NPO-Accounting/houdini
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(cards): add strong params

Browse source
This commit is contained in:
Luis Castro 2019-08-06 14:39:48 +02:00 committed by Eric Schultz
parent 593df27f13
commit 08b6a98e39
2 changed files with 17 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/cards_controller.rb
View file

@ -6,7 +6,7 @@ class CardsController < ApplicationController
# post /cards # post /cards
def create def create
acct = Supporter.find(params[:card][:holder_id]).nonprofit.stripe_account_id acct = Supporter.find(card_params[:holder_id]).nonprofit.stripe_account_id
render( render(
JsonResp.new(params) do |_d| JsonResp.new(params) do |_d|
requires(:card).nested do requires(:card).nested do
@ -19,4 +19,10 @@ class CardsController < ApplicationController
end end
) )
end end
private
def card_params
params.require(:card).permit(:cardholders_name, :email, :name, :failure_message, :status, :stripe_card_token, :stripe_card_id, :stripe_customer_id, :holder, :inactive)
end
end end

22
app/models/card.rb
View file

@ -2,18 +2,16 @@
# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
class Card < ApplicationRecord class Card < ApplicationRecord
# TODO # :cardholders_name, # str (name associated with this card)
# attr_accessible \ # :email, # str (cache the email associated with this card)
# :cardholders_name, # str (name associated with this card) # :name, # str (readable card name, eg. Visa *1234)
# :email, # str (cache the email associated with this card) # :failure_message, # accessor for temporarily storing the stripe decline message
# :name, # str (readable card name, eg. Visa *1234) # :status, # str
# :failure_message, # accessor for temporarily storing the stripe decline message # :stripe_card_token, # str
# :status, # str # :stripe_card_id, # str
# :stripe_card_token, # str # :stripe_customer_id, # str
# :stripe_card_id, # str # :holder, :holder_id, :holder_type, # polymorphic cardholder association
# :stripe_customer_id, # str # :inactive # a card is inactive. This is currently only meaningful for nonprofit cards
# :holder, :holder_id, :holder_type, # polymorphic cardholder association
# :inactive # a card is inactive. This is currently only meaningful for nonprofit cards
attr_accessor :failure_message attr_accessor :failure_message