#472: Update activeadmin gem, some fixes

Gemfile.lock

@@ -10,9 +10,9 @@ GIT
 
 GIT
   remote: git://github.com/activeadmin/activeadmin.git
-  revision: e27ccba8a7ea1f7f3085748decec1f6911f6d5d2
+  revision: 9c46b14ea0d9b3aaaa3d7520555c9959d06ce7f3
   specs:
-    activeadmin (1.0.0.pre)
+    activeadmin (1.0.0.pre1)
       arbre (~> 1.0, >= 1.0.2)
       bourbon
       coffee-rails
@@ -104,7 +104,7 @@ GEM
     bootstrap-sass (3.3.3)
       autoprefixer-rails (>= 5.0.0.1)
       sass (>= 3.2.19)
-    bourbon (4.2.1)
+    bourbon (4.2.3)
       sass (~> 3.4)
       thor
     builder (3.2.2)
@@ -130,10 +130,10 @@ GEM
     coffee-rails (4.1.0)
       coffee-script (>= 2.2.0)
       railties (>= 4.0.0, < 5.0)
-    coffee-script (2.3.0)
+    coffee-script (2.4.1)
       coffee-script-source
       execjs
-    coffee-script-source (1.9.1)
+    coffee-script-source (1.9.1.1)
     compass (1.0.3)
       chunky_png (~> 1.2)
       compass-core (~> 1.0.2)
@@ -170,7 +170,7 @@ GEM
     erubis (2.7.0)
     escape_utils (1.0.1)
     eventmachine (1.0.5)
-    execjs (2.3.0)
+    execjs (2.5.2)
     expression_parser (0.9.0)
     factory_girl (4.5.0)
       activesupport (>= 3.0.0)
@@ -184,7 +184,7 @@ GEM
       railties (>= 3.2, < 5.0)
     formtastic (3.1.3)
       actionpack (>= 3.2.13)
-    formtastic_i18n (0.1.1)
+    formtastic_i18n (0.4.1)
     friendly_id (5.1.0)
       activerecord (>= 4.0.0)
     gemoji (2.1.0)
@@ -244,7 +244,7 @@ GEM
     jquery-rails (3.1.2)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
-    jquery-ui-rails (5.0.3)
+    jquery-ui-rails (5.0.5)
       railties (>= 3.2.16)
     js-routes (1.0.0)
       railties (>= 3.2)
@@ -280,7 +280,7 @@ GEM
       railties (>= 3.0.0, < 5.0.0)
     mime-types (1.25.1)
     mini_portile (0.6.2)
-    minitest (5.6.0)
+    minitest (5.6.1)
     mock_redis (0.14.0)
     momentjs-rails (2.9.0)
       railties (>= 3.1)
@@ -339,7 +339,7 @@ GEM
       cocaine (~> 0.5.3)
       mime-types
     pg (0.18.1)
-    polyamorous (1.1.0)
+    polyamorous (1.2.0)
       activerecord (>= 3.0)
     posix-spawn (0.3.10)
     puma (2.11.1)
@@ -349,7 +349,7 @@ GEM
     pygments.rb (0.6.2)
       posix-spawn (~> 0.3.6)
       yajl-ruby (~> 1.2.0)
-    rack (1.5.2)
+    rack (1.5.3)
     rack-contrib (1.2.0)
       rack (>= 0.9.1)
     rack-protection (1.5.3)
@@ -381,12 +381,12 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rake (10.4.2)
-    ransack (1.6.3)
+    ransack (1.6.6)
       actionpack (>= 3.0)
       activerecord (>= 3.0)
       activesupport (>= 3.0)
       i18n
-      polyamorous (~> 1.1)
+      polyamorous (~> 1.2)
     rb-fsevent (0.9.4)
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
@@ -467,7 +467,7 @@ GEM
     safe_yaml (1.0.4)
     sanitize (2.1.0)
       nokogiri (>= 1.4.4)
-    sass (3.4.13)
+    sass (3.4.14)
     sass-rails (5.0.1)
       railties (>= 4.0.0, < 5.0)
       sass (~> 3.1)
@@ -510,7 +510,7 @@ GEM
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.4)
+    sprockets-rails (2.3.1)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)

