feat(custom_field_join): add strong params
Using permit with a limited list of params
This commit is contained in:
Luis Castro
Eric Schultz
parent
c9fba40183
commit
65bd361b3f
2 changed files with 19 additions and 13 deletions
|
|
@ -8,7 +8,7 @@ module Nonprofits
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@custom_field_joins = current_nonprofit
|
@custom_field_joins = current_nonprofit
|
||||||
.supporters.find(params[:supporter_id])
|
.supporters.find(custom_field_params[:supporter_id])
|
||||||
.custom_field_joins
|
.custom_field_joins
|
||||||
.order('created_at DESC')
|
.order('created_at DESC')
|
||||||
end
|
end
|
||||||
|
|
@ -16,24 +16,30 @@ module Nonprofits
|
||||||
# used for modify a single supporter's custom fields or a group of
|
# used for modify a single supporter's custom fields or a group of
|
||||||
# selected supporters' CFs or all supporters' CFs
|
# selected supporters' CFs or all supporters' CFs
|
||||||
def modify
|
def modify
|
||||||
if params[:custom_fields].blank? || params[:custom_fields].empty?
|
if custom_field_params[:custom_fields].blank? || custom_field_params[:custom_fields].empty?
|
||||||
render json: {}
|
render json: {}
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
if params[:selecting_all]
|
if custom_field_params[:selecting_all]
|
||||||
supporter_ids = QuerySupporters.full_filter_expr(current_nonprofit.id, params[:query]).select('supporters.id').execute.map { |h| h['id'] }
|
supporter_ids = QuerySupporters.full_filter_expr(current_nonprofit.id, custom_field_params[:query]).select('supporters.id').execute.map { |h| h['id'] }
|
||||||
else
|
else
|
||||||
supporter_ids = params[:supporter_ids]. map(&:to_i)
|
supporter_ids = custom_field_params[:supporter_ids]. map(&:to_i)
|
||||||
end
|
end
|
||||||
|
|
||||||
render InsertCustomFieldJoins.in_bulk(current_nonprofit.id, supporter_ids, params[:custom_fields])
|
render InsertCustomFieldJoins.in_bulk(current_nonprofit.id, supporter_ids, custom_field_params[:custom_fields])
|
||||||
end
|
end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
supporter = current_nonprofit.supporters.find(params[:supporter_id])
|
supporter = current_nonprofit.supporters.find(custom_field_params[:supporter_id])
|
||||||
supporter.custom_field_joins.find(params[:id]).destroy
|
supporter.custom_field_joins.find(custom_field_params[:id]).destroy
|
||||||
render json: {}, status: :ok
|
render json: {}, status: :ok
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def custom_field_params
|
||||||
|
params.permit(:selecting_all, :supporter_id, :supporter_ids, :custom_fields, :query, :id)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -2,10 +2,10 @@
|
||||||
|
|
||||||
# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
|
# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
|
||||||
class CustomFieldJoin < ApplicationRecord
|
class CustomFieldJoin < ApplicationRecord
|
||||||
# TODO
|
# :supporter,
|
||||||
# attr_accessible \
|
# :supporter_id,
|
||||||
# :supporter, :supporter_id,
|
# :custom_field_master,
|
||||||
# :custom_field_master, :custom_field_master_id,
|
# :custom_field_master_id,
|
||||||
# :value
|
# :value
|
||||||
|
|
||||||
validates :custom_field_master, presence: true
|
validates :custom_field_master, presence: true
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue