references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor to allow for strong params

Browse Source 
We no longer need attr_accessible.
This commit is contained in:
Mohamed Wael Khobalatte
2015-10-08 16:57:14 +01:00
parent e5378c54b3
commit 972b04d86e
84 changed files with 227 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Gemfile
-1
View File
@@ -29,7 +29,6 @@
source 'https://rubygems.org'
gem 'rails', '4.2.4'
gem 'protected_attributes'
gem 'actionpack-action_caching'
gem 'activerecord-session_store'
gem 'rails-observers'
Gemfile.lock
-2
View File
@@ -333,8 +333,6 @@ GEM
multi_json (~> 1.0)
websocket-driver (>= 0.2.0)
powerpack (0.1.1)
protected_attributes (1.0.9)
activemodel (>= 4.0.1, < 5.0)
pry (0.9.12.6)
coderay (~> 1.0)
method_source (~> 0.8)
app/controllers/account_controller.rb
+2 -2
View File
@@ -85,7 +85,7 @@ class AccountController < ApplicationController
return
else
if request.post?
user = User.find_by_mail(params[:mail])
user = User.find_by(mail: params[:mail])
unless user
# user not found in db
@@ -98,7 +98,7 @@ class AccountController < ApplicationController
end
# create a new token for password recovery
token = Token.new(user: user, action: 'recovery')
token = Token.new(user_id: user.id, action: 'recovery')
if token.save
UserMailer.password_lost(token).deliver_now
flash[:notice] = l(:notice_account_lost_email_sent)
app/controllers/categories_controller.rb
+3 -3
View File
@@ -41,7 +41,7 @@ class CategoriesController < ApplicationController
def create
@category = @project.categories.build
@category.safe_attributes = params[:category]
@category.safe_attributes = permitted_params.category
if @category.save
respond_to do |format|
@@ -66,11 +66,11 @@ class CategoriesController < ApplicationController
end
def edit
@category.safe_attributes = params[:category]
@category.safe_attributes = permitted_params.category
end
def update
@category.safe_attributes = params[:category]
@category.safe_attributes = permitted_params.category
if @category.save
flash[:notice] = l(:notice_successful_update)
redirect_to controller: '/projects', action: 'settings', tab: 'categories', id: @project
app/controllers/copy_projects_controller.rb
+9 -9
View File
@@ -36,17 +36,17 @@ class CopyProjectsController < ApplicationController
before_filter :prepare_for_copy_project, only: [:copy, :copy_project]
def copy
target_project_name = params[:project][:name]
target_project_name = permitted_params.project[:name]
@copy_project = Project.new
@copy_project.safe_attributes = params[:project]
@copy_project.safe_attributes = permitted_params.project
if @copy_project.valid?
modules = params[:project][:enabled_module_names] || params[:enabled_modules]
copy_project_job = CopyProjectJob.new(user_id: User.current.id,
source_project_id: @project.id,
target_project_params: params[:project],
enabled_modules: modules,
associations_to_copy: params[:only],
send_mails: params[:notifications] == '1')
modules = permitted_params.project[:enabled_module_names] || params[:enabled_modules]
copy_project_job = CopyProjectJob.new(User.current.id,
@project.id,
permitted_params.project,
modules,
params[:only],
params[:notifications] == '1')
Delayed::Job.enqueue copy_project_job
flash[:notice] = I18n.t('copy_project.started',
app/controllers/messages_controller.rb
+7 -7
View File
@@ -75,9 +75,9 @@ class MessagesController < ApplicationController
m.board = @board
end
@message.safe_attributes = params[:message]
@message.safe_attributes = permitted_params.message(@message)
@message.attach_files(params[:attachments])
@message.attach_files(permitted_params.attachments)
if @message.save
call_hook(:controller_messages_new_after_save, params: params, message: @message)
@@ -100,7 +100,7 @@ class MessagesController < ApplicationController
@topic.children << @reply
if !@reply.new_record?