app/admin/build_scripts.rb

@@ -1,4 +1,5 @@
 ActiveAdmin.register BuildScript do
+  permit_params :project_name, :treeish, :commit, :sha1, :status
 
   menu priority: 4
 

app/admin/flash_notifies.rb

@@ -1,4 +1,5 @@
 ActiveAdmin.register FlashNotify do
+  permit_params :body_ru, :body_en, :status, :published
 
   menu parent: 'Misc'
 

app/admin/node_instructions.rb

@@ -1,4 +1,5 @@
 ActiveAdmin.register NodeInstruction do
+  permit_params :instruction, :user_id, :output, :status
 
   menu priority: 3
 

app/controllers/contacts_controller.rb

@@ -6,7 +6,7 @@ class ContactsController < ApplicationController
   end
 
   def create
-    @form = Feedback.new(params[:feedback])
+    @form = Feedback.new(feedback_params)
     if @form.perform_send
       flash[:notice] = I18n.t("flash.contact.success")
       redirect_to sended_contact_path
@@ -19,4 +19,10 @@ class ContactsController < ApplicationController
   def sended
   end
 
+  private
+
+  def feedback_params
+    params[:feedback].permit(:name, :email, :subject, :message)
+  end
+
 end

app/controllers/users/settings_controller.rb

@@ -7,7 +7,7 @@ class Users::SettingsController < Users::BaseController
   def profile
     if request.patch?
       send_confirmation = params[:user][:email] != @user.email
-      if @user.update_without_password(params[:user])
+      if @user.update_without_password(user_params)
         update_avatar(@user, params)
         if send_confirmation
           @user.confirmed_at = @user.confirmation_sent_at = nil
@@ -29,7 +29,7 @@ class Users::SettingsController < Users::BaseController
 
   def private
     if request.patch?
-      if @user.update_with_password(params[:user])
+      if @user.update_with_password(user_params)
         flash[:notice] = t('flash.user.saved')
         redirect_to private_settings_path and return
       end
@@ -51,7 +51,7 @@ class Users::SettingsController < Users::BaseController
   def builds_settings
     @user.builds_setting ||= @user.build_builds_setting
     if request.patch?
-      if @user.builds_setting.update_attributes(params[:user_builds_setting])
+      if @user.builds_setting.update_attributes(user_builds_setting_params)
         flash[:notice] = I18n.t("flash.settings.saved")
         redirect_to builds_settings_settings_path and return
       end
@@ -59,4 +59,14 @@ class Users::SettingsController < Users::BaseController
     end
   end
 
+  private
+
+  def user_params
+    subject_params(User)
+  end
+
+  def user_builds_setting_params
+    subject_params(UserBuildsSetting)
+  end
+
 end

app/controllers/users/ssh_keys_controller.rb

@@ -8,7 +8,7 @@ class Users::SshKeysController < Users::BaseController
   end
 
   def create
-    @ssh_key = current_user.ssh_keys.new params[:ssh_key]
+    @ssh_key = current_user.ssh_keys.new ssh_key_params
 
     if @ssh_key.save
       flash[:notice] = t 'flash.ssh_keys.saved'
@@ -29,4 +29,10 @@ class Users::SshKeysController < Users::BaseController
     redirect_to ssh_keys_path
   end
 
+  private
+
+  def ssh_key_params
+    subject_params(SshKey)
+  end
+
 end

app/models/activity_feed.rb

@@ -9,8 +9,6 @@ class ActivityFeed < ActiveRecord::Base
   belongs_to :creator, class_name: 'User'
   serialize  :data
 
-  # attr_accessible :user, :kind, :data, :project_owner, :project_name, :creator_id
-
   default_scope { order created_at: :desc }
   scope :outdated,        -> { offset(1000) }
   scope :by_project_name, ->(name)  { where(project_name: name)   if name.present?  }

app/models/avatar.rb

@@ -15,6 +15,4 @@ class Avatar < ActiveRecord::Base
   validates_attachment_size :avatar, less_than_or_equal_to: MAX_AVATAR_SIZE
   validates_attachment_content_type :avatar, content_type: /\Aimage/
   validates_attachment_file_name :avatar, matches: [ /(png|jpe?g|gif|bmp|tif?f)\z/i ]
-
-  # attr_accessible :avatar
 end

