Fix strong param checks so they can handle dynamic wizard fields
Dieser Commit ist enthalten in:
Ursprung
48ed74c4ce
Commit
8a216fcfcf
3 geänderte Dateien mit 12 neuen und 5 gelöschten Zeilen
|
@ -2,8 +2,15 @@ class CustomWizard::StepsController < ApplicationController
|
||||||
before_action :ensure_logged_in
|
before_action :ensure_logged_in
|
||||||
|
|
||||||
def update
|
def update
|
||||||
|
params.require(:step_id)
|
||||||
|
params.require(:wizard_id)
|
||||||
field_ids = CustomWizard::Wizard.field_ids(params[:wizard_id], params[:step_id])
|
field_ids = CustomWizard::Wizard.field_ids(params[:wizard_id], params[:step_id])
|
||||||
permitted = params.permit(:step_id, :wizard_id, fields: field_ids.map(&:to_sym)) if field_ids.present?
|
|
||||||
|
permitted = params.permit(:wizard_id, :step_id)
|
||||||
|
if params[:fields]
|
||||||
|
permitted[:fields] = params[:fields].select { |k, v| field_ids.include? k }
|
||||||
|
permitted.permit!
|
||||||
|
end
|
||||||
|
|
||||||
wizard = CustomWizard::Builder.new(current_user, permitted[:wizard_id].underscore).build
|
wizard = CustomWizard::Builder.new(current_user, permitted[:wizard_id].underscore).build
|
||||||
updater = wizard.create_updater(permitted[:step_id], permitted[:fields])
|
updater = wizard.create_updater(permitted[:step_id], permitted[:fields])
|
||||||
|
|
|
@ -219,7 +219,6 @@ class CustomWizard::Builder
|
||||||
a['profile_updates'].each do |pu|
|
a['profile_updates'].each do |pu|
|
||||||
attributes[pu['value'].to_sym] = data[pu['key']]
|
attributes[pu['value'].to_sym] = data[pu['key']]
|
||||||
end
|
end
|
||||||
puts "UPDATING WITH: #{attributes}"
|
|
||||||
user_updater.update(attributes) if attributes.present?
|
user_updater.update(attributes) if attributes.present?
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -122,17 +122,18 @@ class CustomWizard::Wizard
|
||||||
|
|
||||||
def self.step_ids(wizard_id)
|
def self.step_ids(wizard_id)
|
||||||
steps = self.steps(wizard_id)
|
steps = self.steps(wizard_id)
|
||||||
steps.map { |s| s['id'] }.flatten.uniq if steps
|
return [] if !steps
|
||||||
|
steps.map { |s| s['id'] }.flatten.uniq
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.field_ids(wizard_id, step_id)
|
def self.field_ids(wizard_id, step_id)
|
||||||
steps = self.steps(wizard_id)
|
steps = self.steps(wizard_id)
|
||||||
return nil if !steps
|
return [] if !steps
|
||||||
step = steps.select { |s| s['id'] === step_id }.first
|
step = steps.select { |s| s['id'] === step_id }.first
|
||||||
if step && fields = step['fields']
|
if step && fields = step['fields']
|
||||||
fields.map { |f| f['id'] }
|
fields.map { |f| f['id'] }
|
||||||
else
|
else
|
||||||
nil
|
[]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Laden …
In neuem Issue referenzieren