feat(campaigns): add strong params

2019-08-06 14:36:03 +02:00 · 2019-08-06 14:36:03 +02:00 · 399c421f38
commit 399c421f38
parent 32d2039c19
2 changed files with 32 additions and 30 deletions
--- a/app/controllers/campaigns_controller.rb
+++ b/app/controllers/campaigns_controller.rb
@ -64,9 +64,9 @@ class CampaignsController < ApplicationController

  def update
    Time.use_zone(current_nonprofit.timezone || 'UTC') do
-      params[:campaign][:end_datetime] = Chronic.parse(params[:campaign][:end_datetime]) if params[:campaign][:end_datetime].present?
+      campaign_params[:end_datetime] = Chronic.parse(campaign_params[:end_datetime]) if campaign_params[:end_datetime].present?
    end
-    current_campaign.update_attributes params[:campaign]
+    current_campaign.update_attributes campaign_params
    json_saved current_campaign, 'Successfully updated!'
  end

@ -126,4 +126,8 @@ class CampaignsController < ApplicationController
      raise ActionController::RoutingError, 'Not Found'
    end
  end
+
+  def campaign_params
+    params.require(:campaign).permit(:name, :tagline, :slug, :total_supporters, :goal_amount, :nonprofit_id, :profile_id, :main_image, :remove_main_image, :background_image, :remove_background_image, :banner_image, :remove_banner_image, :published, :video_url, :vimeo_video_id, :youtube_video_id, :summary, :recurring_fund, :body, :goal_amount_dollars, :show_total_raised, :show_total_count, :hide_activity_feed, :end_datetime, :deleted, :hide_goal, :hide_thermometer, :hide_title, :receipt_message, :hide_custom_amounts, :parent_campaign_id, :reason_for_supporting, :default_reason_for_supporting)
+  end
 end
--- a/app/models/campaign.rb
+++ b/app/models/campaign.rb
@ -2,37 +2,35 @@

 # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
 class Campaign < ApplicationRecord
-  # TODO
-  # attr_accessible \
-  #   :name,
-  #   :tagline,
-  #   :slug, # str: url name
-  #   :total_supporters,
-  #   :goal_amount,
-  #   :nonprofit_id,
-  #   :profile_id,
-  #   :main_image,
-  #   :remove_main_image, # for carrierwave
-  #   :background_image,
-  #   :remove_background_image, #bool carrierwave
+  # :name,
+  # :tagline,
+  # :slug, # str: url name
+  # :total_supporters,
+  # :goal_amount,
+  # :nonprofit_id,
+  # :profile_id,
+  # :main_image,
+  # :remove_main_image, # for carrierwave
+  # :background_image,
+  # :remove_background_image, #bool carrierwave
  # :banner_image,
  # :remove_banner_image,
-  #   :published,
-  #   :video_url, #str
-  #   :vimeo_video_id,
-  #   :youtube_video_id,
-  #   :summary,
-  #   :recurring_fund, # bool: whether this is a recurring campaign
-  #   :body,
-  #   :goal_amount_dollars, #accessor: translated into goal_amount (cents)
-  #   :show_total_raised, # bool
-  #   :show_total_count, # bool
-  #   :hide_activity_feed, # bool
+  # :published,
+  # :video_url, #str
+  # :vimeo_video_id,
+  # :youtube_video_id,
+  # :summary,
+  # :recurring_fund, # bool: whether this is a recurring campaign
+  # :body,
+  # :goal_amount_dollars, #accessor: translated into goal_amount (cents)
+  # :show_total_raised, # bool
+  # :show_total_count, # bool
+  # :hide_activity_feed, # bool
  # :end_datetime,
-  #   :deleted, #bool (soft delete)
-  #   :hide_goal, # bool
-  #   :hide_thermometer, #bool
-  #   :hide_title, # bool
+  # :deleted, #bool (soft delete)
+  # :hide_goal, # bool
+  # :hide_thermometer, #bool
+  # :hide_title, # bool
  # :receipt_message, # text
  # :hide_custom_amounts, # boolean
  # :parent_campaign_id,