app/models/build_list/package.rb

@@ -7,8 +7,6 @@ class BuildList::Package < ActiveRecord::Base
 
   serialize :dependent_packages, Array
 
-  # attr_accessible :fullname, :name, :release, :version, :sha1, :epoch, :dependent_packages
-
   validates :build_list, :build_list_id, :project, :project_id,
             :platform, :platform_id, :fullname,
             :package_type, :name, :release, :version,

app/models/build_script.rb

@@ -18,7 +18,6 @@ class BuildScript < ActiveRecord::Base
 
   before_validation :attach_project
   attr_writer       :project_name
-  # attr_accessible   :project_name, :treeish, :commit, :sha1, :status
 
   state_machine :status, initial: :active do
     event(:disable) { transition active: :blocked }

app/models/concerns/autostart.rb

@@ -15,8 +15,6 @@ module Autostart
   included do
     validates :autostart_status, numericality: true,
       inclusion: {in: AUTOSTART_STATUSES}, allow_blank: true
-
-    # attr_accessible :autostart_status
   end
 
   def human_autostart_status

app/models/concerns/default_branchable.rb

@@ -4,8 +4,6 @@ module DefaultBranchable
   included do
     validates :default_branch,
               length:     { maximum: 100 }
-
-    # attr_accessible :default_branch
   end
 
 end

app/models/concerns/external_nodable.rb

@@ -7,9 +7,6 @@ module ExternalNodable
     validates :external_nodes,
               inclusion:              { in: EXTERNAL_NODES },
               allow_blank:            true
-
-
-    # attr_accessible :external_nodes
   end
 
 end

app/models/concerns/product_build_lists/statusable.rb

@@ -41,8 +41,6 @@ module ProductBuildLists::Statusable
       presence:       true,
       inclusion:      { in: STATUSES }
 
-    # attr_accessible :status
-
     before_destroy :can_destroy?
 
     state_machine :status, initial: :build_pending do

app/models/concerns/time_living.rb

@@ -18,7 +18,6 @@ module TimeLiving
     }
 
     before_validation :convert_time_living
-    # attr_accessible :time_living
   end
 
   protected

app/models/event_log.rb

@@ -12,7 +12,6 @@ class EventLog < ActiveRecord::Base
     self.eventable_name ||= eventable.name if eventable.respond_to?(:name)
   end
   # after_create { self.class.current_controller = nil }
-  # attr_accessible :kind, :message, :eventable, :eventable_name
 
   class << self
     def create_with_current_controller(attributes)

app/models/feedback.rb

@@ -5,15 +5,12 @@ class Feedback
   include ActiveModel::Conversion
   include ActiveModel::Validations
   include ActiveModel::Serializers::JSON
-  include ActiveModel::MassAssignmentSecurity
   extend  ActiveModel::Naming
 
   self.include_root_in_json = false
 
   attr_accessor :name, :email, :subject, :message
 
-  # attr_accessible :name, :email, :subject, :message
-
   validates :name, :subject, :message, presence: true
   validates :email, presence: true,
                     format: { with: /\A[^@]+@([^@\.]+\.)+[^@\.]+\z/,
@@ -24,7 +21,7 @@ class Feedback
     if args.respond_to? :name and args.respond_to? :email
       self.name, self.email = args.name, args.email
     elsif args.respond_to? :each_pair
-      sanitize_for_mass_assignment(args, options[:as]).each_pair do |k, v|
+      args.each_pair do |k, v|
         send("#{k}=", v)
       end
     else

app/models/flash_notify.rb

@@ -8,8 +8,6 @@ class FlashNotify < ActiveRecord::Base
   validates :status, inclusion: {in: STATUSES}
   validates :body_ru, :body_en, :status, presence: true
 
-  # attr_accessible :body_ru, :body_en, :status, :published
-
   def hash_id
     @digest ||= Digest::MD5.hexdigest("#{self.id}-#{self.updated_at}")
   end

app/models/group.rb

@@ -32,7 +32,6 @@ class Group < Avatar
     joins(:actors).where('relations.role' => ['admin', 'writer'], 'relations.actor_id' => actor.id, 'relations.actor_type' => 'User')
   }
 
