##// END OF EJS Templates
jro_apps » redmine
RSS
Use safe_attributes in GroupsController....
Jean-Philippe Lang -
r9563:9f531a438085
parent child
Show More
Side by Side Unified
Context file:
r9563:9f531a438085 Loading diff...:
Show file before | Show file after | Hide comments
@@ -63,7 +63,8 class GroupsController < ApplicationController
63 # POST /groups
63 # POST /groups
64 # POST /groups.xml
64 # POST /groups.xml
65 def create
65 def create
66 @group = Group.new(params[:group])
66 @group = Group.new
67 @group.safe_attributes = params[:group]
67
68
68 respond_to do |format|
69 respond_to do |format|
69 if @group.save
70 if @group.save
@@ -83,9 +84,10 class GroupsController < ApplicationController
83 # PUT /groups/1.xml
84 # PUT /groups/1.xml
84 def update
85 def update
85 @group = Group.find(params[:id])
86 @group = Group.find(params[:id])
87 @group.safe_attributes = params[:group]
86
88
87 respond_to do |format|
89 respond_to do |format|
88 if @group.update_attributes(params[:group])
90 if @group.save
89 flash[:notice] = l(:notice_successful_update)
91 flash[:notice] = l(:notice_successful_update)
90 format.html { redirect_to(groups_path) }
92 format.html { redirect_to(groups_path) }
91 format.xml { head :ok }
93 format.xml { head :ok }
Show file before | Show file after | Hide comments
@@ -16,6 +16,8
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class Group < Principal
18 class Group < Principal
19 include Redmine::SafeAttributes
20
19 has_and_belongs_to_many :users, :after_add => :user_added,
21 has_and_belongs_to_many :users, :after_add => :user_added,
20 :after_remove => :user_removed
22 :after_remove => :user_removed
21
23
@@ -27,6 +29,11 class Group < Principal
27
29
28 before_destroy :remove_references_before_destroy
30 before_destroy :remove_references_before_destroy
29
31
32 safe_attributes 'name',
33 'custom_field_values',
34 'custom_fields',
35 :if => lambda {|group, user| user.admin?}
36
30 def to_s
37 def to_s
31 lastname.to_s
38 lastname.to_s
32 end
39 end
General Comments 0
You need to be logged in to leave comments. Login now