1
0
Fork 0

Fix strong param checks so they can handle dynamic wizard fields

Dieser Commit ist enthalten in:
Angus McLeod 2017-11-03 13:56:10 +08:00
Ursprung 48ed74c4ce
Commit 8a216fcfcf
3 geänderte Dateien mit 12 neuen und 5 gelöschten Zeilen

Datei anzeigen

@ -2,8 +2,15 @@ class CustomWizard::StepsController < ApplicationController
before_action :ensure_logged_in before_action :ensure_logged_in
def update def update
params.require(:step_id)
params.require(:wizard_id)
field_ids = CustomWizard::Wizard.field_ids(params[:wizard_id], params[:step_id]) field_ids = CustomWizard::Wizard.field_ids(params[:wizard_id], params[:step_id])
permitted = params.permit(:step_id, :wizard_id, fields: field_ids.map(&:to_sym)) if field_ids.present?
permitted = params.permit(:wizard_id, :step_id)
if params[:fields]
permitted[:fields] = params[:fields].select { |k, v| field_ids.include? k }
permitted.permit!
end
wizard = CustomWizard::Builder.new(current_user, permitted[:wizard_id].underscore).build wizard = CustomWizard::Builder.new(current_user, permitted[:wizard_id].underscore).build
updater = wizard.create_updater(permitted[:step_id], permitted[:fields]) updater = wizard.create_updater(permitted[:step_id], permitted[:fields])

Datei anzeigen

@ -219,7 +219,6 @@ class CustomWizard::Builder
a['profile_updates'].each do |pu| a['profile_updates'].each do |pu|
attributes[pu['value'].to_sym] = data[pu['key']] attributes[pu['value'].to_sym] = data[pu['key']]
end end
puts "UPDATING WITH: #{attributes}"
user_updater.update(attributes) if attributes.present? user_updater.update(attributes) if attributes.present?
end end
end end

Datei anzeigen

@ -122,17 +122,18 @@ class CustomWizard::Wizard
def self.step_ids(wizard_id) def self.step_ids(wizard_id)
steps = self.steps(wizard_id) steps = self.steps(wizard_id)
steps.map { |s| s['id'] }.flatten.uniq if steps return [] if !steps
steps.map { |s| s['id'] }.flatten.uniq
end end
def self.field_ids(wizard_id, step_id) def self.field_ids(wizard_id, step_id)
steps = self.steps(wizard_id) steps = self.steps(wizard_id)
return nil if !steps return [] if !steps
step = steps.select { |s| s['id'] === step_id }.first step = steps.select { |s| s['id'] === step_id }.first
if step && fields = step['fields'] if step && fields = step['fields']
fields.map { |f| f['id'] } fields.map { |f| f['id'] }
else else
nil []
end end
end end
end end