From 63b1b25cee7d1afe136c61ebb4230da43d6aa6ea Mon Sep 17 00:00:00 2001
From: Luis Castro <luiscastroem@gmail.com>
Date: Tue, 6 Aug 2019 16:05:43 +0200
Subject: [PATCH] feat(event): add strong params

---
 app/controllers/events_controller.rb | 18 ++++++---
 app/models/event.rb                  | 56 ++++++++++++++--------------
 2 files changed, 39 insertions(+), 35 deletions(-)

diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb
index 2817c9c7..c0cec3f4 100644
--- a/app/controllers/events_controller.rb
+++ b/app/controllers/events_controller.rb
@@ -31,21 +31,21 @@ class EventsController < ApplicationController
   def create
     render_json do
       Time.use_zone(current_nonprofit.timezone || 'UTC') do
-        params[:event][:start_datetime] = Chronic.parse(params[:event][:start_datetime]) if params[:event][:start_datetime].present?
-        params[:event][:end_datetime] = Chronic.parse(params[:event][:end_datetime]) if params[:event][:end_datetime].present?
+        event_params[:start_datetime] = Chronic.parse(event_params[:start_datetime]) if event_params[:start_datetime].present?
+        event_params[:end_datetime] = Chronic.parse(event_params[:end_datetime]) if event_params[:end_datetime].present?
       end
       flash[:notice] = 'Your draft event has been created! Well done.'
-      ev = current_nonprofit.events.create(params[:event])
+      ev = current_nonprofit.events.create(event_params)
       { url: "/events/#{ev.slug}", event: ev }
     end
   end
 
   def update
     Time.use_zone(current_nonprofit.timezone || 'UTC') do
-      params[:event][:start_datetime] = Chronic.parse(params[:event][:start_datetime]) if params[:event][:start_datetime].present?
-      params[:event][:end_datetime] = Chronic.parse(params[:event][:end_datetime]) if params[:event][:end_datetime].present?
+      event_params[:start_datetime] = Chronic.parse(event_params[:start_datetime]) if event_params[:start_datetime].present?
+      event_params[:end_datetime] = Chronic.parse(event_params[:end_datetime]) if event_params[:end_datetime].present?
     end
-    current_event.update_attributes(params[:event])
+    current_event.update_attributes(event_params)
     json_saved current_event, 'Successfully updated'
   end
 
@@ -77,4 +77,10 @@ class EventsController < ApplicationController
   def name_and_id
     render json: QueryEvents.name_and_id(current_nonprofit.id)
   end
+
+  private
+
+  def event_params
+    params.require(:event).permit(:deleted, :name, :tagline, :summary, :body, :end_datetime, :start_datetime, :latitude, :longitude, :location, :city, :state_code, :address, :zip_code, :main_image, :remove_main_image, :background_image, :remove_background_image, :published, :slug, :directions, :venue_name, :profile_id, :ticket_levels_attributes, :show_total_raised, :show_total_count, :hide_activity_feed, :nonprofit_id, :hide_title, :organizer_email, :receipt_message)
+  end
 end
diff --git a/app/models/event.rb b/app/models/event.rb
index bba09a11..928a6433 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -2,37 +2,35 @@
 
 # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
 class Event < ApplicationRecord
-  # TODO
-  # attr_accessible \
-  #   :deleted, #bool for soft-delete
-  #   :name, # str
-  #   :tagline, # str
-  #   :summary, # text
-  #   :body, # text (html)
+  # :deleted, #bool for soft-delete
+  # :name, # str
+  # :tagline, # str
+  # :summary, # text
+  # :body, # text (html)
   # :end_datetime,
   # :start_datetime,
-  #   :latitude, # float
-  #   :longitude, # float
-  #   :location, # str
-  #   :city, # str
-  #   :state_code, # str
-  #   :address, # str
-  #   :zip_code, # str
-  #   :main_image, # str
-  #   :remove_main_image, # for carrierwave
-  #   :background_image, # str
-  #   :remove_background_image, # bool carrierwave
-  #   :published, # bool
-  #   :slug, # str
-  #   :directions, # text
-  #   :venue_name, # str
-  #   :profile_id, # creator
-  #   :ticket_levels_attributes,
-  #   :show_total_raised, # bool
-  #   :show_total_count, # bool
-  #   :hide_activity_feed, # bool
-  #   :nonprofit_id, # host
-  #   :hide_title,  # bool
+  # :latitude, # float
+  # :longitude, # float
+  # :location, # str
+  # :city, # str
+  # :state_code, # str
+  # :address, # str
+  # :zip_code, # str
+  # :main_image, # str
+  # :remove_main_image, # for carrierwave
+  # :background_image, # str
+  # :remove_background_image, # bool carrierwave
+  # :published, # bool
+  # :slug, # str
+  # :directions, # text
+  # :venue_name, # str
+  # :profile_id, # creator
+  # :ticket_levels_attributes,
+  # :show_total_raised, # bool
+  # :show_total_count, # bool
+  # :hide_activity_feed, # bool
+  # :nonprofit_id, # host
+  # :hide_title,  # bool
   # :organizer_email, # string
   # :receipt_message # text