Use new "strong parameters" from rails4

2014-04-03 02:20:37 +00:00 · 2014-04-03 02:20:37 +00:00 · 4c6adc6927
commit 4c6adc6927
parent 1b5055d0a6
13 changed files with 41 additions and 23 deletions
--- a/2
+++ b/2
@ -6,8 +6,6 @@ gem 'haml',   '~> 4.0'
 gem 'bcrypt', '~> 3.0'
 gem 'rabl',   '~> 0.6'

-gem 'protected_attributes', '~> 1.0'
-
 group :development, :test do
  gem 'rspec-rails',        '~> 2.6'
  gem 'spork',              '~> 1.0rc'
--- a/app/controllers/api/playlists_controller.rb
+++ b/app/controllers/api/playlists_controller.rb
@ -7,8 +7,14 @@ module API
    end

    def create
-      @playlist = current_user.playlists.build(params[:playlist].slice(:name))
+      @playlist = current_user.playlists.build(playlist_params)
      @playlist.save
    end
+
+    private
+
+    def playlist_params
+      params.require(:playlist).permit(:name)
+    end
  end
 end
--- a/app/controllers/playlists_controller.rb
+++ b/app/controllers/playlists_controller.rb
@ -8,7 +8,7 @@ class PlaylistsController < ApplicationController
  end

  def create
-    @playlist = current_user.playlists.build(params[:playlist])
+    @playlist = current_user.playlists.build(playlist_params)
    if @playlist.save
      redirect_to action: 'index'
    else
@ -22,10 +22,16 @@ class PlaylistsController < ApplicationController

  def update
    @playlist = Playlist.find(params[:id])
-    if @playlist.update_attributes params[:playlist]
+    if @playlist.update_attributes playlist_params
      redirect_to action: 'index'
    else
      render action: 'edit'
    end
  end
+
+  private
+
+  def playlist_params
+    params.require(:playlist).permit(:name)
+  end
 end
--- a/app/controllers/tracks_controller.rb
+++ b/app/controllers/tracks_controller.rb
@ -8,11 +8,17 @@ class TracksController < ApplicationController
  end

  def create
-    @track = Track.new params[:track]
+    @track = Track.new track_params
    if @track.save
      redirect_to @track
    else
      render :new
    end
  end
+
+  private
+
+  def track_params
+    params.require(:track).permit(:name, :file)
+  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -6,7 +6,7 @@ class UsersController < ApplicationController
  end

  def create
-    @user = User.new(params[:user])
+    @user = User.new(user_params)
    if !@user.save
      render :new
    else
@ -14,4 +14,10 @@ class UsersController < ApplicationController
      redirect_to :root
    end
  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:email, :password, :password_confirmation)
+  end
 end
--- a/app/models/playlist.rb
+++ b/app/models/playlist.rb
@ -1,8 +1,6 @@
 class Playlist < ActiveRecord::Base
  belongs_to :user

-  attr_accessible :name
-
  validates_presence_of :user
  validates_presence_of :name
 end
--- a/app/models/sound.rb
+++ b/app/models/sound.rb
@ -3,8 +3,6 @@ require 'fileutils'
 class Sound < ActiveRecord::Base
  belongs_to :track

-  attr_accessible :file
-
  validates_presence_of :sha256
  validates_presence_of :mime_type

--- a/app/models/track.rb
+++ b/app/models/track.rb
@ -1,8 +1,6 @@
 class Track < ActiveRecord::Base
  has_many :sounds

-  attr_accessible :name, :file
-
  validates_presence_of :name

  def file=(file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -4,7 +4,6 @@ class User < ActiveRecord::Base
  include BCrypt

  attr_reader :password
-  attr_accessible :email, :password, :password_confirmation

  has_many :playlists

--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -1,28 +1,34 @@
 require 'spec_helper'

 describe UsersController do
+  let(:attributes) { FactoryGirl.attributes_for(:user) }
+
  describe 'GET new' do
    it 'assigns a new user as @user' do
      get :new
-      expect(assigns[:user]).to be_a_new(User)
+      expect(assigns[:user]).to be_a_new User
    end
  end

  describe 'POST create' do
+    def do_post(params = {})
+      post :create, user: attributes.merge(params)
+    end
+
    context 'whith valid params' do
      it 'creates a new user' do
        expect {
-          post :create, user: FactoryGirl.attributes_for(:user)
+          do_post
        }.to change(User, :count).by(1)
      end

      it 'signs the user in' do
-        post :create, user: FactoryGirl.attributes_for(:user)
+        do_post
        expect(controller.current_user).not_to be_nil
      end

      it 'redirects to the home page' do
-        post :create, user: FactoryGirl.attributes_for(:user)
+        do_post
        expect(response).to redirect_to :root
      end
    end
@ -31,12 +37,12 @@ describe UsersController do
      before { allow_any_instance_of(User).to receive(:save) { false } }

      it 'assigns the user as @user' do
-        post :create, user: {}
+        do_post
        expect(assigns[:user]).to be_a_new User
      end

      it 'renders the new template' do
-        post :create, user: {}
+        do_post
        expect(response).to render_template 'new'
      end
    end
--- a/spec/models/playlist_spec.rb
+++ b/spec/models/playlist_spec.rb
@ -8,5 +8,4 @@ describe Playlist do
  it { should belong_to :user }
  it { should validate_presence_of :user }
  it { should validate_presence_of :name }
-  it { should_not allow_mass_assignment_of :user }
 end
--- a/spec/models/track_spec.rb
+++ b/spec/models/track_spec.rb
@ -8,7 +8,6 @@ describe Track do
  it { should be_valid }
  it { should have_many :sounds }
  it { should validate_presence_of :name }
-  it { should_not allow_mass_assignment_of :sounds }

  context 'with a file' do
    before { track.file = file }
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -9,7 +9,6 @@ describe User do
  it { should validate_presence_of :email }
  it { should validate_presence_of :password }
  it { should validate_presence_of :password_hash }
-  it { should_not allow_mass_assignment_of :password_hash }

  context 'when a user with the same email address already exists' do
    let(:old_user)  { FactoryGirl.create(:user, email: 'unique@example.net') }