diff --git a/app/models/build_list/item.rb b/app/models/build_list/item.rb index ad9fabd72..78eb5e1bf 100644 --- a/app/models/build_list/item.rb +++ b/app/models/build_list/item.rb @@ -2,7 +2,7 @@ class BuildList::Item < ActiveRecord::Base belongs_to :build_list, touch: true - attr_protected :build_list_id + # attr_protected :build_list_id GIT_ERROR = 5 diff --git a/app/models/collaborator.rb b/app/models/collaborator.rb index 032913db0..4b506c66c 100644 --- a/app/models/collaborator.rb +++ b/app/models/collaborator.rb @@ -3,7 +3,6 @@ class Collaborator include ActiveModel::Validations include ActiveModel::Serializers::JSON # include ActiveModel::MassAssignmentSecurity - include ActiveModel::ForbiddenAttributesProtection extend ActiveModel::Naming attr_accessor :role, :actor, :project, :relation diff --git a/app/policies/build_list_policy.rb b/app/policies/build_list_policy.rb index 484e5fc26..9a86b4a1f 100644 --- a/app/policies/build_list_policy.rb +++ b/app/policies/build_list_policy.rb @@ -61,7 +61,7 @@ class BuildListPolicy < ApplicationPolicy # # Returns Array def permitted_attributes - %i( + pa = %i( arch_id auto_create_container auto_publish @@ -69,20 +69,23 @@ class BuildListPolicy < ApplicationPolicy build_for_platform_id commit_hash external_nodes - extra_build_lists - extra_params - extra_repositories - include_repos include_testing_subrepository project_id project_version save_buildroot save_to_platform_id save_to_repository_id - update_type, + update_type use_cached_chroot use_extra_tests ) + pa << { + include_repos: [], + extra_build_lists: [], + extra_repositories: [], + extra_params: BuildList::EXTRA_PARAMS, + } + pa end class Scope < Scope diff --git a/spec/controllers/api/v1/build_lists_controller_spec.rb b/spec/controllers/api/v1/build_lists_controller_spec.rb index a5240acf5..3fa2a4e74 100644 --- a/spec/controllers/api/v1/build_lists_controller_spec.rb +++ b/spec/controllers/api/v1/build_lists_controller_spec.rb @@ -533,7 +533,8 @@ describe Api::V1::BuildListsController, type: :controller do @another_user = FactoryGirl.create(:user) @build_list.update_column(:status, BuildList::SUCCESS) @build_list.save_to_repository.update_column(:publish_without_qa, true) - @build_list.project.collaborators.create(actor_type: 'User', actor_id: @another_user.id, role: 'reader') + Collaborator.create(actor_type: 'User', actor_id: @another_user.id, role: 'reader', project: @build_list.project) + http_login(@another_user) do_reject_publish end diff --git a/spec/controllers/projects/build_lists_controller_spec.rb b/spec/controllers/projects/build_lists_controller_spec.rb index ff5145ebb..195d4c802 100644 --- a/spec/controllers/projects/build_lists_controller_spec.rb +++ b/spec/controllers/projects/build_lists_controller_spec.rb @@ -165,7 +165,7 @@ describe Projects::BuildListsController, type: :controller do it 'returns an error if user is project reader' do @another_user = FactoryGirl.create(:user) - @build_list.project.collaborators.create(actor_type: 'User', actor_id: @another_user.id, role: 'reader') + Collaborator.create(actor_type: 'User', actor_id: @another_user.id, role: 'reader', project: @build_list.project) set_session_for(@another_user) expect_any_instance_of(BuildList).to_not receive(:rerun_tests) @@ -245,7 +245,7 @@ describe Projects::BuildListsController, type: :controller do @another_user = FactoryGirl.create(:user) @build_list.update_column(:status, BuildList::SUCCESS) @build_list.save_to_repository.update_column(:publish_without_qa, true) - @build_list.project.collaborators.create(actor_type: 'User', actor_id: @another_user.id, role: 'reader') + Collaborator.create(actor_type: 'User', actor_id: @another_user.id, role: 'reader', project: @build_list.project) set_session_for(@another_user) do_reject_publish end