feat(custom_field_join): add strong params
Using permit with a limited list of params
This commit is contained in:
		
							parent
							
								
									c9fba40183
								
							
						
					
					
						commit
						65bd361b3f
					
				
					 2 changed files with 19 additions and 13 deletions
				
			
		|  | @ -8,7 +8,7 @@ module Nonprofits | |||
| 
 | ||||
|     def index | ||||
|       @custom_field_joins = current_nonprofit | ||||
|                             .supporters.find(params[:supporter_id]) | ||||
|                             .supporters.find(custom_field_params[:supporter_id]) | ||||
|                             .custom_field_joins | ||||
|                             .order('created_at DESC') | ||||
|     end | ||||
|  | @ -16,24 +16,30 @@ module Nonprofits | |||
|     # used for modify a single supporter's custom fields or a group of | ||||
|     # selected supporters' CFs or all supporters' CFs | ||||
|     def modify | ||||
|       if params[:custom_fields].blank? || params[:custom_fields].empty? | ||||
|       if custom_field_params[:custom_fields].blank? || custom_field_params[:custom_fields].empty? | ||||
|         render json: {} | ||||
|         return | ||||
|       end | ||||
| 
 | ||||
|       if params[:selecting_all] | ||||
|         supporter_ids = QuerySupporters.full_filter_expr(current_nonprofit.id, params[:query]).select('supporters.id').execute.map { |h| h['id'] } | ||||
|       if custom_field_params[:selecting_all] | ||||
|         supporter_ids = QuerySupporters.full_filter_expr(current_nonprofit.id, custom_field_params[:query]).select('supporters.id').execute.map { |h| h['id'] } | ||||
|       else | ||||
|         supporter_ids = params[:supporter_ids]. map(&:to_i) | ||||
|         supporter_ids = custom_field_params[:supporter_ids]. map(&:to_i) | ||||
|       end | ||||
| 
 | ||||
|       render InsertCustomFieldJoins.in_bulk(current_nonprofit.id, supporter_ids, params[:custom_fields]) | ||||
|       render InsertCustomFieldJoins.in_bulk(current_nonprofit.id, supporter_ids, custom_field_params[:custom_fields]) | ||||
|     end | ||||
| 
 | ||||
|     def destroy | ||||
|       supporter = current_nonprofit.supporters.find(params[:supporter_id]) | ||||
|       supporter.custom_field_joins.find(params[:id]).destroy | ||||
|       supporter = current_nonprofit.supporters.find(custom_field_params[:supporter_id]) | ||||
|       supporter.custom_field_joins.find(custom_field_params[:id]).destroy | ||||
|       render json: {}, status: :ok | ||||
|     end | ||||
| 
 | ||||
|     private | ||||
| 
 | ||||
|     def custom_field_params | ||||
|       params.permit(:selecting_all, :supporter_id, :supporter_ids, :custom_fields, :query, :id) | ||||
|     end | ||||
|   end | ||||
| end | ||||
|  |  | |||
|  | @ -2,11 +2,11 @@ | |||
| 
 | ||||
| # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later | ||||
| class CustomFieldJoin < ApplicationRecord | ||||
|   # TODO | ||||
|   # attr_accessible \ | ||||
|   #   :supporter, :supporter_id, | ||||
|   #   :custom_field_master, :custom_field_master_id, | ||||
|   #   :value | ||||
|   # :supporter, | ||||
|   # :supporter_id, | ||||
|   # :custom_field_master, | ||||
|   # :custom_field_master_id, | ||||
|   # :value | ||||
| 
 | ||||
|   validates :custom_field_master, presence: true | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 Luis Castro
						Luis Castro