.3