Browse Source
Use safe_attributes in GroupsController.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9746 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/2.1.0
Jean-Philippe Lang
12 years ago
2 changed files with 11 additions and 2 deletions
+ 4
- 2
app/controllers/groups_controller.rb
View File
| @@ -63,7 +63,8 @@ class GroupsController < ApplicationController | |||
| # POST /groups | |||
| # POST /groups.xml | |||
| def create | |||
| @group = Group.new(params[:group]) | |||
| @group = Group.new | |||
| @group.safe_attributes = params[:group] | |||
| respond_to do |format| | |||
| if @group.save | |||
| @@ -83,9 +84,10 @@ class GroupsController < ApplicationController | |||
| # PUT /groups/1.xml | |||
| def update | |||
| @group = Group.find(params[:id]) | |||
| @group.safe_attributes = params[:group] | |||
| respond_to do |format| | |||
| if @group.update_attributes(params[:group]) | |||
| if @group.save | |||
| flash[:notice] = l(:notice_successful_update) | |||
| format.html { redirect_to(groups_path) } | |||
| format.xml { head :ok } | |||
+ 7
- 0
app/models/group.rb
View File
| @@ -16,6 +16,8 @@ | |||
| # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
| class Group < Principal | |||
| include Redmine::SafeAttributes | |||
| has_and_belongs_to_many :users, :after_add => :user_added, | |||
| :after_remove => :user_removed | |||
| @@ -27,6 +29,11 @@ class Group < Principal | |||
| before_destroy :remove_references_before_destroy | |||
| safe_attributes 'name', | |||
| 'custom_field_values', | |||
| 'custom_fields', | |||
| :if => lambda {|group, user| user.admin?} | |||
| def to_s | |||
| lastname.to_s | |||
| end | |||
Loading…