From 32d2039c19ef89e5b60dd31be726180df07487e9 Mon Sep 17 00:00:00 2001 From: Luis Castro Date: Tue, 6 Aug 2019 14:23:53 +0200 Subject: [PATCH] feat(bank_accounts): add strong params --- .../nonprofits/bank_accounts_controller.rb | 6 ++++++ app/models/bank_account.rb | 15 ++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/app/controllers/nonprofits/bank_accounts_controller.rb b/app/controllers/nonprofits/bank_accounts_controller.rb index 43dfbc31..669837a6 100644 --- a/app/controllers/nonprofits/bank_accounts_controller.rb +++ b/app/controllers/nonprofits/bank_accounts_controller.rb @@ -61,5 +61,11 @@ module Nonprofits NonprofitMailer.delay.new_bank_account_notification(ba) if ba.valid? respond_to { |format| format.json { render json: {} } } end + + private + + def required_params + params.permit(:name, :confirmation_token, :account_number, :bank_name, :pending_verification, :status, :email, :deleted, :stripe_bank_account_token, :stripe_bank_account_id, :nonprofit_id) + end end end diff --git a/app/models/bank_account.rb b/app/models/bank_account.rb index aa3d7f98..82291b55 100644 --- a/app/models/bank_account.rb +++ b/app/models/bank_account.rb @@ -2,8 +2,6 @@ # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later class BankAccount < ApplicationRecord - # TODO - # attr_accessible \ # :name, # str (readable bank name identifier, eg. "Wells Fargo *1234") # :confirmation_token, # str (randomly generated private token for email confirmation) # :account_number, # str (last digits only) @@ -15,13 +13,12 @@ class BankAccount < ApplicationRecord # :stripe_bank_account_token, # str # :stripe_bank_account_id, # str # :nonprofit_id, :nonprofit - - # validates :stripe_bank_account_token, presence: true, uniqueness: true - # validates :stripe_bank_account_id, presence: true, uniqueness: true - # validates :nonprofit, presence: true - # validates :email, presence: true, format: {with: Email::Regex} - # validate :nonprofit_must_be_vetted, on: :create - # validate :nonprofit_has_stripe_account + validates :stripe_bank_account_token, presence: true, uniqueness: true + validates :stripe_bank_account_id, presence: true, uniqueness: true + validates :nonprofit, presence: true + validates :email, presence: true, format: {with: Email::Regex} + validate :nonprofit_must_be_vetted, on: :create + validate :nonprofit_has_stripe_account has_many :payouts belongs_to :nonprofit