mirror of
https://github.com/ENSL/ensl.org.git
synced 2025-01-15 14:20:54 +00:00
Fix params + steamid bug
This commit is contained in:
parent
61e90d58c0
commit
c9b7036047
3 changed files with 11 additions and 9 deletions
app
|
@ -47,7 +47,7 @@ class PostsController < ApplicationController
|
|||
def trash
|
||||
raise AccessError unless @post.can_destroy? cuser
|
||||
@post.trash
|
||||
if Topic.exists? @post.topic
|
||||
if @post.topic.exists?
|
||||
redirect_to @post.topic
|
||||
else
|
||||
redirect_to @post.topic.forum
|
||||
|
@ -57,7 +57,7 @@ class PostsController < ApplicationController
|
|||
def destroy
|
||||
raise AccessError unless @post.can_destroy? cuser
|
||||
@post.destroy
|
||||
if Topic.exists? @post.topic
|
||||
if @post.topic.exists?
|
||||
redirect_to @post.topic
|
||||
else
|
||||
redirect_to @post.topic.forum
|
||||
|
|
|
@ -53,7 +53,7 @@ class UsersController < ApplicationController
|
|||
end
|
||||
|
||||
def create
|
||||
@user = User.new(User.params(params, cuser))
|
||||
@user = User.new(User.params(params, cuser, "create"))
|
||||
# FIXME: move to model
|
||||
@user.lastvisit = Date.today
|
||||
@user.lastip = request.env['REMOTE_ADDR']
|
||||
|
@ -75,7 +75,7 @@ class UsersController < ApplicationController
|
|||
raise AccessError unless @user.can_update? cuser
|
||||
# FIXME: use permit
|
||||
params[:user].delete(:username) unless @user.can_change_name? cuser
|
||||
if @user.update_attributes(User.params(params, cuser))
|
||||
if @user.update_attributes(User.params(params, cuser, "update"))
|
||||
flash[:notice] = t(:users_update)
|
||||
redirect_to_back
|
||||
else
|
||||
|
|
|
@ -115,7 +115,7 @@ class User < ActiveRecord::Base
|
|||
validates_length_of :email, :maximum => 50
|
||||
validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i
|
||||
validates_length_of :steamid, :maximum => 30
|
||||
validates_format_of :steamid, :with => /\A([0-9]{1,10}:){2}[0-9]{1,10}\Z/
|
||||
validates_format_of :steamid, :with => /\ASTEAM_[0-5]:[01]:\d+\Z/
|
||||
validates_length_of :time_zone, :maximum => 100, :allow_blank => true, :allow_nil => true
|
||||
validates_inclusion_of [:public_email], :in => [true, false], :allow_nil => true
|
||||
validate :validate_team
|
||||
|
@ -354,10 +354,12 @@ class User < ActiveRecord::Base
|
|||
Group.find(Group::CASTERS).users.order(:username)
|
||||
end
|
||||
|
||||
def self.params(params, cuser)
|
||||
profile_attrs = cuser.profile.attributes.keys - ["id", "created_at", "updated_at"]
|
||||
allowed = [:raw_password, :firstname, :lastname, :email, :steamid, :country, :birthdate, :timezone, :public_email, :filter, :time_zone, :team_id, profile_attributes: [profile_attrs]]
|
||||
allowed << :username if cuser.admin?
|
||||
def self.params(params, cuser, operation)
|
||||
profile_attrs ||= cuser.profile.attributes.keys - ["id", "created_at", "updated_at"] if cuser
|
||||
allowed = [:raw_password, :firstname, :lastname, :email, :steamid, :country, \
|
||||
:birthdate, :timezone, :public_email, :filter, :time_zone, :team_id, \
|
||||
profile_attributes: [profile_attrs]]
|
||||
allowed << :username if cuser&.admin? || operation == 'create'
|
||||
params.require(:user).permit(*allowed)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue