mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-30 19:08:10 -05:00
0d01c33482
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that. The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method. It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
18 lines
365 B
Ruby
18 lines
365 B
Ruby
class Admin::ImpersonateController < Admin::AdminController
|
|
|
|
def create
|
|
params.require(:username_or_email)
|
|
|
|
user = User.find_by_username_or_email(params[:username_or_email]).first
|
|
|
|
raise Discourse::NotFound if user.blank?
|
|
|
|
guardian.ensure_can_impersonate!(user)
|
|
|
|
# Log on as the user
|
|
log_on_user(user)
|
|
|
|
render nothing: true
|
|
end
|
|
|
|
end
|