aboutsummaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorUģis Ozols <ugis.ozolss@gmail.com>2014-01-27 11:41:56 +0200
committerUģis Ozols <ugis.ozolss@gmail.com>2014-01-27 11:41:56 +0200
commitde653854e58fe20239df67a0bd5db0576d7ddf89 (patch)
tree7d38b953709319a66d326333d9219e820d3b24cd /app
parentbada2a8033f32856edfd681395e7cd652af5cf08 (diff)
downloadrefinerycms-blog-de653854e58fe20239df67a0bd5db0576d7ddf89.tar.gz
refinerycms-blog-de653854e58fe20239df67a0bd5db0576d7ddf89.tar.bz2
refinerycms-blog-de653854e58fe20239df67a0bd5db0576d7ddf89.zip
Use strong parameters.
Diffstat (limited to 'app')
-rw-r--r--app/controllers/refinery/blog/admin/categories_controller.rb5
-rw-r--r--app/controllers/refinery/blog/admin/posts_controller.rb15
-rw-r--r--app/controllers/refinery/blog/blog_controller.rb2
-rw-r--r--app/controllers/refinery/blog/posts_controller.rb10
-rw-r--r--app/helpers/refinery/blog/controller_helper.rb9
-rw-r--r--app/models/refinery/blog/categorization.rb1
-rw-r--r--app/models/refinery/blog/category.rb9
-rw-r--r--app/models/refinery/blog/comment.rb2
-rw-r--r--app/models/refinery/blog/post.rb23
9 files changed, 36 insertions, 40 deletions
diff --git a/app/controllers/refinery/blog/admin/categories_controller.rb b/app/controllers/refinery/blog/admin/categories_controller.rb
index 0a3b7b9..e9f2f89 100644
--- a/app/controllers/refinery/blog/admin/categories_controller.rb
+++ b/app/controllers/refinery/blog/admin/categories_controller.rb
@@ -6,6 +6,11 @@ module Refinery
crudify :'refinery/blog/category',
:order => 'title ASC'
+ private
+
+ def category_params
+ params.require(:category).permit(:title)
+ end
end
end
end
diff --git a/app/controllers/refinery/blog/admin/posts_controller.rb b/app/controllers/refinery/blog/admin/posts_controller.rb
index 81bdc81..d01bba9 100644
--- a/app/controllers/refinery/blog/admin/posts_controller.rb
+++ b/app/controllers/refinery/blog/admin/posts_controller.rb
@@ -38,12 +38,12 @@ module Refinery
def create
# if the position field exists, set this object as last object, given the conditions of this class.
if Refinery::Blog::Post.column_names.include?("position")
- params[:post].merge!({
+ post_params.merge!({
:position => ((Refinery::Blog::Post.maximum(:position, :conditions => "")||-1) + 1)
})
end
- if (@post = Refinery::Blog::Post.create(params[:post])).valid?
+ if (@post = Refinery::Blog::Post.create(post_params)).valid?
(request.xhr? ? flash.now : flash).notice = t(
'refinery.crudify.created',
:what => "'#{@post.title}'"
@@ -75,7 +75,16 @@ module Refinery
end
end
+ private
+
+ def post_params
+ params.require(:post).permit(:title, :body, :custom_teaser, :tag_list,
+ :draft, :published_at, :custom_url, :user_id, :browser_title,
+ :meta_description, :source_url, :source_url_title, :category_ids => [])
+ end
+
protected
+
def find_post
@post = Refinery::Blog::Post.find_by_slug_or_id(params[:id])
end
@@ -85,7 +94,7 @@ module Refinery
end
def check_category_ids
- params[:post][:category_ids] ||= []
+ post_params[:category_ids] ||= []
end
end
end
diff --git a/app/controllers/refinery/blog/blog_controller.rb b/app/controllers/refinery/blog/blog_controller.rb
index 6327199..0c50c95 100644
--- a/app/controllers/refinery/blog/blog_controller.rb
+++ b/app/controllers/refinery/blog/blog_controller.rb
@@ -10,7 +10,7 @@ module Refinery
protected
def find_page
- @page = Refinery::Page.find_by_link_url(Refinery::Blog.page_url)
+ @page = Refinery::Page.find_by(:link_url => Refinery::Blog.page_url)
end
end
end
diff --git a/app/controllers/refinery/blog/posts_controller.rb b/app/controllers/refinery/blog/posts_controller.rb
index 20ac12b..1cc9698 100644
--- a/app/controllers/refinery/blog/posts_controller.rb
+++ b/app/controllers/refinery/blog/posts_controller.rb
@@ -2,7 +2,7 @@ module Refinery
module Blog
class PostsController < BlogController
- before_filter :paginate_all_blog_posts, :except => [:archive]
+ before_filter :find_all_blog_posts, :except => [:archive]
before_filter :find_blog_post, :only => [:show, :comment, :update_nav]
before_filter :find_tags
@@ -37,7 +37,7 @@ module Refinery
end
def comment
- @comment = @post.comments.create(params[:comment])
+ @comment = @post.comments.create(comment_params)
if @comment.valid?
if Comment::Moderation.enabled? or @comment.ham?
begin
@@ -81,6 +81,12 @@ module Refinery
@posts = Post.live.tagged_with(@tag_name).page(params[:page])
end
+ private
+
+ def comment_params
+ params.require(:comment).permit(:name, :email, :message)
+ end
+
protected
def canonical?
