feat(custom_field_join): add strong params
Using permit with a limited list of params
This commit is contained in:
		
							parent
							
								
									c9fba40183
								
							
						
					
					
						commit
						65bd361b3f
					
				
					 2 changed files with 19 additions and 13 deletions
				
			
		|  | @ -8,7 +8,7 @@ module Nonprofits | ||||||
| 
 | 
 | ||||||
|     def index |     def index | ||||||
|       @custom_field_joins = current_nonprofit |       @custom_field_joins = current_nonprofit | ||||||
|                             .supporters.find(params[:supporter_id]) |                             .supporters.find(custom_field_params[:supporter_id]) | ||||||
|                             .custom_field_joins |                             .custom_field_joins | ||||||
|                             .order('created_at DESC') |                             .order('created_at DESC') | ||||||
|     end |     end | ||||||
|  | @ -16,24 +16,30 @@ module Nonprofits | ||||||
|     # used for modify a single supporter's custom fields or a group of |     # used for modify a single supporter's custom fields or a group of | ||||||
|     # selected supporters' CFs or all supporters' CFs |     # selected supporters' CFs or all supporters' CFs | ||||||
|     def modify |     def modify | ||||||
|       if params[:custom_fields].blank? || params[:custom_fields].empty? |       if custom_field_params[:custom_fields].blank? || custom_field_params[:custom_fields].empty? | ||||||
|         render json: {} |         render json: {} | ||||||
|         return |         return | ||||||
|       end |       end | ||||||
| 
 | 
 | ||||||
|       if params[:selecting_all] |       if custom_field_params[:selecting_all] | ||||||
|         supporter_ids = QuerySupporters.full_filter_expr(current_nonprofit.id, params[:query]).select('supporters.id').execute.map { |h| h['id'] } |         supporter_ids = QuerySupporters.full_filter_expr(current_nonprofit.id, custom_field_params[:query]).select('supporters.id').execute.map { |h| h['id'] } | ||||||
|       else |       else | ||||||
|         supporter_ids = params[:supporter_ids]. map(&:to_i) |         supporter_ids = custom_field_params[:supporter_ids]. map(&:to_i) | ||||||
|       end |       end | ||||||
| 
 | 
 | ||||||
|       render InsertCustomFieldJoins.in_bulk(current_nonprofit.id, supporter_ids, params[:custom_fields]) |       render InsertCustomFieldJoins.in_bulk(current_nonprofit.id, supporter_ids, custom_field_params[:custom_fields]) | ||||||
|     end |     end | ||||||
| 
 | 
 | ||||||
|     def destroy |     def destroy | ||||||
|       supporter = current_nonprofit.supporters.find(params[:supporter_id]) |       supporter = current_nonprofit.supporters.find(custom_field_params[:supporter_id]) | ||||||
|       supporter.custom_field_joins.find(params[:id]).destroy |       supporter.custom_field_joins.find(custom_field_params[:id]).destroy | ||||||
|       render json: {}, status: :ok |       render json: {}, status: :ok | ||||||
|     end |     end | ||||||
|  | 
 | ||||||
|  |     private | ||||||
|  | 
 | ||||||
|  |     def custom_field_params | ||||||
|  |       params.permit(:selecting_all, :supporter_id, :supporter_ids, :custom_fields, :query, :id) | ||||||
|  |     end | ||||||
|   end |   end | ||||||
| end | end | ||||||
|  |  | ||||||
|  | @ -2,11 +2,11 @@ | ||||||
| 
 | 
 | ||||||
| # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later | # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later | ||||||
| class CustomFieldJoin < ApplicationRecord | class CustomFieldJoin < ApplicationRecord | ||||||
|   # TODO |   # :supporter, | ||||||
|   # attr_accessible \ |   # :supporter_id, | ||||||
|   #   :supporter, :supporter_id, |   # :custom_field_master, | ||||||
|   #   :custom_field_master, :custom_field_master_id, |   # :custom_field_master_id, | ||||||
|   #   :value |   # :value | ||||||
| 
 | 
 | ||||||
|   validates :custom_field_master, presence: true |   validates :custom_field_master, presence: true | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 Luis Castro
						Luis Castro