From d8d9d0c74cdc0ec68bce23ba75706c1b78e864d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20Coutable?= Date: Tue, 10 Jan 2017 14:53:20 +0100 Subject: Refactor authorized params in Admin::UsersController MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Rémy Coutable --- .../admin/application_settings_controller.rb | 18 ---------- app/controllers/admin/users_controller.rb | 41 +++++++++++++++++----- 2 files changed, 32 insertions(+), 27 deletions(-) (limited to 'app') diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index 8dbdeca4abd..e34ba424497 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -76,43 +76,33 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController :admin_notification_email, :after_sign_out_path, :after_sign_up_text, - :akismet_api_key, :akismet_enabled, - :container_registry_token_expire_delay, - :default_branch_protection, :default_group_visibility, :default_project_visibility, :default_projects_limit, :default_snippet_visibility, - :domain_blacklist_enabled, :domain_blacklist_file, :domain_blacklist_raw, :domain_whitelist_raw, - :email_author_in_body, :enabled_git_access_protocol, :gravatar_enabled, :help_page_text, :home_page_url, - :housekeeping_bitmaps_enabled, :housekeeping_enabled, :housekeeping_full_repack_period, :housekeeping_gc_period, :housekeeping_incremental_repack_period, - :html_emails_enabled, - :koding_enabled, :koding_url, - :max_artifacts_size, :max_attachment_size, - :metrics_enabled, :metrics_host, :metrics_method_call_threshold, @@ -121,30 +111,22 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController :metrics_port, :metrics_sample_interval, :metrics_timeout, - :recaptcha_enabled, :recaptcha_private_key, :recaptcha_site_key, - :repository_checks_enabled, :require_two_factor_authentication, :session_expire_delay, - :sign_in_text, :signin_enabled, :signup_enabled, - :sentry_dsn, :sentry_enabled, - :send_user_confirmation_email, - :shared_runners_enabled, :shared_runners_text, - :sidekiq_throttling_enabled, :sidekiq_throttling_factor, - :two_factor_grace_period, :user_default_external, :user_oauth_applications, diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index df9039b16b2..aa0f8d434dc 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -161,15 +161,6 @@ class Admin::UsersController < Admin::ApplicationController @user ||= User.find_by!(username: params[:id]) end - def user_params - params.require(:user).permit( - :email, :remember_me, :bio, :name, :username, - :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password, - :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :hide_no_password, - :projects_limit, :can_create_group, :admin, :key_id, :external - ) - end - def redirect_back_or_admin_user(options = {}) redirect_back_or_default(default: default_route, options: options) end @@ -177,4 +168,36 @@ class Admin::UsersController < Admin::ApplicationController def default_route [:admin, @user] end + + def user_params + params.require(:user).permit(user_params_ce) + end + + def user_params_ce + [ + :admin, + :avatar, + :bio, + :can_create_group, + :color_scheme_id, + :email, + :extern_uid, + :external, + :force_random_password, + :hide_no_password, + :hide_no_ssh_key, + :key_id, + :linkedin, + :name, + :password_expires_at, + :projects_limit, + :provider, + :remember_me, + :skype, + :theme_id, + :twitter, + :username, + :website_url + ] + end end -- cgit v1.2.3