ensl/ensl.org
0
0
Fork 0
mirror of https://github.com/ENSL/ensl.org.git synced 2025-01-28 04:00:45 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix params + steamid bug

Browse source
This commit is contained in:
Ari Timonen 2020-03-18 23:23:30 +02:00
parent 61e90d58c0
commit c9b7036047
3 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/posts_controller.rb
View file

@ -47,7 +47,7 @@ class PostsController < ApplicationController
def trash def trash
raise AccessError unless @post.can_destroy? cuser raise AccessError unless @post.can_destroy? cuser
@post.trash @post.trash
if Topic.exists? @post.topic if @post.topic.exists?
redirect_to @post.topic redirect_to @post.topic
else else
redirect_to @post.topic.forum redirect_to @post.topic.forum
@ -57,7 +57,7 @@ class PostsController < ApplicationController
def destroy def destroy
raise AccessError unless @post.can_destroy? cuser raise AccessError unless @post.can_destroy? cuser
@post.destroy @post.destroy
if Topic.exists? @post.topic if @post.topic.exists?
redirect_to @post.topic redirect_to @post.topic
else else
redirect_to @post.topic.forum redirect_to @post.topic.forum

4
app/controllers/users_controller.rb
View file

@ -53,7 +53,7 @@ class UsersController < ApplicationController
end end
def create def create
@user = User.new(User.params(params, cuser)) @user = User.new(User.params(params, cuser, "create"))
# FIXME: move to model # FIXME: move to model
@user.lastvisit = Date.today @user.lastvisit = Date.today
@user.lastip = request.env['REMOTE_ADDR'] @user.lastip = request.env['REMOTE_ADDR']
@ -75,7 +75,7 @@ class UsersController < ApplicationController
raise AccessError unless @user.can_update? cuser raise AccessError unless @user.can_update? cuser
# FIXME: use permit # FIXME: use permit
params[:user].delete(:username) unless @user.can_change_name? cuser params[:user].delete(:username) unless @user.can_change_name? cuser
if @user.update_attributes(User.params(params, cuser)) if @user.update_attributes(User.params(params, cuser, "update"))
flash[:notice] = t(:users_update) flash[:notice] = t(:users_update)
redirect_to_back redirect_to_back
else else

12
app/models/user.rb
View file

@ -115,7 +115,7 @@ class User < ActiveRecord::Base
validates_length_of :email, :maximum => 50 validates_length_of :email, :maximum => 50
validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i
validates_length_of :steamid, :maximum => 30 validates_length_of :steamid, :maximum => 30
validates_format_of :steamid, :with => /\A([0-9]{1,10}:){2}[0-9]{1,10}\Z/ validates_format_of :steamid, :with => /\ASTEAM_[0-5]:[01]:\d+\Z/
validates_length_of :time_zone, :maximum => 100, :allow_blank => true, :allow_nil => true validates_length_of :time_zone, :maximum => 100, :allow_blank => true, :allow_nil => true
validates_inclusion_of [:public_email], :in => [true, false], :allow_nil => true validates_inclusion_of [:public_email], :in => [true, false], :allow_nil => true
validate :validate_team validate :validate_team
@ -354,10 +354,12 @@ class User < ActiveRecord::Base
Group.find(Group::CASTERS).users.order(:username) Group.find(Group::CASTERS).users.order(:username)
end end
def self.params(params, cuser) def self.params(params, cuser, operation)
profile_attrs = cuser.profile.attributes.keys - ["id", "created_at", "updated_at"] profile_attrs ||= cuser.profile.attributes.keys - ["id", "created_at", "updated_at"] if cuser
allowed = [:raw_password, :firstname, :lastname, :email, :steamid, :country, :birthdate, :timezone, :public_email, :filter, :time_zone, :team_id, profile_attributes: [profile_attrs]] allowed = [:raw_password, :firstname, :lastname, :email, :steamid, :country, \
allowed << :username if cuser.admin? :birthdate, :timezone, :public_email, :filter, :time_zone, :team_id, \
profile_attributes: [profile_attrs]]
allowed << :username if cuser&.admin? || operation == 'create'
params.require(:user).permit(*allowed) params.require(:user).permit(*allowed)
end end
end end