call_hook(:controller_messages_reply_after_save, params: params, message: @reply)
attachments = Attachment.attach_files(@reply, params[:attachments])
attachments = Attachment.attach_files(@reply, permitted_params.attachments)
render_attachment_warning_if_needed(@reply)
end
redirect_to topic_path(@topic, r: @reply)
@@ -109,16 +109,16 @@ class MessagesController < ApplicationController
# Edit a message
def edit
(render_403; return false) unless @message.editable_by?(User.current)
@message.safe_attributes = params[:message]
@message.safe_attributes = permitted_params.message(@message)
end
# Edit a message
def update
(render_403; return false) unless @message.editable_by?(User.current)
@message.safe_attributes = params[:message]
@message.safe_attributes = permitted_params.message(@message)
@message.attach_files(params[:attachments])
@message.attach_files(permitted_params.attachments)
if @message.save
flash[:notice] = l(:notice_successful_update)
@@ -156,7 +156,7 @@ class MessagesController < ApplicationController
protected
def parse_preview_data
if params[:message]
if params.has_key?(:message)
parse_preview_data_helper :message, :content
else
parse_preview_data_helper :reply, :content, Message
app/controllers/my_controller.rb
+2 -2
View File
@@ -126,7 +126,7 @@ class MyController < ApplicationController
@back_url = url_for(params[:back_url])
elsif request.post? || request.put?
User.current.pref.attributes = params[:pref] || {}
User.current.pref.attributes = permitted_params.pref || {}
User.current.pref.save
flash[:notice] = l(:notice_account_updated)
@@ -254,7 +254,7 @@ class MyController < ApplicationController
def write_settings(redirect_to:)
if request.patch?
@user.attributes = permitted_params.user
@user.pref.attributes = params[:pref] || {}
@user.pref.attributes = permitted_params.pref || {}
@user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
if @user.save
@user.pref.save
app/controllers/news/comments_controller.rb
+1 -1
View File
@@ -34,7 +34,7 @@ class News::CommentsController < ApplicationController
before_filter :authorize
def create
@comment = Comment.new(params[:comment])
@comment = Comment.new(permitted_params.comment)
@comment.author = User.current
if @news.comments << @comment
flash[:notice] = l(:label_comment_added)
app/controllers/news_controller.rb
+2 -2
View File
@@ -71,7 +71,7 @@ class NewsController < ApplicationController
def create
@news = News.new(project: @project, author: User.current)
@news.safe_attributes = params[:news]
@news.safe_attributes = permitted_params.news
if @news.save
flash[:notice] = l(:notice_successful_create)
redirect_to controller: '/news', action: 'index', project_id: @project
@@ -84,7 +84,7 @@ class NewsController < ApplicationController
end
def update
@news.safe_attributes = params[:news]
@news.safe_attributes = permitted_params.news
if @news.save
flash[:notice] = l(:notice_successful_update)
redirect_to action: 'show', id: @news
app/controllers/projects_controller.rb
+17 -14
View File
@@ -79,17 +79,17 @@ class ProjectsController < ApplicationController
@types = ::Type.all
@project = Project.new
@project.parent = Project.find(params[:parent_id]) if params[:parent_id]
@project.safe_attributes = params[:project]
@project.safe_attributes = permitted_params.project if params[:project].present?
end
def create
@issue_custom_fields = WorkPackageCustomField.order("#{CustomField.table_name}.position")
@types = ::Type.all
@project = Project.new
@project.safe_attributes = params[:project]
@project.safe_attributes = permitted_params.project
if validate_parent_id && @project.save
@project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
@project.set_allowed_parent!(permitted_params.project['parent_id']) if permitted_params.project.has_key?('parent_id')
add_current_user_to_project_if_not_admin(@project)
respond_to do |format|
format.html do
@@ -139,10 +139,10 @@ class ProjectsController < ApplicationController
def update
@altered_project = Project.find(@project.id)
@altered_project.safe_attributes = params[:project]
@altered_project.safe_attributes = permitted_params.project
if validate_parent_id && @altered_project.save
if params[:project].has_key?('parent_id')
@altered_project.set_allowed_parent!(params[:project]['parent_id'])
if permitted_params.project.has_key?('parent_id')