Refinery::I18n.default_frontend_locale != Refinery::I18n.current_frontend_locale
diff --git a/app/helpers/refinery/blog/controller_helper.rb b/app/helpers/refinery/blog/controller_helper.rb
index 4bec046..a300148 100644
--- a/app/helpers/refinery/blog/controller_helper.rb
+++ b/app/helpers/refinery/blog/controller_helper.rb
@@ -5,10 +5,9 @@ module Refinery
protected
def find_blog_post
- @post = all_blog_posts.friendly.find(params[:id])
- unless @post.try(:live?)
- if refinery_user? && current_refinery_user.authorized_plugins.include?("refinerycms_blog")
- @post = Post.friendly.find(params[:id])
+ unless (@post = Refinery::Blog::Post.with_globalize.friendly.find(params[:id])).try(:live?)
+ if refinery_user? and current_refinery_user.authorized_plugins.include?("refinerycms_blog")
+ @post = Refinery::Blog::Post.friendly.find(params[:id])
else
error_404
end
@@ -16,7 +15,7 @@ module Refinery
end
def find_all_blog_posts
- @posts = all_blog_posts.live
+ @posts = Refinery::Blog::Post.live.includes(:comments, :categories).with_globalize.page(params[:page])
end
def find_tags
diff --git a/app/models/refinery/blog/categorization.rb b/app/models/refinery/blog/categorization.rb
index 7ca9c77..b7dbcc8 100644
--- a/app/models/refinery/blog/categorization.rb
+++ b/app/models/refinery/blog/categorization.rb
@@ -6,7 +6,6 @@ module Refinery
belongs_to :blog_post, :class_name => 'Refinery::Blog::Post', :foreign_key => :blog_post_id
belongs_to :blog_category, :class_name => 'Refinery::Blog::Category', :foreign_key => :blog_category_id
- attr_accessible :blog_category_id, :blog_post_id
end
end
end
diff --git a/app/models/refinery/blog/category.rb b/app/models/refinery/blog/category.rb
index acab8bf..5cf4ea5 100644
--- a/app/models/refinery/blog/category.rb
+++ b/app/models/refinery/blog/category.rb
@@ -1,10 +1,10 @@
module Refinery
module Blog
class Category < ActiveRecord::Base
+ extend FriendlyId
translates :title, :slug
- extend FriendlyId
friendly_id :title, :use => [:slugged, :globalize]
has_many :categorizations, :dependent => :destroy, :foreign_key => :blog_category_id
@@ -12,13 +12,6 @@ module Refinery
validates :title, :presence => true, :uniqueness => true
- attr_accessible :title
- attr_accessor :locale
-
- class Translation
- attr_accessible :locale
- end
-
def self.translated
with_translations(::Globalize.locale)
end
diff --git a/app/models/refinery/blog/comment.rb b/app/models/refinery/blog/comment.rb
index ae35a59..be94238 100644
--- a/app/models/refinery/blog/comment.rb
+++ b/app/models/refinery/blog/comment.rb
@@ -2,8 +2,6 @@ module Refinery
module Blog
class Comment < ActiveRecord::Base
- attr_accessible :name, :email, :message
-
filters_spam author_field: :name, email_field: :email, message_field: :body
belongs_to :post, foreign_key: 'blog_post_id'
diff --git a/app/models/refinery/blog/post.rb b/app/models/refinery/blog/post.rb
index 1c2cf04..005ec29 100644
--- a/app/models/refinery/blog/post.rb
+++ b/app/models/refinery/blog/post.rb
@@ -4,51 +4,38 @@ require 'seo_meta'
module Refinery
module Blog
class Post < ActiveRecord::Base
+ extend FriendlyId
translates :title, :body, :custom_url, :custom_teaser, :slug, :include => :seo_meta
- extend FriendlyId
friendly_id :friendly_id_source, :use => [:slugged, :globalize]
- is_seo_meta if self.table_exists?
-
- belongs_to :author, proc{ readonly(true) }, :class_name => Refinery::Blog.user_class.to_s, :foreign_key => :user_id
+ is_seo_meta
- has_many :comments, :dependent => :destroy, :foreign_key => :blog_post_id
acts_as_taggable
+ belongs_to :author, proc { readonly(true) }, :class_name => Refinery::Blog.user_class.to_s, :foreign_key => :user_id
+ has_many :comments, :dependent => :destroy, :foreign_key => :blog_post_id
has_many :categorizations, :dependent => :destroy, :foreign_key => :blog_post_id
has_many :categories, :through => :categorizations, :source => :blog_category
validates :title, :presence => true, :uniqueness => true
validates :body, :presence => true
validates :published_at, :author, :presence => true
-
validates :source_url, :url => { :if => 'Refinery::Blog.validate_source_url',
:update => true,
:allow_nil => true,
:allow_blank => true,
:verify => [:resolve_redirects]}
- attr_accessible :title, :body, :custom_teaser, :tag_list, :draft, :published_at, :custom_url, :author
- attr_accessible :browser_title, :meta_description, :user_id, :category_ids
- attr_accessible :source_url, :source_url_title
- attr_accessor :locale
-
class Translation
is_seo_meta
- attr_accessible :browser_title, :meta_description, :locale
end
- # Delegate SEO Attributes to globalize3 translation
+ # Delegate SEO Attributes to globalize translation
seo_fields = ::SeoMeta.attributes.keys.map{|a| [a, :"#{a}="]}.flatten
delegate(*(seo_fields << {:to => :translation}))
- before_save do |m|
- m.translation.globalized_model = self
- m.translation.save if m.translation.new_record?
- end
-
self.per_page = Refinery::Blog.posts_per_page
def next