Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Added param_validation for ticket and articles.

Browse source
This commit is contained in:
Martin Edenhofer 2013-06-19 22:44:18 +02:00
parent d97f64a410
commit 4538ed7a2e
3 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/ticket_articles_controller.rb
View file

@ -21,7 +21,7 @@ class TicketArticlesController < ApplicationController
def create def create
form_id = params[:ticket_article][:form_id] form_id = params[:ticket_article][:form_id]
params[:ticket_article].delete(:form_id) params[:ticket_article].delete(:form_id)
@article = Ticket::Article.new( params[:ticket_article] ) @article = Ticket::Article.new( Ticket::Article.param_validation( params[:ticket_article] ) )
# find attachments in upload cache # find attachments in upload cache
if form_id if form_id
@ -49,7 +49,7 @@ class TicketArticlesController < ApplicationController
def update def update
@article = Ticket::Article.find( params[:id] ) @article = Ticket::Article.find( params[:id] )
if @article.update_attributes(params[:ticket_article]) if @article.update_attributes( Ticket::Article.param_validation( params[:ticket_article] ) )
render :json => @article, :status => :ok render :json => @article, :status => :ok
else else
render :json => @article.errors, :status => :unprocessable_entity render :json => @article.errors, :status => :unprocessable_entity

4
app/controllers/tickets_controller.rb
View file

@ -22,7 +22,7 @@ class TicketsController < ApplicationController
# POST /api/tickets # POST /api/tickets
def create def create
@ticket = Ticket.new( params[:ticket] ) @ticket = Ticket.new( Ticket.param_validation( params[:ticket] ) )
# check if article is given # check if article is given
if !params[:article] if !params[:article]
@ -87,7 +87,7 @@ class TicketsController < ApplicationController
# permissin check # permissin check
return if !ticket_permission(@ticket) return if !ticket_permission(@ticket)
if @ticket.update_attributes( params[:ticket] ) if @ticket.update_attributes( Ticket.param_validation( params[:ticket] ) )
render :json => @ticket, :status => :ok render :json => @ticket, :status => :ok
else else
render :json => @ticket.errors, :status => :unprocessable_entity render :json => @ticket.errors, :status => :unprocessable_entity

8
app/models/application_model.rb
View file

@ -25,6 +25,8 @@ class ApplicationModel < ActiveRecord::Base
end end
def self.param_cleanup(params) def self.param_cleanup(params)
# only use object attributes
data = {} data = {}
self.new.attributes.each {|item| self.new.attributes.each {|item|
if params.has_key?(item[0]) if params.has_key?(item[0])
@ -33,6 +35,12 @@ class ApplicationModel < ActiveRecord::Base
end end
} }
# we do want to set this via database
self.param_validation(data)
end
def self.param_validation(data)
# we do want to set this via database # we do want to set this via database
data.delete( :updated_at ) data.delete( :updated_at )
data.delete( :created_at ) data.delete( :created_at )