@altered_project.set_allowed_parent!(permitted_params.project['parent_id'])
end
respond_to do |format|
format.html do
@@ -163,21 +163,24 @@ class ProjectsController < ApplicationController
def types
flash[:notice] = []
project_params = {}
unless params.has_key? :project
params[:project] = { 'type_ids' => [::Type.standard_type.id] }
if params.has_key? :project
project_params = permitted_params.project
else
project_params = { 'type_ids' => [::Type.standard_type.id] }
flash[:notice] << l(:notice_automatic_set_of_standard_type)
end
params[:project].assert_valid_keys('type_ids')
project_params.assert_valid_keys('type_ids')
selected_type_ids = params[:project][:type_ids].map(&:to_i)
selected_type_ids = project_params['type_ids'].map(&:to_i)
if types_missing?(selected_type_ids)
flash.delete :notice
flash[:error] = I18n.t(:error_types_in_use_by_work_packages,
types: missing_types(selected_type_ids).map(&:name).join(', '))
elsif @project.update_attributes(params[:project])
elsif @project.update_attributes(project_params)
flash[:notice] << l('notice_successful_update')
else
flash[:error] = l('timelines.cannot_update_planning_element_types')
@@ -186,13 +189,13 @@ class ProjectsController < ApplicationController
end
def modules
@project.enabled_module_names = params[:project][:enabled_module_names]
@project.enabled_module_names = permitted_params.project[:enabled_module_names]
flash[:notice] = l(:notice_successful_update)
redirect_to action: 'settings', id: @project, tab: 'modules'
end
def custom_fields
@project.work_package_custom_field_ids = params[:project][:work_package_custom_field_ids]
@project.work_package_custom_field_ids = permitted_params.project[:work_package_custom_field_ids]
if @project.save
flash[:notice] = l(:notice_successful_update)
else
@@ -300,7 +303,7 @@ class ProjectsController < ApplicationController
# TODO: move it to Project model in a validation that depends on User.current
def validate_parent_id
return true if User.current.admin?
parent_id = params[:project] && params[:project][:parent_id]
parent_id = permitted_params.project && permitted_params.project[:parent_id]
if parent_id || @project.new_record?
parent = parent_id.blank? ? nil : Project.find_by(id: parent_id.to_i)
unless @project.allowed_parents.include?(parent)
app/controllers/sys_controller.rb
+1 -1
View File
@@ -114,7 +114,7 @@ class SysController < ActionController::Base
def find_project
@project = Project.find(params[:id])
rescue ActiveRecord::RecordNotFound
render text: "Could not find project ##{params[:id]}.", status: 404
render plain: "Could not find project ##{params[:id]}.", status: 404
end
def find_repository_with_storage
app/controllers/timelines_controller.rb
+4 -4
View File
@@ -56,7 +56,7 @@ class TimelinesController < ApplicationController
def create
remove_blank_options
@timeline = @project.timelines.build(params[:timeline])
@timeline = @project.timelines.build(permitted_params.timeline)
if @timeline.save
flash[:notice] = l(:notice_successful_create)
@@ -73,7 +73,7 @@ class TimelinesController < ApplicationController
def update
@timeline = @project.timelines.find(params[:id])
if @timeline.update_attributes(params[:timeline])
if @timeline.update_attributes(permitted_params.timeline)
flash[:notice] = l(:notice_successful_update)
redirect_to project_timeline_path(@project, @timeline)
else
@@ -100,12 +100,12 @@ class TimelinesController < ApplicationController
end
def remove_blank_options
options = params[:timeline][:options] || {}
options = permitted_params.timeline[:options] || {}
options.each do |k, v|
options[k] = v.reject(&:blank?) if v.is_a? Array
end
params[:timeline][:options] = options
permitted_params.timeline[:options] = options
end
end
app/controllers/timelog_controller.rb
+8 -8
View File
@@ -129,7 +129,7 @@ class TimelogController < ApplicationController
def new
@time_entry ||= TimeEntry.new(project: @project, work_package: @issue, user: User.current, spent_on: User.current.today)
@time_entry.safe_attributes = params[:time_entry]
@time_entry.safe_attributes = permitted_params.time_entry
call_hook(:controller_timelog_edit_before_save, params: params, time_entry: @time_entry)
@@ -138,7 +138,7 @@ class TimelogController < ApplicationController
def create
