Added param_validation for ticket and articles.

2013-06-19 22:44:18 +02:00 · 2013-06-19 22:44:18 +02:00 · 4538ed7a2e
commit 4538ed7a2e
parent d97f64a410
3 changed files with 12 additions and 4 deletions
--- a/app/controllers/ticket_articles_controller.rb
+++ b/app/controllers/ticket_articles_controller.rb
@ -21,7 +21,7 @@ class TicketArticlesController < ApplicationController
  def create
    form_id  = params[:ticket_article][:form_id]
    params[:ticket_article].delete(:form_id)
-    @article = Ticket::Article.new( params[:ticket_article] )
+    @article = Ticket::Article.new( Ticket::Article.param_validation( params[:ticket_article] ) )

    # find attachments in upload cache
    if form_id
@ -49,7 +49,7 @@ class TicketArticlesController < ApplicationController
  def update
    @article = Ticket::Article.find( params[:id] )

-    if @article.update_attributes(params[:ticket_article])
+    if @article.update_attributes( Ticket::Article.param_validation( params[:ticket_article] ) )
      render :json => @article, :status => :ok
    else
      render :json => @article.errors, :status => :unprocessable_entity
--- a/app/controllers/tickets_controller.rb
+++ b/app/controllers/tickets_controller.rb
@ -22,7 +22,7 @@ class TicketsController < ApplicationController

  # POST /api/tickets
  def create
-    @ticket = Ticket.new( params[:ticket] )
+    @ticket = Ticket.new( Ticket.param_validation( params[:ticket] ) )

    # check if article is given
    if !params[:article]
@ -87,7 +87,7 @@ class TicketsController < ApplicationController
    # permissin check
    return if !ticket_permission(@ticket)

-    if @ticket.update_attributes( params[:ticket] )
+    if @ticket.update_attributes( Ticket.param_validation( params[:ticket] ) )
      render :json => @ticket, :status => :ok
    else
      render :json => @ticket.errors, :status => :unprocessable_entity
--- a/app/models/application_model.rb
+++ b/app/models/application_model.rb
@ -25,6 +25,8 @@ class ApplicationModel < ActiveRecord::Base
  end

  def self.param_cleanup(params)
+
+    # only use object attributes
    data = {}
    self.new.attributes.each {|item|
      if params.has_key?(item[0])
@ -33,6 +35,12 @@ class ApplicationModel < ActiveRecord::Base
      end
    }

+    # we do want to set this via database
+    self.param_validation(data)
+  end
+
+  def self.param_validation(data)
+
    # we do want to set this via database
    data.delete( :updated_at )
    data.delete( :created_at )