mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 09:36:19 -05:00
Implemented strong_parameters for Category/CategoriesController.
Category now requires parameters to be permitted by strong_parameters using #require or #permit for mass-assignment. Missing required parameters now throw a ActionController::ParameterMissing execption instead of the Discourse::InvalidParameters execption.
This commit is contained in:
parent
870e59883b
commit
130d837952
3 changed files with 13 additions and 9 deletions
|
@ -27,7 +27,6 @@ class CategoriesController < ApplicationController
|
|||
end
|
||||
|
||||
def create
|
||||
requires_parameters(*required_param_keys)
|
||||
guardian.ensure_can_create!(Category)
|
||||
|
||||
@category = Category.create(category_params.merge(user: current_user))
|
||||
|
@ -37,7 +36,6 @@ class CategoriesController < ApplicationController
|
|||
end
|
||||
|
||||
def update
|
||||
requires_parameters(*required_param_keys)
|
||||
guardian.ensure_can_edit!(@category)
|
||||
json_result(@category, serializer: CategorySerializer) { |cat| cat.update_attributes(category_params) }
|
||||
end
|
||||
|
@ -59,7 +57,11 @@ class CategoriesController < ApplicationController
|
|||
end
|
||||
|
||||
def category_params
|
||||
params.slice(*category_param_keys)
|
||||
required_param_keys.each do |key|
|
||||
params.require(key)
|
||||
end
|
||||
|
||||
params.permit(*category_param_keys)
|
||||
end
|
||||
|
||||
def fetch_category
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
class Category < ActiveRecord::Base
|
||||
include ActiveModel::ForbiddenAttributesProtection
|
||||
|
||||
belongs_to :topic, dependent: :destroy
|
||||
belongs_to :topic_only_relative_url,
|
||||
select: "id, title, slug",
|
||||
|
|
|
@ -19,15 +19,15 @@ describe CategoriesController do
|
|||
end
|
||||
|
||||
it 'raises an exception when the name is missing' do
|
||||
lambda { xhr :post, :create, color: 'ff0', text_color: 'fff' }.should raise_error(Discourse::InvalidParameters)
|
||||
lambda { xhr :post, :create, color: 'ff0', text_color: 'fff' }.should raise_error(ActionController::ParameterMissing)
|
||||
end
|
||||
|
||||
it 'raises an exception when the color is missing' do
|
||||
lambda { xhr :post, :create, name: 'hello', text_color: 'fff' }.should raise_error(Discourse::InvalidParameters)
|
||||
lambda { xhr :post, :create, name: 'hello', text_color: 'fff' }.should raise_error(ActionController::ParameterMissing)
|
||||
end
|
||||
|
||||
it 'raises an exception when the text color is missing' do
|
||||
lambda { xhr :post, :create, name: 'hello', color: 'ff0' }.should raise_error(Discourse::InvalidParameters)
|
||||
lambda { xhr :post, :create, name: 'hello', color: 'ff0' }.should raise_error(ActionController::ParameterMissing)
|
||||
end
|
||||
|
||||
describe 'failure' do
|
||||
|
@ -106,15 +106,15 @@ describe CategoriesController do
|
|||
end
|
||||
|
||||
it "requires a name" do
|
||||
lambda { xhr :put, :update, id: @category.slug, color: 'fff', text_color: '0ff' }.should raise_error(Discourse::InvalidParameters)
|
||||
lambda { xhr :put, :update, id: @category.slug, color: 'fff', text_color: '0ff' }.should raise_error(ActionController::ParameterMissing)
|
||||
end
|
||||
|
||||
it "requires a color" do
|
||||
lambda { xhr :put, :update, id: @category.slug, name: 'asdf', text_color: '0ff' }.should raise_error(Discourse::InvalidParameters)
|
||||
lambda { xhr :put, :update, id: @category.slug, name: 'asdf', text_color: '0ff' }.should raise_error(ActionController::ParameterMissing)
|
||||
end
|
||||
|
||||
it "requires a text color" do
|
||||
lambda { xhr :put, :update, id: @category.slug, name: 'asdf', color: 'fff' }.should raise_error(Discourse::InvalidParameters)
|
||||
lambda { xhr :put, :update, id: @category.slug, name: 'asdf', color: 'fff' }.should raise_error(ActionController::ParameterMissing)
|
||||
end
|
||||
|
||||
describe 'failure' do
|
||||
|
|
Loading…
Reference in a new issue