@time_entry ||= TimeEntry.new(project: @project, work_package: @issue, user: User.current, spent_on: User.current.today)
@time_entry.safe_attributes = params[:time_entry]
@time_entry.safe_attributes = permitted_params.time_entry
call_hook(:controller_timelog_edit_before_save, params: params, time_entry: @time_entry)
@@ -159,13 +159,13 @@ class TimelogController < ApplicationController
end
def edit
@time_entry.safe_attributes = params[:time_entry]
@time_entry.safe_attributes = permitted_params.time_entry
call_hook(:controller_timelog_edit_before_save, params: params, time_entry: @time_entry)
end
def update
@time_entry.safe_attributes = params[:time_entry]
@time_entry.safe_attributes = permitted_params.time_entry
call_hook(:controller_timelog_edit_before_save, params: params, time_entry: @time_entry)
@@ -246,8 +246,8 @@ class TimelogController < ApplicationController
def project_id_from_params
if params.has_key?(:project_id)
project_id = params[:project_id]
elsif params.has_key?(:time_entry) && params[:time_entry].has_key?(:project_id)
project_id = params[:time_entry][:project_id]
elsif params.has_key?(:time_entry) && permitted_params.time_entry.has_key?(:project_id)
project_id = permitted_params.time_entry[:project_id]
end
end
@@ -259,8 +259,8 @@ class TimelogController < ApplicationController
def work_package_from_params
if params.has_key?(:work_package_id)
work_package_id = params[:work_package_id]
elsif params.has_key?(:time_entry) && params[:time_entry].has_key?(:work_package_id)
work_package_id = params[:time_entry][:work_package_id]
elsif params.has_key?(:time_entry) && permitted_params.time_entry.has_key?(:work_package_id)
work_package_id = permitted_params.time_entry[:work_package_id]
end
WorkPackage.find_by id: work_package_id
app/controllers/users_controller.rb
+2 -2
View File
@@ -162,7 +162,7 @@ class UsersController < ApplicationController
if @user.save
# TODO: Similar to My#account
@user.pref.attributes = params[:pref] || {}
@user.pref.attributes = permitted_params.pref || {}
@user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
@user.pref.save
@@ -238,7 +238,7 @@ class UsersController < ApplicationController
end
def edit_membership
@membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
@membership = Member.edit_membership(params[:membership_id], permitted_params.membership, @user)
@membership.save if request.post?
respond_to do |format|
if @membership.valid?
app/controllers/versions_controller.rb
+6 -6
View File
@@ -67,8 +67,8 @@ class VersionsController < ApplicationController
def new
@version = @project.versions.build
if params[:version]
attributes = params[:version].dup
if permitted_params.version.present?
attributes = permitted_params.version.dup
attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
@version.safe_attributes = attributes
end
@@ -77,8 +77,8 @@ class VersionsController < ApplicationController
def create
# TODO: refactor with code above in #new
@version = @project.versions.build
if params[:version]
attributes = params[:version].dup
if permitted_params.version.present?
attributes = permitted_params.version.dup
attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
@version.safe_attributes = attributes
end
@@ -109,8 +109,8 @@ class VersionsController < ApplicationController
end
def update
if request.patch? && params[:version]
attributes = params[:version].dup
if request.patch? && permitted_params.version.present?
attributes = permitted_params.version.dup
attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing'])
@version.safe_attributes = attributes
if @version.save
app/controllers/watchers_controller.rb
+8 -3
View File
@@ -81,13 +81,18 @@ class WatchersController < ApplicationController
private
def find_watched_by_object
# Necessary check, otherwise anything can be constantized.
return false unless Redmine::Search.available_search_types.include?(params[:object_type])
klass = params[:object_type].singularize.camelcase.constantize
return false unless klass.respond_to?('watched_by') and
klass.ancestors.include? Redmine::Acts::Watchable and
params[:object_id].to_s =~ /\A\d+\z/
@watched = klass.find(params[:object_id])
rescue
render_404
unless @watched = klass.find(params[:object_id])
render_404
end
end
def find_watched_by_id
app/models/attachment.rb
-2
View File
@@ -36,8 +36,6 @@ class Attachment < ActiveRecord::Base
