NPO-Accounting/houdini
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(profiles): add strong params

Browse source
This commit is contained in:
Luis Castro 2019-08-06 16:07:46 +02:00 committed by Eric Schultz
parent 6a0a674328
commit 27f9d3bda9
2 changed files with 23 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/profiles_controller.rb
View file

@ -47,7 +47,7 @@ class ProfilesController < ApplicationController
else
current_user.profile
end
@profile.update_attributes(params[:profile])
@profile.update_attributes(profile_params)
json_saved @profile, 'Profile updated'
end
@ -69,4 +69,10 @@ class ProfilesController < ApplicationController
redirect_to root_url
end
end
private
def profile_params
params.require(:profile).permit(:registered, :mini_bio, :first_name, :last_name, :name, :phone, :address, :email, :city, :state_code, :zip_code, :privacy_settings, :picture, :anonymous, :city_state, :user_id)
end
end

2
app/models/profile.rb
View file

@ -2,8 +2,6 @@
# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
class Profile < ApplicationRecord
# TODO
# attr_accessible \
# :registered, # bool
# :mini_bio,
# :first_name, # str