mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-03-01 02:03:22 +00:00
Sanitize values before they're used
This commit is contained in:
Rohan Mitchell
@@ -2,6 +2,10 @@ require 'open_food_network/referer_parser'
|
||||
|
||||
module Admin
|
||||
class EnterprisesController < ResourceController
|
||||
# These need to run before #load_resource so that @object is initialised with sanitised values
|
||||
prepend_before_filter :override_owner, only: :create
|
||||
prepend_before_filter :override_sells, only: :create
|
||||
|
||||
before_filter :load_enterprise_set, :only => :index
|
||||
before_filter :load_countries, :except => [:index, :register, :check_permalink]
|
||||
before_filter :load_methods_and_fees, :only => [:edit, :update]
|
||||
@@ -9,8 +13,6 @@ module Admin
|
||||
before_filter :load_taxons, :only => [:new, :edit, :update, :create]
|
||||
before_filter :check_can_change_sells, only: :update
|
||||
before_filter :check_can_change_bulk_sells, only: :bulk_update
|
||||
before_filter :override_owner, only: :create
|
||||
before_filter :override_sells, only: :create
|
||||
before_filter :check_can_change_owner, only: :update
|
||||
before_filter :check_can_change_bulk_owner, only: :bulk_update
|
||||
before_filter :check_can_change_managers, only: :update
|
||||
|
||||
@@ -78,6 +78,7 @@ class Enterprise < ActiveRecord::Base
|
||||
validate :enforce_ownership_limit, if: lambda { owner_id_changed? && !owner_id.nil? }
|
||||
validates_length_of :description, :maximum => 255
|
||||
|
||||
|
||||
before_save :confirmation_check, if: lambda { email_changed? }
|
||||
|
||||
before_validation :initialize_permalink, if: lambda { permalink.nil? }
|
||||
@@ -93,6 +94,7 @@ class Enterprise < ActiveRecord::Base
|
||||
|
||||
after_rollback :restore_permalink
|
||||
|
||||
|
||||
scope :by_name, order('name')
|
||||
scope :visible, where(visible: true)
|
||||
scope :confirmed, where('confirmed_at IS NOT NULL')
|
||||
|
||||
@@ -28,6 +28,7 @@ module Admin
|
||||
|
||||
spree_put :create, enterprise_params
|
||||
enterprise = Enterprise.find_by_name 'zzz'
|
||||
response.should redirect_to edit_admin_enterprise_path enterprise
|
||||
distributor_manager.enterprise_roles.where(enterprise_id: enterprise).first.should be
|
||||
end
|
||||
|
||||
@@ -37,15 +38,17 @@ module Admin
|
||||
|
||||
spree_put :create, enterprise_params
|
||||
enterprise = Enterprise.find_by_name 'zzz'
|
||||
response.should redirect_to edit_admin_enterprise_path enterprise
|
||||
admin_user.enterprise_roles.where(enterprise_id: enterprise).should be_empty
|
||||
end
|
||||
|
||||
it "overrides the owner_id submitted by the user unless current_user is super admin" do
|
||||
it "overrides the owner_id submitted by the user (when not super admin)" do
|
||||
controller.stub spree_current_user: distributor_manager
|
||||
enterprise_params[:enterprise][:owner_id] = user
|
||||
|
||||
spree_put :create, enterprise_params
|
||||
enterprise = Enterprise.find_by_name 'zzz'
|
||||
response.should redirect_to edit_admin_enterprise_path enterprise
|
||||
distributor_manager.enterprise_roles.where(enterprise_id: enterprise).first.should be
|
||||
end
|
||||
|
||||
@@ -58,6 +61,7 @@ module Admin
|
||||
|
||||
spree_put :create, enterprise_params
|
||||
enterprise = Enterprise.find_by_name 'zzz'
|
||||
response.should redirect_to edit_admin_enterprise_path enterprise
|
||||
enterprise.sells.should == 'any'
|
||||
end
|
||||
|
||||
@@ -68,6 +72,7 @@ module Admin
|
||||
|
||||
spree_put :create, enterprise_params
|
||||
enterprise = Enterprise.find_by_name 'zzz'
|
||||
response.should redirect_to edit_admin_enterprise_path enterprise
|
||||
enterprise.sells.should == 'none'
|
||||
end
|
||||
|
||||
@@ -80,6 +85,7 @@ module Admin
|
||||
|
||||
spree_put :create, enterprise_params
|
||||
enterprise = Enterprise.find_by_name 'zzz'
|
||||
response.should redirect_to edit_admin_enterprise_path enterprise
|
||||
enterprise.sells.should == 'none'
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user