Description:
NEED TESTING
move to stronger parameter for xxx.new(params[
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
-
r637:d56b2e7de528 - - 4 files changed: 10 inserted, 6 deleted
| @@ -36,25 +36,25 | |||
|
|
36 | 36 | format.xml { render :xml => @announcement } |
|
|
37 | 37 | end |
|
|
38 | 38 | end |
|
|
39 | 39 | |
|
|
40 | 40 | # GET /announcements/1/edit |
|
|
41 | 41 | def edit |
|
|
42 | 42 | @announcement = Announcement.find(params[:id]) |
|
|
43 | 43 | end |
|
|
44 | 44 | |
|
|
45 | 45 | # POST /announcements |
|
|
46 | 46 | # POST /announcements.xml |
|
|
47 | 47 | def create |
|
|
48 |
- @announcement = Announcement.new( |
|
|
|
48 | + @announcement = Announcement.new(announcement_params) | |
|
|
49 | 49 | |
|
|
50 | 50 | respond_to do |format| |
|
|
51 | 51 | if @announcement.save |
|
|
52 | 52 | flash[:notice] = 'Announcement was successfully created.' |
|
|
53 | 53 | format.html { redirect_to(@announcement) } |
|
|
54 | 54 | format.xml { render :xml => @announcement, :status => :created, :location => @announcement } |
|
|
55 | 55 | else |
|
|
56 | 56 | format.html { render :action => "new" } |
|
|
57 | 57 | format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity } |
|
|
58 | 58 | end |
|
|
59 | 59 | end |
|
|
60 | 60 | end |
| @@ -19,44 +19,44 | |||
|
|
19 | 19 | :redirect_to => { :action => :index } |
|
|
20 | 20 | |
|
|
21 | 21 | def show |
|
|
22 | 22 | @problem = Problem.find(params[:id]) |
|
|
23 | 23 | end |
|
|
24 | 24 | |
|
|
25 | 25 | def new |
|
|
26 | 26 | @problem = Problem.new |
|
|
27 | 27 | @description = nil |
|
|
28 | 28 | end |
|
|
29 | 29 | |
|
|
30 | 30 | def create |
|
|
31 |
- @problem = Problem.new( |
|
|
|
31 | + @problem = Problem.new(problem_params) | |
|
|
32 | 32 | @description = Description.new(params[:description]) |
|
|
33 | 33 | if @description.body!='' |
|
|
34 | 34 | if !@description.save |
|
|
35 | 35 | render :action => new and return |
|
|
36 | 36 | end |
|
|
37 | 37 | else |
|
|
38 | 38 | @description = nil |
|
|
39 | 39 | end |
|
|
40 | 40 | @problem.description = @description |
|
|
41 | 41 | if @problem.save |
|
|
42 | 42 | flash[:notice] = 'Problem was successfully created.' |
|
|
43 | 43 | redirect_to action: :index |
|
|
44 | 44 | else |
|
|
45 | 45 | render :action => 'new' |
|
|
46 | 46 | end |
|
|
47 | 47 | end |
|
|
48 | 48 | |
|
|
49 | 49 | def quick_create |
|
|
50 |
- @problem = Problem.new( |
|
|
|
50 | + @problem = Problem.new(problem_params) | |
|
|
51 | 51 | @problem.full_name = @problem.name if @problem.full_name == '' |
|
|
52 | 52 | @problem.full_score = 100 |
|
|
53 | 53 | @problem.available = false |
|
|
54 | 54 | @problem.test_allowed = true |
|
|
55 | 55 | @problem.output_only = false |
|
|
56 | 56 | @problem.date_added = Time.new |
|
|
57 | 57 | if @problem.save |
|
|
58 | 58 | flash[:notice] = 'Problem was successfully created.' |
|
|
59 | 59 | redirect_to action: :index |