belongs_to :author, class_name: 'User', foreign_key: 'author_id'
attr_protected :author_id
validates_presence_of :container, :author, :content_type, :filesize
validates_length_of :description, maximum: 255
app/models/auth_source.rb
-1
View File
@@ -28,7 +28,6 @@
#++
class AuthSource < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
include Redmine::Ciphering
has_many :users
app/models/available_project_status.rb
-2
View File
@@ -35,7 +35,5 @@ class AvailableProjectStatus < ActiveRecord::Base
belongs_to :reported_project_status, class_name: 'ReportedProjectStatus',
foreign_key: 'reported_project_status_id'
attr_accessible :reported_project_status_id
validates_presence_of :reported_project_status, :project_type
end
app/models/board.rb
-4
View File
@@ -28,8 +28,6 @@
#++
class Board < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
belongs_to :project
has_many :topics, -> {
where("#{Message.table_name}.parent_id IS NULL")
@@ -42,8 +40,6 @@ class Board < ActiveRecord::Base
acts_as_list scope: :project_id
acts_as_watchable
attr_protected :project_id
validates_presence_of :name, :description
validates_length_of :name, maximum: 30
validates_length_of :description, maximum: 255
app/models/category.rb
-2
View File
@@ -33,8 +33,6 @@ class Category < ActiveRecord::Base
belongs_to :assigned_to, class_name: 'Principal', foreign_key: 'assigned_to_id'
has_many :work_packages, foreign_key: 'category_id', dependent: :nullify
attr_protected :project_id
validates_presence_of :name
validates_uniqueness_of :name, scope: [:project_id]
validates_length_of :name, maximum: 30
app/models/change.rb
-2
View File
@@ -35,8 +35,6 @@ class Change < ActiveRecord::Base
delegate :repository_encoding, to: :changeset, allow_nil: true, prefix: true
attr_protected :changeset_id
def relative_path
changeset.repository.relative_path(path)
end
app/models/changeset.rb
-2
View File
@@ -47,8 +47,6 @@ class Changeset < ActiveRecord::Base
project_key: "#{Repository.table_name}.project_id",
date_column: 'committed_on'
attr_protected :user_id
validates_presence_of :repository_id, :revision, :committed_on, :commit_date
validates_uniqueness_of :revision, scope: :repository_id
validates_uniqueness_of :scmid, scope: :repository_id, allow_nil: true
app/models/comment.rb
-2
View File
@@ -31,8 +31,6 @@ class Comment < ActiveRecord::Base
belongs_to :commented, polymorphic: true, counter_cache: true
belongs_to :author, class_name: 'User', foreign_key: 'author_id'
attr_accessible :commented, :author, :comments
validates :commented, :author, :comments, presence: true
def text
app/models/custom_field.rb
-1
View File
@@ -28,7 +28,6 @@
#++
class CustomField < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
include CustomField::OrderStatements
has_many :custom_values, dependent: :delete_all
app/models/enabled_module.rb
-2
View File
@@ -30,8 +30,6 @@
class EnabledModule < ActiveRecord::Base
belongs_to :project
attr_protected :project_id
validates_presence_of :name
validates_uniqueness_of :name, scope: :project_id
app/models/enumeration.rb
-2
View File
@@ -28,8 +28,6 @@
#++
class Enumeration < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
default_scope { order("#{Enumeration.table_name}.position ASC") }
belongs_to :project
app/models/group.rb
-2
View File
@@ -28,8 +28,6 @@
#++
class Group < Principal
include ActiveModel::ForbiddenAttributesProtection
has_and_belongs_to_many :users,
join_table: "#{table_name_prefix}group_users#{table_name_suffix}",
after_add: :user_added,
app/models/journal.rb
-2
View File
@@ -38,8 +38,6 @@ class Journal < ActiveRecord::Base
register_journal_formatter :attachment, OpenProject::JournalFormatter::Attachment
register_journal_formatter :custom_field, OpenProject::JournalFormatter::CustomField
attr_accessible :journable_type, :journable_id, :activity_type, :version, :notes, :user_id
# Make sure each journaled model instance only has unique version ids
validates_uniqueness_of :version, scope: [:journable_id, :journable_type]
app/models/legacy_journal.rb
-2
View File
@@ -50,8 +50,6 @@ class LegacyJournal < ActiveRecord::Base
belongs_to :journaled, class_name: 'Journal'
belongs_to :user
# attr_protected :user_id
register_journal_formatter :diff, OpenProject::JournalFormatter::Diff
