From 4dfdd3b10dc044d022c767f1007f1beaa508d099 Mon Sep 17 00:00:00 2001 From: Vokhmin Alexey V Date: Tue, 28 Apr 2015 00:16:35 +0300 Subject: [PATCH] #472: Remove protected_attributes gem, use strong_parameters for Api::V1::AdvisoriesController --- Gemfile | 2 -- Gemfile.lock | 3 --- .../api/v1/advisories_controller.rb | 6 ++++- app/controllers/concerns/strong_params.rb | 4 +++- .../projects/build_lists_controller.rb | 6 ++++- app/models/activity_feed.rb | 2 +- app/models/advisory.rb | 2 -- app/models/avatar.rb | 2 +- app/models/build_list.rb | 12 +++++----- app/models/build_list/package.rb | 2 +- app/models/build_script.rb | 2 +- app/models/collaborator.rb | 2 +- app/models/comment.rb | 2 +- app/models/concerns/autostart.rb | 2 +- app/models/concerns/default_branchable.rb | 2 +- app/models/concerns/external_nodable.rb | 2 +- .../product_build_lists/statusable.rb | 2 +- app/models/concerns/time_living.rb | 2 +- app/models/event_log.rb | 2 +- app/models/feedback.rb | 2 +- app/models/flash_notify.rb | 2 +- app/models/group.rb | 2 +- app/models/hook.rb | 2 +- app/models/issue.rb | 2 +- app/models/key_pair.rb | 2 +- app/models/label.rb | 2 +- app/models/labeling.rb | 2 +- app/models/mass_build.rb | 8 +++---- app/models/node_instruction.rb | 4 ++-- app/models/platform.rb | 24 +++++++++---------- app/models/platform_arch_setting.rb | 2 +- app/models/product.rb | 14 +++++------ app/models/product_build_list.rb | 20 ++++++++-------- app/models/project.rb | 8 +++---- app/models/project_statistic.rb | 2 +- app/models/project_tag.rb | 2 +- app/models/project_to_repository.rb | 2 +- app/models/pull_request.rb | 2 +- app/models/relation.rb | 2 +- app/models/repository.rb | 12 +++++----- app/models/repository_status.rb | 2 +- app/models/settings_notifier.rb | 22 ++++++++--------- app/models/ssh_key.rb | 2 +- app/models/statistic.rb | 16 ++++++------- app/models/subscribe.rb | 2 +- app/models/token.rb | 2 +- app/models/user.rb | 4 ++-- app/models/user_builds_setting.rb | 2 +- app/policies/advisory_policy.rb | 10 ++++++++ config/environments/development.rb | 3 --- 50 files changed, 126 insertions(+), 116 deletions(-) diff --git a/Gemfile b/Gemfile index ce2c424d6..1e8e1be7b 100644 --- a/Gemfile +++ b/Gemfile @@ -6,8 +6,6 @@ gem 'activeadmin', github: 'activeadmin' gem 'pg' gem 'schema_plus', '~> 1.5' ######## -gem 'protected_attributes' -######## gem 'devise' gem 'omniauth' gem 'omniauth-facebook' diff --git a/Gemfile.lock b/Gemfile.lock index c85ad6e77..feaaf6e52 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -342,8 +342,6 @@ GEM polyamorous (1.1.0) activerecord (>= 3.0) posix-spawn (0.3.10) - protected_attributes (1.0.9) - activemodel (>= 4.0.1, < 5.0) puma (2.11.1) rack (>= 1.1, < 2.0) pundit (0.3.0) @@ -634,7 +632,6 @@ DEPENDENCIES paperclip perform_later! pg - protected_attributes puma pundit rack-throttle (~> 0.3.0) diff --git a/app/controllers/api/v1/advisories_controller.rb b/app/controllers/api/v1/advisories_controller.rb index 669ca036f..f7ba63dd0 100644 --- a/app/controllers/api/v1/advisories_controller.rb +++ b/app/controllers/api/v1/advisories_controller.rb @@ -16,7 +16,7 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController def create authorize :advisory if @build_list.can_attach_to_advisory? && - @build_list.associate_and_create_advisory(params[:advisory]) && + @build_list.associate_and_create_advisory(advisory_params) && @build_list.save render_json_response @build_list.advisory, 'Advisory has been created successfully' else @@ -35,6 +35,10 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController protected + def advisory_params + permit_params(:advisory, *policy(Advisory).permitted_attributes) + end + def load_build_list @build_list = BuildList.find params[:build_list_id] authorize @build_list.save_to_platform, :local_admin_manage? diff --git a/app/controllers/concerns/strong_params.rb b/app/controllers/concerns/strong_params.rb index 0e798ded1..dbeec8cd6 100644 --- a/app/controllers/concerns/strong_params.rb +++ b/app/controllers/concerns/strong_params.rb @@ -4,6 +4,8 @@ module StrongParams protected def permit_params(param_name, *accessible) - (params[param_name] || ActionController::Parameters.new).permit(*accessible.flatten) + [param_name].flatten.inject(params.dup) do |pp, name| + pp = pp[name] || ActionController::Parameters.new + end.permit(*accessible.flatten) end end diff --git a/app/controllers/projects/build_lists_controller.rb b/app/controllers/projects/build_lists_controller.rb index 91bae6c4f..1688e8c16 100644 --- a/app/controllers/projects/build_lists_controller.rb +++ b/app/controllers/projects/build_lists_controller.rb @@ -105,7 +105,7 @@ class Projects::BuildListsController < Projects::BaseController if params[:attach_advisory] == 'new' # create new advisory - unless @build_list.associate_and_create_advisory(params[:build_list][:advisory]) + unless @build_list.associate_and_create_advisory(advisory_params) redirect_to :back, notice: t('layout.build_lists.publish_fail') and return end else @@ -206,6 +206,10 @@ class Projects::BuildListsController < Projects::BaseController protected + def advisory_params + permit_params(%i(build_list advisory), *policy(Advisory).permitted_attributes) + end + # Private: before_action hook which loads BuidList. def load_build_list authorize @build_list = diff --git a/app/models/activity_feed.rb b/app/models/activity_feed.rb index b3836db47..b99e6869f 100644 --- a/app/models/activity_feed.rb +++ b/app/models/activity_feed.rb @@ -9,7 +9,7 @@ class ActivityFeed < ActiveRecord::Base belongs_to :creator, class_name: 'User' serialize :data - attr_accessible :user, :kind, :data, :project_owner, :project_name, :creator_id + # attr_accessible :user, :kind, :data, :project_owner, :project_name, :creator_id default_scope { order created_at: :desc } scope :outdated, -> { offset(1000) } diff --git a/app/models/advisory.rb b/app/models/advisory.rb index 264a2ed66..84fc1aa73 100644 --- a/app/models/advisory.rb +++ b/app/models/advisory.rb @@ -12,8 +12,6 @@ class Advisory < ActiveRecord::Base after_create :generate_advisory_id before_save :normalize_references, if: :references_changed? - attr_accessible :description, :references - ID_TEMPLATE = 'ROSA-%s-%d:%04d' ID_STRING_TEMPLATE = 'ROSA-%s-%04s:%04s' TYPES = {'security' => 'SA', 'bugfix' => 'A'} diff --git a/app/models/avatar.rb b/app/models/avatar.rb index 9296b1a7f..6302ad76d 100644 --- a/app/models/avatar.rb +++ b/app/models/avatar.rb @@ -16,5 +16,5 @@ class Avatar < ActiveRecord::Base validates_attachment_content_type :avatar, content_type: /\Aimage/ validates_attachment_file_name :avatar, matches: [ /(png|jpe?g|gif|bmp|tif?f)\z/i ] - attr_accessible :avatar + # attr_accessible :avatar end diff --git a/app/models/build_list.rb b/app/models/build_list.rb index 00a06d846..77c6db70f 100644 --- a/app/models/build_list.rb +++ b/app/models/build_list.rb @@ -88,12 +88,12 @@ class BuildList < ActiveRecord::Base before_validation :prepare_extra_params, on: :create before_validation :prepare_auto_publish_status, on: :create - attr_accessible :include_repos, :auto_publish, :build_for_platform_id, :commit_hash, - :arch_id, :project_id, :save_to_repository_id, :update_type, - :save_to_platform_id, :project_version, :auto_create_container, - :extra_repositories, :extra_build_lists, :extra_params, - :include_testing_subrepository, :auto_publish_status, - :use_cached_chroot, :use_extra_tests, :save_buildroot + # attr_accessible :include_repos, :auto_publish, :build_for_platform_id, :commit_hash, + # :arch_id, :project_id, :save_to_repository_id, :update_type, + # :save_to_platform_id, :project_version, :auto_create_container, + # :extra_repositories, :extra_build_lists, :extra_params, + # :include_testing_subrepository, :auto_publish_status, + # :use_cached_chroot, :use_extra_tests, :save_buildroot LIVE_TIME = 4.week # for unpublished MAX_LIVE_TIME = 3.month # for published diff --git a/app/models/build_list/package.rb b/app/models/build_list/package.rb index 73120be63..c6dd0d5ee 100644 --- a/app/models/build_list/package.rb +++ b/app/models/build_list/package.rb @@ -7,7 +7,7 @@ class BuildList::Package < ActiveRecord::Base serialize :dependent_packages, Array - attr_accessible :fullname, :name, :release, :version, :sha1, :epoch, :dependent_packages + # attr_accessible :fullname, :name, :release, :version, :sha1, :epoch, :dependent_packages validates :build_list, :build_list_id, :project, :project_id, :platform, :platform_id, :fullname, diff --git a/app/models/build_script.rb b/app/models/build_script.rb index 1c5a395d3..cb1514da9 100644 --- a/app/models/build_script.rb +++ b/app/models/build_script.rb @@ -18,7 +18,7 @@ class BuildScript < ActiveRecord::Base before_validation :attach_project attr_writer :project_name - attr_accessible :project_name, :treeish, :commit, :sha1, :status + # attr_accessible :project_name, :treeish, :commit, :sha1, :status state_machine :status, initial: :active do event(:disable) { transition active: :blocked } diff --git a/app/models/collaborator.rb b/app/models/collaborator.rb index 3c9ca4a49..4a454cbe1 100644 --- a/app/models/collaborator.rb +++ b/app/models/collaborator.rb @@ -8,7 +8,7 @@ class Collaborator attr_accessor :role, :actor, :project, :relation attr_reader :id, :actor_id, :actor_type, :actor_name, :project_id - attr_accessible :role + # attr_accessible :role delegate :new_record?, to: :relation diff --git a/app/models/comment.rb b/app/models/comment.rb index 11fb7c886..1f758ef39 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -22,7 +22,7 @@ class Comment < ActiveRecord::Base after_create :subscribe_on_reply, unless: ->(c) { c.commit_comment? } after_create :subscribe_users - attr_accessible :body, :data + # attr_accessible :body, :data def commentable commit_comment? ? project.repo.commit(Comment.hex_to_commit_hash commentable_id) : super diff --git a/app/models/concerns/autostart.rb b/app/models/concerns/autostart.rb index c9b66ee3c..87d15309a 100644 --- a/app/models/concerns/autostart.rb +++ b/app/models/concerns/autostart.rb @@ -16,7 +16,7 @@ module Autostart validates :autostart_status, numericality: true, inclusion: {in: AUTOSTART_STATUSES}, allow_blank: true - attr_accessible :autostart_status + # attr_accessible :autostart_status end def human_autostart_status diff --git a/app/models/concerns/default_branchable.rb b/app/models/concerns/default_branchable.rb index ef66954a7..91fe54c68 100644 --- a/app/models/concerns/default_branchable.rb +++ b/app/models/concerns/default_branchable.rb @@ -5,7 +5,7 @@ module DefaultBranchable validates :default_branch, length: { maximum: 100 } - attr_accessible :default_branch + # attr_accessible :default_branch end end diff --git a/app/models/concerns/external_nodable.rb b/app/models/concerns/external_nodable.rb index 12d2801b9..0100189e0 100644 --- a/app/models/concerns/external_nodable.rb +++ b/app/models/concerns/external_nodable.rb @@ -9,7 +9,7 @@ module ExternalNodable allow_blank: true - attr_accessible :external_nodes + # attr_accessible :external_nodes end end diff --git a/app/models/concerns/product_build_lists/statusable.rb b/app/models/concerns/product_build_lists/statusable.rb index ab50bb14d..d42134f36 100644 --- a/app/models/concerns/product_build_lists/statusable.rb +++ b/app/models/concerns/product_build_lists/statusable.rb @@ -41,7 +41,7 @@ module ProductBuildLists::Statusable presence: true, inclusion: { in: STATUSES } - attr_accessible :status + # attr_accessible :status before_destroy :can_destroy? diff --git a/app/models/concerns/time_living.rb b/app/models/concerns/time_living.rb index 05f522573..93d57033b 100644 --- a/app/models/concerns/time_living.rb +++ b/app/models/concerns/time_living.rb @@ -18,7 +18,7 @@ module TimeLiving } before_validation :convert_time_living - attr_accessible :time_living + # attr_accessible :time_living end protected diff --git a/app/models/event_log.rb b/app/models/event_log.rb index 815c87b32..b541eee06 100644 --- a/app/models/event_log.rb +++ b/app/models/event_log.rb @@ -12,7 +12,7 @@ class EventLog < ActiveRecord::Base self.eventable_name ||= eventable.name if eventable.respond_to?(:name) end # after_create { self.class.current_controller = nil } - attr_accessible :kind, :message, :eventable, :eventable_name + # attr_accessible :kind, :message, :eventable, :eventable_name class << self def create_with_current_controller(attributes) diff --git a/app/models/feedback.rb b/app/models/feedback.rb index cc383bedd..9372deabb 100644 --- a/app/models/feedback.rb +++ b/app/models/feedback.rb @@ -12,7 +12,7 @@ class Feedback attr_accessor :name, :email, :subject, :message - attr_accessible :name, :email, :subject, :message + # attr_accessible :name, :email, :subject, :message validates :name, :subject, :message, presence: true validates :email, presence: true, diff --git a/app/models/flash_notify.rb b/app/models/flash_notify.rb index 521ec9556..05528607c 100644 --- a/app/models/flash_notify.rb +++ b/app/models/flash_notify.rb @@ -8,7 +8,7 @@ class FlashNotify < ActiveRecord::Base validates :status, inclusion: {in: STATUSES} validates :body_ru, :body_en, :status, presence: true - attr_accessible :body_ru, :body_en, :status, :published + # attr_accessible :body_ru, :body_en, :status, :published def hash_id @digest ||= Digest::MD5.hexdigest("#{self.id}-#{self.updated_at}") diff --git a/app/models/group.rb b/app/models/group.rb index 76a7ab2f2..e5e93b204 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -32,7 +32,7 @@ class Group < Avatar joins(:actors).where('relations.role' => ['admin', 'writer'], 'relations.actor_id' => actor.id, 'relations.actor_type' => 'User') } - attr_accessible :uname, :description, :delete_avatar + # attr_accessible :uname, :description, :delete_avatar attr_readonly :uname attr_accessor :delete_avatar diff --git a/app/models/hook.rb b/app/models/hook.rb index 8d251698f..fcf801ca7 100644 --- a/app/models/hook.rb +++ b/app/models/hook.rb @@ -9,7 +9,7 @@ class Hook < ActiveRecord::Base validates :project, :data, presence: true validates :name, presence: true, inclusion: {in: NAMES} - attr_accessible :data, :name + # attr_accessible :data, :name serialize :data, Hash diff --git a/app/models/issue.rb b/app/models/issue.rb index 47f0f5f82..c39174660 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -47,7 +47,7 @@ class Issue < ActiveRecord::Base before_create :update_statistic before_update :update_statistic - attr_accessible :labelings_attributes, :title, :body, :assignee_id + # attr_accessible :labelings_attributes, :title, :body, :assignee_id accepts_nested_attributes_for :labelings, reject_if: lambda {|attributes| attributes['label_id'].blank?