raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-27 01:43:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix strong_params in API enterprises_controller

Browse Source
This commit is contained in:
Matt-Yorkley
2020-11-06 00:56:00 +00:00
parent 6a26c9da8c
commit cbdb6126a6
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/api/enterprises_controller.rb
View File

@@ -12,7 +12,7 @@ module Api
# params[:user_ids] breaks the enterprise creation
# We remove them from params and save them after creating the enterprise
user_ids = params[:enterprise].delete(:user_ids)
@enterprise = Enterprise.new(params[:enterprise])
@enterprise = Enterprise.new(enterprise_params)
if @enterprise.save
@enterprise.user_ids = user_ids
render text: @enterprise.id, status: :created
@@ -25,7 +25,7 @@ module Api
@enterprise = Enterprise.find_by(permalink: params[:id]) || Enterprise.find(params[:id])
authorize! :update, @enterprise
if @enterprise.update(params[:enterprise])
if @enterprise.update(enterprise_params)
render text: @enterprise.id, status: :ok
else
invalid_resource!(@enterprise)
@@ -69,5 +69,9 @@ module Api
def override_visible
params[:enterprise][:visible] = false
end
def enterprise_params
PermittedAttributes::Enterprise.new(params).call
end
end
end