added strong params to comments_controller to prevent users from editing attributes which are not intended to be edited, also created specs to test this behaviour

2022-08-04 17:16:54 +02:00
parent b98c37ae64
commit 4615a49e62
3 changed files with 48 additions and 2 deletions
--- a/spec/factories/request_for_comment.rb
+++ b/spec/factories/request_for_comment.rb
@ -13,7 +13,7 @@ FactoryBot.define do
    factory :rfc_with_comment, class: 'RequestForComment' do
      after(:create) do |rfc|
        rfc.file = rfc.submission.files.first
-        Comment.create(file: rfc.file, user: rfc.user, text: "comment for rfc #{rfc.question}")
+        Comment.create(file: rfc.file, user: rfc.user, row: 1, text: "comment for rfc #{rfc.question}")
      end
    end
  end