feat(event): add strong params

2019-08-06 16:05:43 +02:00 · 2019-08-06 16:05:43 +02:00 · 63b1b25cee
commit 63b1b25cee
parent 567830b9be
2 changed files with 39 additions and 35 deletions
--- a/app/controllers/events_controller.rb
+++ b/app/controllers/events_controller.rb
@ -31,21 +31,21 @@ class EventsController < ApplicationController
  def create
    render_json do
      Time.use_zone(current_nonprofit.timezone || 'UTC') do
-        params[:event][:start_datetime] = Chronic.parse(params[:event][:start_datetime]) if params[:event][:start_datetime].present?
+        event_params[:start_datetime] = Chronic.parse(event_params[:start_datetime]) if event_params[:start_datetime].present?
-        params[:event][:end_datetime] = Chronic.parse(params[:event][:end_datetime]) if params[:event][:end_datetime].present?
+        event_params[:end_datetime] = Chronic.parse(event_params[:end_datetime]) if event_params[:end_datetime].present?
      end
      flash[:notice] = 'Your draft event has been created! Well done.'
-      ev = current_nonprofit.events.create(params[:event])
+      ev = current_nonprofit.events.create(event_params)
      { url: "/events/#{ev.slug}", event: ev }
    end
  end
  def update
    Time.use_zone(current_nonprofit.timezone || 'UTC') do
-      params[:event][:start_datetime] = Chronic.parse(params[:event][:start_datetime]) if params[:event][:start_datetime].present?
+      event_params[:start_datetime] = Chronic.parse(event_params[:start_datetime]) if event_params[:start_datetime].present?
-      params[:event][:end_datetime] = Chronic.parse(params[:event][:end_datetime]) if params[:event][:end_datetime].present?
+      event_params[:end_datetime] = Chronic.parse(event_params[:end_datetime]) if event_params[:end_datetime].present?
    end
-    current_event.update_attributes(params[:event])
+    current_event.update_attributes(event_params)
    json_saved current_event, 'Successfully updated'
  end
@ -77,4 +77,10 @@ class EventsController < ApplicationController
  def name_and_id
    render json: QueryEvents.name_and_id(current_nonprofit.id)
  end
  private
  def event_params
    params.require(:event).permit(:deleted, :name, :tagline, :summary, :body, :end_datetime, :start_datetime, :latitude, :longitude, :location, :city, :state_code, :address, :zip_code, :main_image, :remove_main_image, :background_image, :remove_background_image, :published, :slug, :directions, :venue_name, :profile_id, :ticket_levels_attributes, :show_total_raised, :show_total_count, :hide_activity_feed, :nonprofit_id, :hide_title, :organizer_email, :receipt_message)
  end
 end
--- a/app/models/event.rb
+++ b/app/models/event.rb
@ -2,37 +2,35 @@
 # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
 class Event < ApplicationRecord
-  # TODO
+  # :deleted, #bool for soft-delete
-  # attr_accessible \
+  # :name, # str
-  #   :deleted, #bool for soft-delete
+  # :tagline, # str
-  #   :name, # str
+  # :summary, # text
-  #   :tagline, # str
+  # :body, # text (html)
  #   :summary, # text
  #   :body, # text (html)
  # :end_datetime,
  # :start_datetime,
-  #   :latitude, # float
+  # :latitude, # float
-  #   :longitude, # float
+  # :longitude, # float
-  #   :location, # str
+  # :location, # str
-  #   :city, # str
+  # :city, # str
-  #   :state_code, # str
+  # :state_code, # str
-  #   :address, # str
+  # :address, # str
-  #   :zip_code, # str
+  # :zip_code, # str
-  #   :main_image, # str
+  # :main_image, # str
-  #   :remove_main_image, # for carrierwave
+  # :remove_main_image, # for carrierwave
-  #   :background_image, # str
+  # :background_image, # str
-  #   :remove_background_image, # bool carrierwave
+  # :remove_background_image, # bool carrierwave
-  #   :published, # bool
+  # :published, # bool
-  #   :slug, # str
+  # :slug, # str
-  #   :directions, # text
+  # :directions, # text
-  #   :venue_name, # str
+  # :venue_name, # str
-  #   :profile_id, # creator
+  # :profile_id, # creator
-  #   :ticket_levels_attributes,
+  # :ticket_levels_attributes,
-  #   :show_total_raised, # bool
+  # :show_total_raised, # bool
-  #   :show_total_count, # bool
+  # :show_total_count, # bool
-  #   :hide_activity_feed, # bool
+  # :hide_activity_feed, # bool
-  #   :nonprofit_id, # host
+  # :nonprofit_id, # host
-  #   :hide_title,  # bool
+  # :hide_title,  # bool
  # :organizer_email, # string
  # :receipt_message # text