register_journal_formatter :attachment, OpenProject::JournalFormatter::Attachment
register_journal_formatter :custom_field, OpenProject::JournalFormatter::CustomField
app/models/member.rb
+1 -5
View File
@@ -28,8 +28,6 @@
#++
class Member < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
belongs_to :user
belongs_to :principal, foreign_key: 'user_id'
has_many :member_roles, dependent: :destroy, autosave: true
@@ -127,9 +125,7 @@ class Member < ActiveRecord::Base
# Find or initialize a Member with an id, attributes, and for a Principal
def self.edit_membership(id, new_attributes, principal = nil)
@membership = id.present? ? Member.find(id) : Member.new(principal: principal)
# interface refactoring needed
# not critical atm because only admins can invoke it (see users and groups controllers)
@membership.force_attributes = new_attributes
@membership.attributes = new_attributes
@membership
end
app/models/member_role.rb
-2
View File
@@ -34,8 +34,6 @@ class MemberRole < ActiveRecord::Base
after_create :add_role_to_group_users
after_destroy :remove_role_from_group_users
attr_protected :member_id, :role_id
validates_presence_of :role
validate :validate_project_member_role
app/models/menu_item.rb
-2
View File
@@ -28,8 +28,6 @@
#++
class MenuItem < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
belongs_to :parent, class_name: 'MenuItem'
has_many :children, -> {
order('id ASC')
app/models/message.rb
-2
View File
@@ -61,8 +61,6 @@ class Message < ActiveRecord::Base
acts_as_watchable
attr_protected :author_id
validates_presence_of :board, :subject, :content
validates_length_of :subject, maximum: 255
app/models/news.rb
-2
View File
@@ -35,8 +35,6 @@ class News < ActiveRecord::Base
order('created_on')
}, as: :commented, dependent: :delete_all
attr_protected :project_id, :author_id
validates_presence_of :title, :description
validates_length_of :title, maximum: 60
validates_length_of :summary, maximum: 255
app/models/permitted_params.rb
+72 -17
View File
@@ -31,12 +31,6 @@ class PermittedParams
# This class intends to provide a method for all params hashes coming from the
# client and that are used for mass assignment.
#
# As such, please make it a deliberate decision to whitelist attributes.
#
# This implementation depends on the strong_parameters gem. For further
# information see here: https://github.com/rails/strong_parameters
#
#
# A method should look like the following:
#
# def name_of_the_params_key_referenced
@@ -46,18 +40,8 @@ class PermittedParams
#
# A controller could use a permitted_params method like this
#
# model_instance.attributes = permitted_params.name_of_the_params_key_referenced
# model_instance.METHOD_USING_ASSIGMENT = permitted_params.name_of_the_params_key_referenced
#
# instead of doing something like this which will not work anymore once the
# model is protected:
#
# model_instance.attributes = params[:name_of_the_params_key_referenced]
#
#
# A model will need the following module included in order to be protected by
# strong_params
#
# include ActiveModel::ForbiddenAttributesProtection
attr_reader :params, :current_user
def initialize(params, current_user)
@@ -268,6 +252,77 @@ class PermittedParams
params.require(:content).permit(*self.class.permitted_attributes[:wiki_content])
end
def timeline
params.require(:timeline).permit(:name, :options)
end
def pref
params.require(:pref).permit(:hide_mail, :time_zone, :impaired,
:comments_sorting, :warn_on_leaving_unsaved,
:theme)
end
def membership
params.require(:membership).permit(:project_id, role_ids: [])
end
def project
params.require(:project).permit(:name,
:description,
:is_public,
:identifier,
:project_type_id,
custom_field_values: {},
custom_fields: [],
work_package_custom_field_ids: [],
type_ids: [],
enabled_module_names: [])
end
def time_entry
params.require(:time_entry).permit(:hours, :comments, :work_package_id,
:activity_id, :spent_on, custom_field_values: [])
end
def news
params.require(:news).permit(:title, :summary, :description)
end
def category
params.require(:category).permit(:name, :assigned_to_id)
end
def version
params.require(:version).permit(:name,
:description,
:effective_date,
:due_date,
:start_date,
:wiki_page_title,
:status,
:sharing,
:custom_field_value)
end
def comment
params.require(:comment).permit(:commented, :author, :comments)