}, allow_destroy: true diff --git a/app/models/key_pair.rb b/app/models/key_pair.rb index ce87f98ac..9ff3139bf 100644 --- a/app/models/key_pair.rb +++ b/app/models/key_pair.rb @@ -4,7 +4,7 @@ class KeyPair < ActiveRecord::Base belongs_to :user attr_accessor :fingerprint - attr_accessible :public, :secret, :repository_id + # attr_accessible :public, :secret, :repository_id attr_encrypted :secret, key: APP_CONFIG['keys']['key_pair_secret_key'] validates :repository, :user, presence: true diff --git a/app/models/label.rb b/app/models/label.rb index 91871f97c..feb265016 100644 --- a/app/models/label.rb +++ b/app/models/label.rb @@ -9,5 +9,5 @@ class Label < ActiveRecord::Base validates :color, presence: true validates :color, format: { with: /\A([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})\z/, message: I18n.t('layout.issues.invalid_labels') } - attr_accessible :name, :color + # attr_accessible :name, :color end diff --git a/app/models/labeling.rb b/app/models/labeling.rb index cb46ecff0..1f6bdaa60 100644 --- a/app/models/labeling.rb +++ b/app/models/labeling.rb @@ -2,5 +2,5 @@ class Labeling < ActiveRecord::Base belongs_to :issue belongs_to :label - attr_accessible :id, :label_id + # attr_accessible :id, :label_id end diff --git a/app/models/mass_build.rb b/app/models/mass_build.rb index af0fd83ed..c4881f937 100644 --- a/app/models/mass_build.rb +++ b/app/models/mass_build.rb @@ -45,10 +45,10 @@ class MassBuild < ActiveRecord::Base scope :search, -> (q) { where("#{table_name}.description ILIKE ?", "%#{q}%") if q.present? } attr_accessor :arches, :repositories - attr_accessible :arches, :auto_publish_status, :projects_list, :build_for_platform_id, - :extra_repositories, :extra_build_lists, :increase_release_tag, - :use_cached_chroot, :use_extra_tests, :description, :extra_mass_builds, - :include_testing_subrepository, :auto_create_container, :repositories + # attr_accessible :arches, :auto_publish_status, :projects_list, :build_for_platform_id, + # :extra_repositories, :extra_build_lists, :increase_release_tag, + # :use_cached_chroot, :use_extra_tests, :description, :extra_mass_builds, + # :include_testing_subrepository, :auto_create_container, :repositories validates :save_to_platform_id, :build_for_platform_id, diff --git a/app/models/node_instruction.rb b/app/models/node_instruction.rb index 7fef37bfe..55992918b 100644 --- a/app/models/node_instruction.rb +++ b/app/models/node_instruction.rb @@ -23,7 +23,7 @@ class NodeInstruction < ActiveRecord::Base errors.add(:status, 'Can be only single active instruction for each node') if !disabled? && NodeInstruction.duplicate(id.to_i, user_id).exists? } - attr_accessible :instruction, :user_id, :output, :status + # attr_accessible :instruction, :user_id, :output, :status state_machine :status, initial: :ready do @@ -62,7 +62,7 @@ class NodeInstruction < ActiveRecord::Base build_lists = BuildList.where(builder_id: user_id, external_nodes: [nil, '']). for_status(BuildList::BUILD_STARTED) - + build_lists.find_each do |bl| bl.update_column(:status, BuildList::BUILD_PENDING) bl.restart_job diff --git a/app/models/platform.rb b/app/models/platform.rb index 1ef32ed4d..a01992b60 100644 --- a/app/models/platform.rb +++ b/app/models/platform.rb @@ -98,18 +98,18 @@ class Platform < ActiveRecord::Base after_destroy -> { remove_symlink_directory unless hidden? } accepts_nested_attributes_for :platform_arch_settings, allow_destroy: true - attr_accessible :name, - :distrib_type, - :parent_platform_id, - :platform_type, - :owner, - :visibility, - :description, - :released, - :platform_arch_settings_attributes, - :automatic_metadata_regeneration, - :admin_id, - :term + # attr_accessible :name, + # :distrib_type, + # :parent_platform_id, + # :platform_type, + # :owner, + # :visibility, + # :description, + # :released, + # :platform_arch_settings_attributes, + # :automatic_metadata_regeneration, + # :admin_id, + # :term attr_accessor :admin_id, :term diff --git a/app/models/platform_arch_setting.rb b/app/models/platform_arch_setting.rb index b8abafecb..0b2bda011 100644 --- a/app/models/platform_arch_setting.rb +++ b/app/models/platform_arch_setting.rb @@ -16,5 +16,5 @@ class PlatformArchSetting < ActiveRecord::Base scope :by_arch, ->(arch) { where(arch_id: arch) if arch.present? } scope :by_default, -> { where(default: true) } - attr_accessible :arch_id, :platform_id, :default + # attr_accessible :arch_id, :platform_id, :default end diff --git a/app/models/product.rb b/app/models/product.rb index 69dc431f7..7fa8d547e 100644 --- a/app/models/product.rb +++ b/app/models/product.rb @@ -16,13 +16,13 @@ class Product < ActiveRecord::Base scope :recent, -> { order(:name) } - attr_accessible :name, - :description, - :project_id, - :main_script, - :params, - :platform_id, - :project_version + # attr_accessible :name, + # :description, + # :project_id, + # :main_script, + # :params, + # :platform_id, + # :project_version attr_readonly :platform_id def full_clone(attrs = {}) diff --git a/app/models/product_build_list.rb b/app/models/product_build_list.rb index 8c0ddc204..400d0ec92 100644 --- a/app/models/product_build_list.rb +++ b/app/models/product_build_list.rb @@ -28,16 +28,16 @@ class ProductBuildList < ActiveRecord::Base validates :main_script, :params, length: { maximum: 255 } attr_accessor :base_url, :product_name - attr_accessible :base_url, - :branch, - :project_id, - :main_script, - :params, - :project_version, - :commit_hash, - :product_id, - :not_delete, - :product_name + # attr_accessible :base_url, + # :branch, + # :project_id, + # :main_script, + # :params, + # :project_version, + # :commit_hash, + # :product_id, + # :not_delete, + # :product_name attr_readonly :product_id serialize :results, Array diff --git a/app/models/project.rb b/app/models/project.rb index c54d980c9..d86077e8c 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -62,10 +62,10 @@ class Project < ActiveRecord::Base errors.delete :project_to_repositories end - attr_accessible :name, :description, :visibility, :srpm, :is_package, - :has_issues, :has_wiki, :maintainer_id, :publish_i686_into_x86_64, - :url, :srpms_list, :mass_import, :add_to_repository_id, :architecture_dependent, - :autostart_status + # attr_accessible :name, :description, :visibility, :srpm, :is_package, + # :has_issues, :has_wiki, :maintainer_id, :publish_i686_into_x86_64, + # :url, :srpms_list, :mass_import, :add_to_repository_id, :architecture_dependent, + # :autostart_status attr_readonly :owner_id, :owner_type before_validation :truncate_name, on: :create diff --git a/app/models/project_statistic.rb b/app/models/project_statistic.rb index 11c971a83..49ab6e890 100644 --- a/app/models/project_statistic.rb +++ b/app/models/project_statistic.rb @@ -6,5 +6,5 @@ class ProjectStatistic < ActiveRecord::Base validates :arch, :project, :average_build_time, :build_count, presence: true validates :project_id, uniqueness: { scope: :arch_id } - attr_accessible :average_build_time, :build_count + # attr_accessible :average_build_time, :build_count end diff --git a/app/models/project_tag.rb b/app/models/project_tag.rb index 3886e86a8..05eedd30c 100644 --- a/app/models/project_tag.rb +++ b/app/models/project_tag.rb @@ -11,7 +11,7 @@ class ProjectTag < ActiveRecord::Base validates :project, :commit_id, :sha1, :tag_name, :format_id, presence: true validates :project_id, uniqueness: { scope: [:tag_name, :format_id] } - attr_accessible :project_id, :commit_id, :sha1, :tag_name, :format_id + # attr_accessible :project_id, :commit_id, :sha1, :tag_name, :format_id def sha1_of_file_store_files [sha1] diff --git a/app/models/project_to_repository.rb b/app/models/project_to_repository.rb index 83dbf97c3..8e8da06f1 100644 --- a/app/models/project_to_repository.rb +++ b/app/models/project_to_repository.rb @@ -12,7 +12,7 @@ class ProjectToRepository < ActiveRecord::Base validate :one_project_in_platform_repositories, on: :create - attr_accessible :project, :project_id + # attr_accessible :project, :project_id AUTOSTART_OPTIONS.each do |field| store_accessor :autostart_options, field diff --git a/app/models/pull_request.rb b/app/models/pull_request.rb index 6517f3692..a4106d955 100644 --- a/app/models/pull_request.rb +++ b/app/models/pull_request.rb @@ -49,7 +49,7 @@ class PullRequest < ActiveRecord::Base after_destroy :clean_dir accepts_nested_attributes_for :issue - attr_accessible :issue_attributes, :to_ref, :from_ref + # attr_accessible :issue_attributes, :to_ref, :from_ref scope :needed_checking, -> { includes(:issue).where(issues: { status: [STATUS_OPEN, STATUS_BLOCKED, STATUS_READY] }) } scope :not_closed_or_merged, -> { needed_checking } diff --git a/app/models/relation.rb b/app/models/relation.rb index a83ceb942..feca86e37 100644 --- a/app/models/relation.rb +++ b/app/models/relation.rb @@ -15,7 +15,7 @@ class Relation < ActiveRecord::Base # validate { errors.add(:actor, :taken) if Relation.where(actor_type: self.actor_type, actor_id: self.actor_id).present? } before_validation :add_default_role - attr_accessible :actor_id, :actor_type, :target_id, :target_type, :actor, :target, :role + # attr_accessible :actor_id, :actor_type, :target_id, :target_type, :actor, :target, :role scope :by_user_through_groups, ->(u) { where("actor_type = 'User' AND actor_id = ? OR actor_type = 'Group' AND actor_id IN (?)", u.id, u.group_ids) diff --git a/app/models/repository.rb b/app/models/repository.rb index f627beb25..535f023c4 100644 --- a/app/models/repository.rb +++ b/app/models/repository.rb @@ -36,12 +36,12 @@ class Repository < ActiveRecord::Base before_destroy :detele_directory - attr_accessible :name, - :description, - :publish_without_qa, - :synchronizing_publications, - :publish_builds_only_from_branch, - :build_for_platform_id + # attr_accessible :name, + # :description, + # :publish_without_qa, + # :synchronizing_publications, + # :publish_builds_only_from_branch, + # :build_for_platform_id attr_readonly :name, :platform_id attr_accessor :projects_list, :build_for_platform_id diff --git a/app/models/repository_status.rb b/app/models/repository_status.rb index f0d281d03..974df8859 100644 --- a/app/models/repository_status.rb +++ b/app/models/repository_status.rb @@ -31,7 +31,7 @@ class RepositoryStatus < ActiveRecord::Base validates :repository, :platform, presence: true validates :repository_id, uniqueness: { scope: :platform_id } - attr_accessible :platform_id, :repository_id + # attr_accessible :platform_id, :repository_id scope :platform_ready, -> { where(platforms: {status: READY}).joins(:platform) } scope :for_regeneration, -> { where(status: WAITING_FOR_REGENERATION) } diff --git a/app/models/settings_notifier.rb b/app/models/settings_notifier.rb index d54036853..8be1ce702 100644 --- a/app/models/settings_notifier.rb +++ b/app/models/settings_notifier.rb @@ -3,16 +3,16 @@ class SettingsNotifier < ActiveRecord::Base validates :user, presence: true - attr_accessible :can_notify, - :update_code, - :new_comment_commit_owner, - :new_comment_commit_repo_owner, - :new_comment_commit_commentor, - :new_comment, - :new_comment_reply, - :new_issue, - :issue_assign, - :new_build, - :new_associated_build + # attr_accessible :can_notify, + # :update_code, + # :new_comment_commit_owner, + # :new_comment_commit_repo_owner, + # :new_comment_commit_commentor, + # :new_comment, + # :new_comment_reply, + # :new_issue, + # :issue_assign, + # :new_build, + # :new_associated_build end diff --git a/app/models/ssh_key.rb b/app/models/ssh_key.rb index baf7097c5..0f6b2f59e 100644 --- a/app/models/ssh_key.rb +++ b/app/models/ssh_key.rb @@ -5,7 +5,7 @@ class SshKey < ActiveRecord::Base SHELL_KEY_COMMAND = "sudo -i -u #{APP_CONFIG['shell_user']} ~#{APP_CONFIG['shell_user']}/gitlab-shell/bin/gitlab-keys" belongs_to :user - attr_accessible :key, :name + # attr_accessible :key, :name before_validation -> { self.key = key.strip if key.present? } before_validation :set_fingerprint diff --git a/app/models/statistic.rb b/app/models/statistic.rb index c4357b0e0..7bd60e941 100644 --- a/app/models/statistic.rb +++ b/app/models/statistic.rb @@ -26,7 +26,7 @@ class Statistic < ActiveRecord::Base validates :email, presence: true - validates :project_id, + validates :project_id, presence: true validates :project_name_with_owner, @@ -41,13 +41,13 @@ class Statistic < ActiveRecord::Base validates :activity_at, presence: true - attr_accessible :user_id, - :email, - :project_id, - :project_name_with_owner, - :key, - :counter, - :activity_at + # attr_accessible :user_id, + # :email, + # :project_id, + # :project_name_with_owner, + # :key, + # :counter, + # :activity_at scope :for_period, -> (start_date, end_date) { where(activity_at: (start_date..end_date)) diff --git a/app/models/subscribe.rb b/app/models/subscribe.rb index 5b00693de..f20b7ffaf 100644 --- a/app/models/subscribe.rb +++ b/app/models/subscribe.rb @@ -3,7 +3,7 @@ class Subscribe < ActiveRecord::Base belongs_to :user belongs_to :project - attr_accessible :status, :user_id + # attr_accessible :status, :user_id validates :user, presence: true def commit_subscribe? diff --git a/app/models/token.rb b/app/models/token.rb index ff5f810db..bcf14674d 100644 --- a/app/models/token.rb +++ b/app/models/token.rb @@ -12,7 +12,7 @@ class Token < ActiveRecord::Base before_validation :generate_token, on: :create - attr_accessible :description + # attr_accessible :description state_machine :status, initial: :active do event :block do diff --git a/app/models/user.rb b/app/models/user.rb index 741435659..b17711138 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -56,8 +56,8 @@ class User < Avatar validates :role, inclusion: { in: EXTENDED_ROLES }, allow_blank: true validates :language, inclusion: { in: LANGUAGES }, allow_blank: true - attr_accessible :email, :password, :password_confirmation, :current_password, :remember_me, :login, :name, :uname, :language, - :site, :company, :professional_experience, :location, :sound_notifications, :hide_email, :delete_avatar + # attr_accessible :email, :password, :password_confirmation, :current_password, :remember_me, :login, :name, :uname, :language, + # :site, :company, :professional_experience, :location, :sound_notifications, :hide_email, :delete_avatar attr_readonly :uname attr_accessor :login, :delete_avatar diff --git a/app/models/user_builds_setting.rb b/app/models/user_builds_setting.rb index 3cba6be9b..fffe76348 100644 --- a/app/models/user_builds_setting.rb +++ b/app/models/user_builds_setting.rb @@ -5,6 +5,6 @@ class UserBuildsSetting < ActiveRecord::Base validates :user, presence: true - attr_accessible :platforms + # attr_accessible :platforms end diff --git a/app/policies/advisory_policy.rb b/app/policies/advisory_policy.rb index 8b6bfed93..eded0db6d 100644 --- a/app/policies/advisory_policy.rb +++ b/app/policies/advisory_policy.rb @@ -11,4 +11,14 @@ class AdvisoryPolicy < ApplicationPolicy end alias_method :update?, :create? + # Public: Get list of parameters that the user is allowed to alter. + # + # Returns Array + def permitted_attributes + %i( + description + references + ) + end + end diff --git a/config/environments/development.rb b/config/environments/development.rb index 67dea41a3..d787c3e76 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -52,9 +52,6 @@ Rosa::Application.configure do # Expands the lines which load the assets config.assets.debug = true - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - config.middleware.insert_before Rails::Rack::Logger, DisableAssetsLogger config.eager_load = false