-  # attr_accessible :uname, :description, :delete_avatar
   attr_readonly :uname
 
   attr_accessor :delete_avatar

app/models/issue.rb

@@ -47,7 +47,6 @@ class Issue < ActiveRecord::Base
   before_create :update_statistic
   before_update :update_statistic
 
-  # attr_accessible :labelings_attributes, :title, :body, :assignee_id
   accepts_nested_attributes_for :labelings,
     reject_if:     -> (attributes) { attributes['label_id'].blank? },
     allow_destroy: true

app/models/label.rb

@@ -8,6 +8,4 @@ class Label < ActiveRecord::Base
 
   validates :color, presence: true
   validates :color, format: { with: /\A([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})\z/, message: I18n.t('layout.issues.invalid_labels') }
-
-  # attr_accessible :name, :color
 end

app/models/labeling.rb

@@ -1,6 +1,4 @@
 class Labeling < ActiveRecord::Base
   belongs_to :issue
   belongs_to :label
-
-  # attr_accessible :id, :label_id
 end

app/models/node_instruction.rb

@@ -23,8 +23,6 @@ class NodeInstruction < ActiveRecord::Base
     errors.add(:status, 'Can be only single active instruction for each node') if !disabled? && NodeInstruction.duplicate(id.to_i, user_id).exists?
   }
 
-  # attr_accessible :instruction, :user_id, :output, :status
-
   state_machine :status, initial: :ready do
 
     after_transition(on: :restart) do |instruction, transition|

app/models/platform_arch_setting.rb

@@ -15,6 +15,4 @@ class PlatformArchSetting < ActiveRecord::Base
 
   scope :by_arch,    ->(arch) { where(arch_id: arch) if arch.present? }
   scope :by_default, -> { where(default: true) }
-
-  # attr_accessible :arch_id, :platform_id, :default
 end

app/models/project.rb

@@ -62,10 +62,6 @@ class Project < ActiveRecord::Base
     errors.delete :project_to_repositories
   end
 
-  # attr_accessible :name, :description, :visibility, :srpm, :is_package,
-  #                 :has_issues, :has_wiki, :maintainer_id, :publish_i686_into_x86_64,
-  #                 :url, :srpms_list, :mass_import, :add_to_repository_id, :architecture_dependent,
-  #                 :autostart_status
   attr_readonly :owner_id, :owner_type
 
   before_validation :truncate_name, on: :create

app/models/project_tag.rb

@@ -11,8 +11,6 @@ class ProjectTag < ActiveRecord::Base
   validates :project, :commit_id, :sha1, :tag_name, :format_id, presence: true
   validates :project_id, uniqueness: { scope: [:tag_name, :format_id] }
 
-  # attr_accessible :project_id, :commit_id, :sha1, :tag_name, :format_id
-
   def sha1_of_file_store_files
     [sha1]
   end

app/models/project_to_repository.rb

@@ -12,8 +12,6 @@ class ProjectToRepository < ActiveRecord::Base
 
   validate :one_project_in_platform_repositories, on: :create
 
-  # attr_accessible :project, :project_id
-
   AUTOSTART_OPTIONS.each do |field|
     store_accessor :autostart_options, field
   end

app/models/pull_request.rb

@@ -49,7 +49,6 @@ class PullRequest < ActiveRecord::Base
   after_destroy :clean_dir
 
   accepts_nested_attributes_for :issue
-  # attr_accessible :issue_attributes, :to_ref, :from_ref
 
   scope :needed_checking,       -> { includes(:issue).where(issues: { status: [STATUS_OPEN, STATUS_BLOCKED, STATUS_READY] }) }
   scope :not_closed_or_merged,  -> { needed_checking }

app/models/relation.rb

@@ -15,8 +15,6 @@ class Relation < ActiveRecord::Base
 #  validate { errors.add(:actor, :taken) if Relation.where(actor_type: self.actor_type, actor_id: self.actor_id).present? }
   before_validation :add_default_role
 
-  # attr_accessible :actor_id, :actor_type, :target_id, :target_type, :actor, :target, :role
-
   scope :by_user_through_groups, ->(u) {
     where("actor_type = 'User' AND actor_id = ? OR actor_type = 'Group' AND actor_id IN (?)", u.id, u.group_ids)
   }

app/models/repository_status.rb

@@ -31,8 +31,6 @@ class RepositoryStatus < ActiveRecord::Base
   validates :repository, :platform, presence: true
   validates :repository_id, uniqueness: { scope: :platform_id }
 
