feat(cards): add strong params

2019-08-06 14:39:48 +02:00 · 2019-08-06 14:39:48 +02:00 · 08b6a98e39
commit 08b6a98e39
parent 593df27f13
2 changed files with 17 additions and 13 deletions
--- a/app/controllers/cards_controller.rb
+++ b/app/controllers/cards_controller.rb
@ -6,7 +6,7 @@ class CardsController < ApplicationController

  # post /cards
  def create
-    acct = Supporter.find(params[:card][:holder_id]).nonprofit.stripe_account_id
+    acct = Supporter.find(card_params[:holder_id]).nonprofit.stripe_account_id
    render(
      JsonResp.new(params) do |_d|
        requires(:card).nested do
@ -19,4 +19,10 @@ class CardsController < ApplicationController
      end
    )
  end
+
+  private
+
+  def card_params
+    params.require(:card).permit(:cardholders_name, :email, :name, :failure_message, :status, :stripe_card_token, :stripe_card_id, :stripe_customer_id, :holder, :inactive)
+  end
 end
--- a/app/models/card.rb
+++ b/app/models/card.rb
@ -2,18 +2,16 @@

 # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
 class Card < ApplicationRecord
-  # TODO
-  # attr_accessible \
-  #   :cardholders_name, # str (name associated with this card)
-  #   :email, # str (cache the email associated with this card)
-  #   :name, # str (readable card name, eg. Visa *1234)
-  #   :failure_message, # accessor for temporarily storing the stripe decline message
-  #   :status, # str
-  #   :stripe_card_token, # str
-  #   :stripe_card_id, # str
-  #   :stripe_customer_id, # str
-  #   :holder, :holder_id, :holder_type, # polymorphic cardholder association
-  #   :inactive # a card is inactive. This is currently only meaningful for nonprofit cards
+  # :cardholders_name, # str (name associated with this card)
+  # :email, # str (cache the email associated with this card)
+  # :name, # str (readable card name, eg. Visa *1234)
+  # :failure_message, # accessor for temporarily storing the stripe decline message
+  # :status, # str
+  # :stripe_card_token, # str
+  # :stripe_card_id, # str
+  # :stripe_customer_id, # str
+  # :holder, :holder_id, :holder_type, # polymorphic cardholder association
+  # :inactive # a card is inactive. This is currently only meaningful for nonprofit cards

  attr_accessor :failure_message