|
|
60 | 60 | else |
|
|
61 | 61 | flash[:notice] = 'Error saving problem' |
|
|
62 | 62 | redirect_to action: :index |
| @@ -38,25 +38,25 | |||
|
|
38 | 38 | end |
|
|
39 | 39 | end |
|
|
40 | 40 | |
|
|
41 | 41 | def show |
|
|
42 | 42 | @user = User.find(params[:id]) |
|
|
43 | 43 | end |
|
|
44 | 44 | |
|
|
45 | 45 | def new |
|
|
46 | 46 | @user = User.new |
|
|
47 | 47 | end |
|
|
48 | 48 | |
|
|
49 | 49 | def create |
|
|
50 |
- @user = User.new(params |
|
|
|
50 | + @user = User.new(user_params) | |
|
|
51 | 51 | @user.activated = true |
|
|
52 | 52 | if @user.save |
|
|
53 | 53 | flash[:notice] = 'User was successfully created.' |
|
|
54 | 54 | redirect_to :action => 'index' |
|
|
55 | 55 | else |
|
|
56 | 56 | render :action => 'new' |
|
|
57 | 57 | end |
|
|
58 | 58 | end |
|
|
59 | 59 | |
|
|
60 | 60 | def clear_last_ip |
|
|
61 | 61 | @user = User.find(params[:id]) |
|
|
62 | 62 | @user.last_ip = nil |
| @@ -43,25 +43,25 | |||
|
|
43 | 43 | end |
|
|
44 | 44 | |
|
|
45 | 45 | def new |
|
|
46 | 46 | @user = User.new |
|
|
47 | 47 | render :action => 'new', :layout => 'empty' |
|
|
48 | 48 | end |
|
|
49 | 49 | |
|
|
50 | 50 | def register |
|
|
51 | 51 | if(params[:cancel]) |
|
|
52 | 52 | redirect_to :controller => 'main', :action => 'login' |
|
|
53 | 53 | return |
|
|
54 | 54 | end |
|
|
55 |
- @user = User.new(params |
|
|
|
55 | + @user = User.new(user_params) | |
|
|
56 | 56 | @user.password_confirmation = @user.password = User.random_password |
|
|
57 | 57 | @user.activated = false |
|
|
58 | 58 | if (@user.valid?) and (@user.save) |
|
|
59 | 59 | if send_confirmation_email(@user) |
|
|
60 | 60 | render :action => 'new_splash', :layout => 'empty' |
|
|
61 | 61 | else |
|
|
62 | 62 | @admin_email = GraderConfiguration['system.admin_email'] |
|
|
63 | 63 | render :action => 'email_error', :layout => 'empty' |
|
|
64 | 64 | end |
|
|
65 | 65 | else |
|
|
66 | 66 | @user.errors.add(:base,"Email cannot be blank") if @user.email=='' |
|
|
67 | 67 | render :action => 'new', :layout => 'empty' |
| @@ -200,15 +200,19 | |||
|
|
200 | 200 | # only admins can view admins profile |
|
|
201 | 201 | def profile_authorization |
|
|
202 | 202 | #if view admins' profile, allow only admin |
|
|
203 | 203 | return false unless(params[:id]) |
|
|
204 | 204 | user = User.find(params[:id]) |
|
|
205 | 205 | return false unless user |
|
|
206 | 206 | return admin_authorization if user.admin? |
|
|
207 | 207 | return true if GraderConfiguration["right.user_view_submission"] |
|
|
208 | 208 | |
|
|
209 | 209 | #finally, we allow only admin |
|
|
210 | 210 | admin_authorization |
|
|
211 | 211 | end |
|
|
212 | - | |
|
|
212 | + | |
|
|
213 | + private | |
|
|
214 | + def user_params | |
|
|
215 | + params.require(:user).permit(:login, :full_name, :email) | |
|
|
216 | + end | |
|
|
213 | 217 | |
|
|
214 | 218 | end |
You need to be logged in to leave comments.
Login now