-  # attr_accessible :platform_id, :repository_id
-
   scope :platform_ready, -> { where(platforms: {status: READY}).joins(:platform) }
   scope :for_regeneration, -> { where(status: WAITING_FOR_REGENERATION) }
   scope :for_resign, -> { where(status: [WAITING_FOR_RESIGN, WAITING_FOR_RESIGN_AND_REGENERATION]) }

app/models/ssh_key.rb

@@ -5,7 +5,6 @@ class SshKey < ActiveRecord::Base
   SHELL_KEY_COMMAND = "sudo -i -u #{APP_CONFIG['shell_user']} ~#{APP_CONFIG['shell_user']}/gitlab-shell/bin/gitlab-keys"
 
   belongs_to :user
-  # attr_accessible :key, :name
 
   before_validation -> { self.key = key.strip if key.present? }
   before_validation :set_fingerprint

app/models/statistic.rb

@@ -41,14 +41,6 @@ class Statistic < ActiveRecord::Base
   validates :activity_at,
     presence: true
 
-  # attr_accessible :user_id,
-  #                 :email,
-  #                 :project_id,
-  #                 :project_name_with_owner,
-  #                 :key,
-  #                 :counter,
-  #                 :activity_at
-
   scope :for_period,            -> (start_date, end_date) {
     where(activity_at: (start_date..end_date))
   }

app/models/user_builds_setting.rb

@@ -5,6 +5,4 @@ class UserBuildsSetting < ActiveRecord::Base
 
   validates :user, presence: true
 
-  # attr_accessible :platforms
-
 end

app/policies/group_policy.rb

@@ -36,7 +36,7 @@ class GroupPolicy < ApplicationPolicy
   #
   # Returns Array
   def permitted_attributes
-    pa = %i(description delete_avatar default_branch)
+    pa = %i(avatar description delete_avatar default_branch)
     pa << :uname if record.new_record?
     pa
   end

app/policies/issue_policy.rb

@@ -25,7 +25,7 @@ class IssuePolicy < ApplicationPolicy
     pa = %i(title body)
     if ProjectPolicy.new(user, record.project).write?
       pa << :assignee_id
-      pa << { labelings_attributes: %i(name color label_id) }
+      pa << { labelings_attributes: %i(id name color label_id _destroy) }
       pa << { labelings: [] }
     end
     pa

app/policies/platform_policy.rb

@@ -75,12 +75,13 @@ class PlatformPolicy < ApplicationPolicy
       name
       owner
       parent_platform_id
-      platform_arch_settings_attributes
       platform_type
       released
       term
       visibility
-    )
+    ) + [
+      platform_arch_settings_attributes: %i(id arch_id platform_id default time_living)
+    ]
   end
 
   class Scope < Scope

app/policies/product_build_list_policy.rb

@@ -39,6 +39,7 @@ class ProductBuildListPolicy < ApplicationPolicy
       product_name
       project_id
       project_version
+      status
       time_living
     )
   end

app/policies/project_policy.rb

@@ -79,7 +79,6 @@ class ProjectPolicy < ApplicationPolicy
       add_to_repository_id
       architecture_dependent
       autostart_status
-      autostart_status
       default_branch
       description
       has_issues

app/policies/ssh_key_policy.rb

@@ -0,0 +1,10 @@
+class SshKeyPolicy < ApplicationPolicy
+
+  # Public: Get list of parameters that the user is allowed to alter.
+  #
+  # Returns Array
+  def permitted_attributes
+    %i(key name)
+  end
+
+end

app/policies/user_builds_setting_policy.rb

@@ -0,0 +1,10 @@
+class UserBuildsSettingPolicy < ApplicationPolicy
+
+  # Public: Get list of parameters that the user is allowed to alter.
+  #
+  # Returns Array
+  def permitted_attributes
+    %i(external_nodes) + [platforms: []]
+  end
+
+end

app/policies/user_policy.rb

@@ -16,6 +16,7 @@ class UserPolicy < ApplicationPolicy
   # Returns Array
   def permitted_attributes
     %i(
+      avatar
       company
       current_password
       delete_avatar