Using strong params instead of attr_accessible

publiclab · Jul 2, 2020 · 5e1a4c1 · 5e1a4c1
1 parent 5cf3a60
commit 5e1a4c1
Show file tree

Hide file tree

Showing 9 changed files with 66 additions and 34 deletions.
diff --git a/app/models/comment.rb b/app/models/comment.rb
@@ -1,6 +1,4 @@
 class Comment < ActiveRecord::Base
-  attr_accessible :spectrum_id, :body, :author, :email, :spectra_set_id, :user_id
-
   belongs_to :user
   validates_presence_of :user_id, :body
 
@@ -32,4 +30,10 @@ def can_delete(user)
     (self.has_set? && self.set.author == user.login) || (self.has_spectrum? && self.spectrum.author == user.login) || self.author == user.login || user.role == "admin"
   end
 
+  private
+
+  def comment_params
+    params.require(:comment).permit(:spectrum_id, :body, :author, :email, :spectra_set_id, :user_id)
+  end
+
 end
diff --git a/app/models/device.rb b/app/models/device.rb
@@ -1,6 +1,6 @@
 class Device < ActiveRecord::Base
-	validates_presence_of :name, :on => :create, :message => "can't be blank"
-	validates_presence_of :user_id, :on => :create, :message => "can't be blank"
+	validates_presence_of :name, on: :create, message: "can't be blank"
+	validates_presence_of :user_id, on: :create, message: "can't be blank"
 
 	def calibration
 		Spectrum.find self.calibration_id

diff --git a/app/models/like.rb b/app/models/like.rb
@@ -1,7 +1,5 @@
 class Like < ActiveRecord::Base
 
-  attr_accessible :spectrum_id, :user_id
-
   validates_presence_of :user_id, :spectrum_id
   belongs_to :user
   belongs_to :spectrum
@@ -20,4 +18,8 @@ def decrement_likes
     self.spectrum.save
   end
 
+  def like_params
+    params.require(:like).permit(:spectrum_id, :user_id)
+  end
+
 end
diff --git a/app/models/macro.rb b/app/models/macro.rb
@@ -10,6 +10,10 @@ class Macro < ActiveRecord::Base
                       on: :create
   validates_format_of :url, with: /\A(http|https):\/\/[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*)?\z/ix
 
-  attr_accessible :title, :description, :code, :macro_type, :url, :user_id
+  private 
+
+  def macro_params
+    params.require(:macro).permit(:title, :description, :code, :macro_type, :url, :user_id)
+  end
 
 end
diff --git a/app/models/snapshot.rb b/app/models/snapshot.rb
@@ -4,8 +4,6 @@ class Snapshot < ActiveRecord::Base
   belongs_to :user
   belongs_to :tag
 
-  attr_accessible :id, :user_id, :spectrum_id, :description, :data, :tag_id
-
   validates_presence_of :user_id
   validates_presence_of :tag_id
   validates_presence_of :spectrum_id
@@ -88,4 +86,10 @@ def has_subsequent_depended_on_snapshots?
     depended_on_snapshots
   end
 
+  private 
+
+  def snapshot_params
+    params.require(:snapshot).permit(:id, :user_id, :spectrum_id, :description, :data, :tag_id)
+  end
+
 end
diff --git a/app/models/spectra_set.rb b/app/models/spectra_set.rb
@@ -1,10 +1,8 @@
 class SpectraSet < ActiveRecord::Base
 
-  attr_accessible :title, :notes, :spectrums_string, :author, :user_id
-
   validates_presence_of :title, :user_id
   validates :title, length: { maximum: 60 }
-  has_many :comments, :dependent => :destroy
+  has_many :comments, dependent: :destroy
   has_and_belongs_to_many :spectrums
   belongs_to :user
 
@@ -91,4 +89,10 @@ def notify_commenters(new_comment,current_user)
     end
   end
 
+  private 
+
+  def spectra_set_params
+    params.require(:spectra_set).permit(:title, :notes, :spectrums_string, :author, :user_id)
+  end
+
 end
diff --git a/app/models/spectrum.rb b/app/models/spectrum.rb
@@ -3,17 +3,15 @@
 
 class Spectrum < ActiveRecord::Base
   include ActionView::Helpers::DateHelper
-
-  attr_accessible :title, :author, :user_id, :notes, :photo, :video_row, :data
-
+
   # place this before the has_one :snapshot so it runs before dependent => :destroy
   before_destroy :is_deletable?
 
