cleanup of passed parameters, user_id and user_type are extracted from current user and not used from the passed POST values..
This commit is contained in:
Ralf Teusner
@ -510,7 +510,6 @@ $(function() {
|
||||
var jqxhr = $.ajax({
|
||||
data: {
|
||||
comment: {
|
||||
user_id: user_id,
|
||||
file_id: file_id,
|
||||
row: row,
|
||||
column: 0,
|
||||
@ -1014,7 +1013,6 @@ $(function() {
|
||||
url: '/request_for_comments',
|
||||
data: {
|
||||
request_for_comment: {
|
||||
requestor_user_id: user_id,
|
||||
exercise_id: exercise_id,
|
||||
file_id: file_id,
|
||||
"requested_at(1i)": 2015, // these are the timestamp values that the request handler demands
|
||||
|
||||
@ -75,7 +75,7 @@ class CommentsController < ApplicationController
|
||||
# POST /comments
|
||||
# POST /comments.json
|
||||
def create
|
||||
@comment = Comment.new(comment_params.merge(user_type: current_user.class.name))
|
||||
@comment = Comment.new(comment_params)
|
||||
|
||||
respond_to do |format|
|
||||
if @comment.save
|
||||
@ -135,6 +135,6 @@ class CommentsController < ApplicationController
|
||||
def comment_params
|
||||
#params.require(:comment).permit(:user_id, :file_id, :row, :column, :text)
|
||||
# fuer production mode, damit böse menschen keine falsche user_id uebergeben:
|
||||
params.require(:comment).permit(:file_id, :row, :column, :text).merge(user_id: current_user.id)
|
||||
params.require(:comment).permit(:file_id, :row, :column, :text).merge(user_id: current_user.id, user_type: current_user.class.name)
|
||||
end
|
||||
end
|
||||
|
||||
@ -66,6 +66,6 @@ class RequestForCommentsController < ApplicationController
|
||||
|
||||
# Never trust parameters from the scary internet, only allow the white list through.
|
||||
def request_for_comment_params
|
||||
params.require(:request_for_comment).permit(:requestor_user_id, :exercise_id, :file_id, :requested_at)
|
||||
params.require(:request_for_comment).permit(:exercise_id, :file_id, :requested_at).merge(requestor_user_id: current_user.id, user_type: current_user.class.name)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user