feat(email_settings): add strong params

2019-08-06 16:05:00 +02:00 · 2019-08-06 16:05:00 +02:00 · 6bdd95a5e9
commit 6bdd95a5e9
parent a5aff586d6
2 changed files with 14 additions and 10 deletions
--- a/app/controllers/email_settings_controller.rb
+++ b/app/controllers/email_settings_controller.rb
@ -15,6 +15,12 @@ class EmailSettingsController < ApplicationController
  # post /nonprofits/:nonprofit_id/users/:user_id/email_settings for current_user
  def create
    user = current_role?(:super_admin) ? User.find(params[:user_id]) : current_user
-    render json: UpdateEmailSettings.save(params[:nonprofit_id], user.id, params[:email_settings])
+    render json: UpdateEmailSettings.save(params[:nonprofit_id], user.id, email_settings_params)
+  end
+
+  private
+
+  def email_settings_params
+    params.require(:email_settings).permit(:notify_payments, :notify_campaigns, :notify_events, :notify_payouts, :notify_recurring_donations)
  end
 end
--- a/app/models/email_setting.rb
+++ b/app/models/email_setting.rb
@ -2,15 +2,13 @@

 # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
 class EmailSetting < ApplicationRecord
-  # TODO
-  # attr_accessible \
-  #   :user_id, :user,
-  #   :nonprofit_id, :nonprofit,
-  #   :notify_payments,
-  #   :notify_campaigns,
-  #   :notify_events,
-  #   :notify_payouts,
-  #   :notify_recurring_donations
+  # :user_id, :user,
+  # :nonprofit_id, :nonprofit,
+  # :notify_payments,
+  # :notify_campaigns,
+  # :notify_events,
+  # :notify_payouts,
+  # :notify_recurring_donations

  belongs_to :nonprofit
  belongs_to :user