diff --git a/app/controllers/api/v1/platforms_controller.rb b/app/controllers/api/v1/platforms_controller.rb index f352bd7df..97e155bc8 100644 --- a/app/controllers/api/v1/platforms_controller.rb +++ b/app/controllers/api/v1/platforms_controller.rb @@ -32,17 +32,17 @@ class Api::V1::PlatformsController < Api::V1::BaseController end def create - platform_params = params[:platform] || {} - owner = User.where(id: platform_params[:owner_id]).first - @platform = Platform.new platform_params + pp = params[:platform] || {} + owner = User.find_by(id: pp[:owner_id]) + @platform = Platform.new(platform_params) @platform.owner = owner || get_owner create_subject @platform end def update - platform_params = params[:platform] || {} - owner = User.where(id: platform_params[:owner_id]).first - platform_params[:owner] = owner if owner + pp = params[:platform] || {} + owner = User.find_by(id: pp[:owner_id]) + pp[:owner] = owner if owner update_subject @platform end @@ -80,6 +80,10 @@ class Api::V1::PlatformsController < Api::V1::BaseController private + def platform_params + subject_params(Platform) + end + # Private: before_action hook which loads Platform. def load_platform authorize @platform = Platform.find(params[:id]) diff --git a/app/policies/platform_policy.rb b/app/policies/platform_policy.rb index d333b2557..da162f9f9 100644 --- a/app/policies/platform_policy.rb +++ b/app/policies/platform_policy.rb @@ -62,6 +62,27 @@ class PlatformPolicy < ApplicationPolicy record.personal? && ( is_admin? || owner? ) end + # Public: Get list of parameters that the user is allowed to alter. + # + # Returns Array + def permitted_attributes + %i( + admin_id + automatic_metadata_regeneration + default_branch + description + distrib_type + name + owner + parent_platform_id + platform_arch_settings_attributes + platform_type + released + term + visibility + ) + end + class Scope < Scope def related