-  has_many :comments, :dependent => :destroy
-  has_many :likes, :dependent => :destroy
-  has_many :tags, :dependent => :destroy
-  has_many :snapshots, :dependent => :destroy
-  has_one :processed_spectrum, :dependent => :destroy
+  has_many :comments, dependent: :destroy
+  has_many :likes, dependent: :destroy
+  has_many :tags, dependent: :destroy
+  has_many :snapshots, dependent: :destroy
+  has_one :processed_spectrum, dependent: :destroy
   has_and_belongs_to_many :spectra_sets
 
   # Paperclip
@@ -24,8 +22,8 @@ class Spectrum < ActiveRecord::Base
       :thumb=> "300x100!",
       :large =>   "800x200!" }
 
-  validates_presence_of :title, :on => :create, :message => "can't be blank"
-  validates_presence_of :author, :on => :create, :message => "can't be blank"
+  validates_presence_of :title, on: :create, message: "can't be blank"
+  validates_presence_of :author, on: :create, message: "can't be blank"
   validates :title, length: { maximum: 60 }
   validates :title, format: { with: /\A[\w\ -\'\"]+\z/, message: "can contain only letters, numbers, and spaces." }
   validates :author, :format => { with: /\A\w[\w\.\-_@]+\z/, message: "can contain only letters, numbers, hyphens, underscores and periods." }
@@ -638,4 +636,11 @@ def find_similar(range)
 
   end
 
+  private
+
+  def spectrum_params
+    params.require(:spectrum).permit(:title, :author, :user_id, :notes, :photo, :video_row, :data)
+  end
+
+
 end
diff --git a/app/models/tag.rb b/app/models/tag.rb
@@ -1,12 +1,10 @@
 class Tag < ActiveRecord::Base
 
-  attr_accessible :spectrum_id, :name, :user_id
+  validates_presence_of :name, on: :create, message: "can't be blank"
+  validates_presence_of :user_id, on: :create, message: "can't be blank"
+  validates_presence_of :spectrum_id, on: :create, message: "can't be blank"
 
-  validates_presence_of :name, :on => :create, :message => "can't be blank"
-  validates_presence_of :user_id, :on => :create, :message => "can't be blank"
-  validates_presence_of :spectrum_id, :on => :create, :message => "can't be blank"
-
-  validates :name, :format => {:with => /[\w\.:\,\-\*\+\[\]\(\)\#\$]+/, :message => "can only include letters, numbers, and dashes, or mathematical expressions"}
+  validates :name, :format => {:with => /[\w\.:\,\-\*\+\[\]\(\)\#\$]+/, message: "can only include letters, numbers, and dashes, or mathematical expressions"}
 
   validate :powertags_by_owner
 
@@ -16,7 +14,7 @@ class Tag < ActiveRecord::Base
 
   belongs_to :spectrum
   belongs_to :user
-  has_one :snapshot, :dependent => :destroy
+  has_one :snapshot, dependent: :destroy
 
   before_save :scan_powertags
   after_save :scan_powertags_after_save
@@ -180,4 +178,10 @@ def colors
     colors
   end
 
+  private
+
+  def tag_params
+    params.require(:tag).permit(:spectrum_id, :name, :user_id)
+  end
+
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -11,15 +11,14 @@ class User < ActiveRecord::Base
   validates_length_of       :email,    :within => 6..100 #r@a.wk
   validates_uniqueness_of   :email
 
-  has_many :macros,       :dependent => :destroy
-  has_many :spectrums,    :dependent => :destroy
-  has_many :spectra_sets, :dependent => :destroy
-  has_many :comments,     :dependent => :destroy
+  has_many :macros,       dependent: :destroy
+  has_many :spectrums,    dependent: :destroy
+  has_many :spectra_sets, dependent: :destroy
+  has_many :comments,     dependent: :destroy
 
   # HACK HACK HACK -- how to do attr_accessible from here?
   # prevents a user from submitting a crafted form that bypasses activation
   # anything else you want your user to change should be added here.
-  attr_accessible :login, :email, :name, :password, :password_confirmation, :email_preferences
 
   def after_create
     UserMailer.google_groups_email(self)
@@ -112,4 +111,10 @@ def self.find_by_token(token)
     User.where("created_at > ? AND created_at < ?", t - 1.second, t + 1.second).first
   end
 
+  private
+
+  def user_params
+    params.require(:user).permit(:login, :email, :name, :password, :password_confirmation, :email_preferences)
+  end
+
 end