##// END OF EJS Templates
jro_apps » redmine
RSS
Prevent mass-assignment when adding/updating an issue category (#10390)....
Jean-Philippe Lang -
r9011:460239d1f9ee
parent child
Show More
Side by Side Unified
Context file:
r9011:460239d1f9ee Loading diff...:
Show file before | Show file after | Hide comments
@@ -39,11 +39,13 class IssueCategoriesController < ApplicationController
39 end
39 end
40
40
41 def new
41 def new
42 @category = @project.issue_categories.build(params[:issue_category])
42 @category = @project.issue_categories.build
43 @category.safe_attributes = params[:issue_category]
43 end
44 end
44
45
45 def create
46 def create
46 @category = @project.issue_categories.build(params[:issue_category])
47 @category = @project.issue_categories.build
48 @category.safe_attributes = params[:issue_category]
47 if @category.save
49 if @category.save
48 respond_to do |format|
50 respond_to do |format|
49 format.html do
51 format.html do
@@ -73,7 +75,8 class IssueCategoriesController < ApplicationController
73 end
75 end
74
76
75 def update
77 def update
76 if @category.update_attributes(params[:issue_category])
78 @category.safe_attributes = params[:issue_category]
79 if @category.save
77 respond_to do |format|
80 respond_to do |format|
78 format.html {
81 format.html {
79 flash[:notice] = l(:notice_successful_update)
82 flash[:notice] = l(:notice_successful_update)
Show file before | Show file after | Hide comments
@@ -16,6 +16,7
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class IssueCategory < ActiveRecord::Base
18 class IssueCategory < ActiveRecord::Base
19 include Redmine::SafeAttributes
19 belongs_to :project
20 belongs_to :project
20 belongs_to :assigned_to, :class_name => 'Principal', :foreign_key => 'assigned_to_id'
21 belongs_to :assigned_to, :class_name => 'Principal', :foreign_key => 'assigned_to_id'
21 has_many :issues, :foreign_key => 'category_id', :dependent => :nullify
22 has_many :issues, :foreign_key => 'category_id', :dependent => :nullify
@@ -24,7 +25,7 class IssueCategory < ActiveRecord::Base
24 validates_uniqueness_of :name, :scope => [:project_id]
25 validates_uniqueness_of :name, :scope => [:project_id]
25 validates_length_of :name, :maximum => 30
26 validates_length_of :name, :maximum => 30
26
27
27 attr_protected :project_id
28 safe_attributes 'name', 'assigned_to_id'
28
29
29 named_scope :named, lambda {|arg| { :conditions => ["LOWER(#{table_name}.name) = LOWER(?)", arg.to_s.strip]}}
30 named_scope :named, lambda {|arg| { :conditions => ["LOWER(#{table_name}.name) = LOWER(?)", arg.to_s.strip]}}
30
31
General Comments 0
You need to be logged in to leave comments. Login now