diff options
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 5 | ||||
-rw-r--r-- | app/controllers/gs_parameters_controller.rb | 7 | ||||
-rw-r--r-- | app/models/gs_parameter.rb | 7 | ||||
-rw-r--r-- | app/views/gs_parameters/_form_core.html.haml | 7 | ||||
-rw-r--r-- | app/views/gs_parameters/edit.html.haml | 12 | ||||
-rw-r--r-- | db/schema.rb | 3 |
7 files changed, 33 insertions, 10 deletions
@@ -14,6 +14,8 @@ gem 'state_machine' gem 'acts_as_list' +gem 'strong_parameters' + # Nicer console output: gem "hirb" diff --git a/Gemfile.lock b/Gemfile.lock index df12c39..8c13c02 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -149,6 +149,10 @@ GEM tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.5) state_machine (1.1.2) + strong_parameters (0.1.6) + actionpack (~> 3.0) + activemodel (~> 3.0) + railties (~> 3.0) subexec (0.2.1) systemu (2.5.1) thor (0.14.6) @@ -194,6 +198,7 @@ DEPENDENCIES simple_form (= 2.0.1) sqlite3 state_machine + strong_parameters uglifier (>= 1.3.0) uuid will_paginate diff --git a/app/controllers/gs_parameters_controller.rb b/app/controllers/gs_parameters_controller.rb index 8f693aa..a35e373 100644 --- a/app/controllers/gs_parameters_controller.rb +++ b/app/controllers/gs_parameters_controller.rb @@ -18,10 +18,15 @@ class GsParametersController < ApplicationController def update @gs_parameter = GsParameter.find(params[:id]) - if @gs_parameter.update_attributes(params[:gs_parameter]) + if @gs_parameter.update_attributes(gs_parameter_params) redirect_to @gs_parameter, :notice => t('gs_parameters.controller.successfuly_updated') else render :edit end end + + private + def gs_parameter_params + params.require(:gs_parameter).permit(:value, :class_type, :description) + end end diff --git a/app/models/gs_parameter.rb b/app/models/gs_parameter.rb index 520d07f..fe2a845 100644 --- a/app/models/gs_parameter.rb +++ b/app/models/gs_parameter.rb @@ -1,5 +1,6 @@ class GsParameter < ActiveRecord::Base - attr_accessible :entity, :name, :section, :value, :class_type, :description + # https://github.com/rails/strong_parameters + include ActiveModel::ForbiddenAttributesProtection validates :name, :presence => true, @@ -7,12 +8,12 @@ class GsParameter < ActiveRecord::Base validates :class_type, :presence => true, - :inclusion => { :in => ['String', 'Integer', 'Boolean', 'YAML'] } + :inclusion => { :in => ['String', 'Integer', 'Boolean', 'YAML', 'Nil'] } def self.get(wanted_variable) if GsParameter.table_exists? item = GsParameter.where(:name => wanted_variable).first - if item.nil? + if item.nil? || item.class_type == 'Nil' return nil else return item.value.to_i if item.class_type == 'Integer' diff --git a/app/views/gs_parameters/_form_core.html.haml b/app/views/gs_parameters/_form_core.html.haml index c5f435d..70b3773 100644 --- a/app/views/gs_parameters/_form_core.html.haml +++ b/app/views/gs_parameters/_form_core.html.haml @@ -1,7 +1,4 @@ .inputs - = f.input :entity, :label => t('gs_parameters.form.entity.label'), :hint => conditional_hint('gs_parameters.form.entity.hint') - = f.input :section, :label => t('gs_parameters.form.section.label'), :hint => conditional_hint('gs_parameters.form.section.hint') - = f.input :name, :label => t('gs_parameters.form.name.label'), :hint => conditional_hint('gs_parameters.form.name.hint') - = f.input :value, :label => t('gs_parameters.form.value.label'), :hint => conditional_hint('gs_parameters.form.value.hint') - = f.input :class_type, :label => t('gs_parameters.form.class_type.label'), :hint => conditional_hint('gs_parameters.form.class_type.hint') + = f.input :value, :label => t('gs_parameters.form.value.label'), :hint => conditional_hint('gs_parameters.form.value.hint'), :autofocus => true + = f.input :class_type, :collection => ['String', 'Integer', 'Boolean', 'YAML', 'Nil'], :label => t('gs_parameters.form.class_type.label'), :hint => conditional_hint('gs_parameters.form.class_type.hint'), :include_blank => false = f.input :description, :label => t('gs_parameters.form.description.label'), :hint => conditional_hint('gs_parameters.form.description.hint') diff --git a/app/views/gs_parameters/edit.html.haml b/app/views/gs_parameters/edit.html.haml index 7c24234..c00c7df 100644 --- a/app/views/gs_parameters/edit.html.haml +++ b/app/views/gs_parameters/edit.html.haml @@ -1,3 +1,15 @@ - title t("gs_parameters.edit.page_title") +%p + %strong= t('gs_parameters.show.name') + ":" + = @gs_parameter.name +- if !@gs_parameter.entity.blank? + %p + %strong= t('gs_parameters.show.entity') + ":" + = @gs_parameter.entity +- if !@gs_parameter.section.blank? + %p + %strong= t('gs_parameters.show.section') + ":" + = @gs_parameter.section + = render "form"
\ No newline at end of file diff --git a/db/schema.rb b/db/schema.rb index 982c406..40326a6 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20130107222128) do +ActiveRecord::Schema.define(:version => 20130109182800) do create_table "access_authorizations", :force => true do |t| t.string "access_authorizationable_type" @@ -534,6 +534,7 @@ ActiveRecord::Schema.define(:version => 20130107222128) do t.string "description" t.datetime "created_at", :null => false t.datetime "updated_at", :null => false + t.string "entity" end create_table "gui_function_memberships", :force => true do |t| |