Implemented strong_parameters for Category/CategoriesController.

Category now requires parameters to be permitted by strong_parameters using #require or #permit for mass-assignment. Missing required parameters now throw a ActionController::ParameterMissing execption instead of the Discourse::InvalidParameters execption.

app/controllers/categories_controller.rb

@@ -27,7 +27,6 @@ class CategoriesController < ApplicationController
   end
 
   def create
-    requires_parameters(*required_param_keys)
     guardian.ensure_can_create!(Category)
 
     @category = Category.create(category_params.merge(user: current_user))
@@ -37,7 +36,6 @@ class CategoriesController < ApplicationController
   end
 
   def update
-    requires_parameters(*required_param_keys)
     guardian.ensure_can_edit!(@category)
     json_result(@category, serializer: CategorySerializer) { |cat| cat.update_attributes(category_params) }
   end
@@ -59,7 +57,11 @@ class CategoriesController < ApplicationController
     end
 
     def category_params
-      params.slice(*category_param_keys)
+      required_param_keys.each do |key|
+        params.require(key)
+      end
+
+      params.permit(*category_param_keys)
     end
 
     def fetch_category

app/models/category.rb

@@ -1,4 +1,6 @@
 class Category < ActiveRecord::Base
+  include ActiveModel::ForbiddenAttributesProtection
+
   belongs_to :topic, dependent: :destroy
   belongs_to :topic_only_relative_url,
     select: "id, title, slug",

spec/controllers/categories_controller_spec.rb

@@ -19,15 +19,15 @@ describe CategoriesController do
       end
 
       it 'raises an exception when the name is missing' do
-        lambda { xhr :post, :create, color: 'ff0', text_color: 'fff' }.should raise_error(Discourse::InvalidParameters)
+        lambda { xhr :post, :create, color: 'ff0', text_color: 'fff' }.should raise_error(ActionController::ParameterMissing)
       end
 
       it 'raises an exception when the color is missing' do
-        lambda { xhr :post, :create, name: 'hello', text_color: 'fff' }.should raise_error(Discourse::InvalidParameters)
+        lambda { xhr :post, :create, name: 'hello', text_color: 'fff' }.should raise_error(ActionController::ParameterMissing)
       end
 
       it 'raises an exception when the text color is missing' do
-        lambda { xhr :post, :create, name: 'hello', color: 'ff0' }.should raise_error(Discourse::InvalidParameters)
+        lambda { xhr :post, :create, name: 'hello', color: 'ff0' }.should raise_error(ActionController::ParameterMissing)
       end
 
       describe 'failure' do
@@ -106,15 +106,15 @@ describe CategoriesController do
       end
 
       it "requires a name" do
-        lambda { xhr :put, :update, id: @category.slug, color: 'fff', text_color: '0ff' }.should raise_error(Discourse::InvalidParameters)
+        lambda { xhr :put, :update, id: @category.slug, color: 'fff', text_color: '0ff' }.should raise_error(ActionController::ParameterMissing)
       end
 
       it "requires a color" do
-        lambda { xhr :put, :update, id: @category.slug, name: 'asdf', text_color: '0ff' }.should raise_error(Discourse::InvalidParameters)
+        lambda { xhr :put, :update, id: @category.slug, name: 'asdf', text_color: '0ff' }.should raise_error(ActionController::ParameterMissing)
       end
 
       it "requires a text color" do
-        lambda { xhr :put, :update, id: @category.slug, name: 'asdf', color: 'fff' }.should raise_error(Discourse::InvalidParameters)
+        lambda { xhr :put, :update, id: @category.slug, name: 'asdf', color: 'fff' }.should raise_error(ActionController::ParameterMissing)
       end
 
       describe 'failure' do