end
# `params.fetch` and not `require` because the update controller action associated
# with this is doing multiple things, therefore not requiring a message hash
# all the time.
def message(instance = nil)
if instance && current_user.allowed_to?(:edit_messages, instance.project)
params.fetch(:message, {}).permit(:subject, :content, :board_id, :locked, :sticky)
else
params.fetch(:message, {}).permit(:subject, :content, :board_id)
end
end
def attachments
params.permit(attachments: [:file, :description])['attachments']
end
protected
def custom_field_values(key)
app/models/planning_element_type_color.rb
-2
View File
@@ -37,8 +37,6 @@ class PlanningElementTypeColor < ActiveRecord::Base
foreign_key: 'color_id',
dependent: :nullify
include ActiveModel::ForbiddenAttributesProtection
before_validation :normalize_hexcode
validates_presence_of :name, :hexcode
app/models/project.rb
-2
View File
@@ -130,8 +130,6 @@ class Project < ActiveRecord::Base
author: nil,
datetime: :created_on
attr_protected :status
validates_presence_of :name, :identifier
# TODO: we temporarily disable this validation because it leads to failed tests
# it implicitly assumes a db:seed-created standard type to be present and currently
app/models/project/copy.rb
+9 -9
View File
@@ -97,7 +97,7 @@ module Project::Copy
wiki_menu_items_map = {}
project.wiki.wiki_menu_items.each do |item|
new_item = MenuItems::WikiMenuItem.new
new_item.force_attributes = item.attributes.dup.except('id', 'wiki_id', 'parent_id')
new_item.attributes = item.attributes.dup.except('id', 'wiki_id', 'parent_id')
new_item.wiki = wiki
(wiki_menu_items_map[item.id] = new_item.reload) if new_item.save
end
@@ -122,7 +122,7 @@ module Project::Copy
def copy_categories(project)
project.categories.each do |category|
new_category = Category.new
new_category.send(:assign_attributes, category.attributes.dup.except('id', 'project_id'), without_protection: true)
new_category.send(:assign_attributes, category.attributes.dup.except('id', 'project_id'))
categories << new_category
end
end
@@ -182,7 +182,7 @@ module Project::Copy
# Relations
issue.relations_from.each do |source_relation|
new_relation = Relation.new
new_relation.force_attributes = source_relation.attributes.dup.except('id', 'from_id', 'to_id')
new_relation.attributes = source_relation.attributes.dup.except('id', 'from_id', 'to_id')
new_relation.to = work_packages_map[source_relation.to_id]
if new_relation.to.nil? && Setting.cross_project_work_package_relations?
new_relation.to = source_relation.to
@@ -193,7 +193,7 @@ module Project::Copy
issue.relations_to.each do |source_relation|
new_relation = Relation.new
new_relation.force_attributes = source_relation.attributes.dup.except('id', 'from_id', 'to_id')
new_relation.attributes = source_relation.attributes.dup.except('id', 'from_id', 'to_id')
new_relation.from = work_packages_map[source_relation.from_id]
if new_relation.from.nil? && Setting.cross_project_work_package_relations?
new_relation.from = source_relation.from
@@ -212,7 +212,7 @@ module Project::Copy
members_to_copy += project.memberships.select { |m| !m.principal.is_a?(User) }
members_to_copy.each do |member|
new_member = Member.new
new_member.send(:assign_attributes, member.attributes.dup.except('id', 'project_id', 'created_on'), without_protection: true)
new_member.send(:assign_attributes, member.attributes.dup.except('id', 'project_id', 'created_on'))
# only copy non inherited roles
# inherited roles will be added when copying the group membership
role_ids = member.member_roles.reject(&:inherited?).map(&:role_id)
@@ -265,7 +265,7 @@ module Project::Copy
[:project_a, :project_b].each do |association_type|
project.send(:"#{association_type}_associations").each do |association|
new_association = ProjectAssociation.new
new_association.force_attributes = association.attributes.dup.except('id', "#{association_type}_id")
new_association.attributes = association.attributes.dup.except('id', "#{association_type}_id")
new_association.send(:"#{association_type}=", self)
new_association.save
end
@@ -276,7 +276,7 @@ module Project::Copy
def copy_timelines(project)
project.timelines.each do |timeline|
copied_timeline = Timeline.new
copied_timeline.force_attributes = timeline.attributes.dup.except('id', 'project_id', 'options')
copied_timeline.attributes = timeline.attributes.dup.except('id', 'project_id', 'options')
copied_timeline.options = timeline.options if timeline.options.present?
copied_timeline.project = self
copied_timeline.save
@@ -287,13 +287,13 @@ module Project::Copy
def copy_reportings(project)
project.reportings_via_source.each do |reporting|
copied_reporting = Reporting.new
copied_reporting.force_attributes = reporting.attributes.dup.except('id', 'project_id')
copied_reporting.attributes = reporting.attributes.dup.except('id', 'project_id')
copied_reporting.project = self
copied_reporting.save
end
project.reportings_via_target.each do |reporting|
copied_reporting = Reporting.new
copied_reporting.force_attributes = reporting.attributes.dup.except('id', 'reporting_to_project')
copied_reporting.attributes = reporting.attributes.dup.except('id', 'reporting_to_project')
copied_reporting.reporting_to_project = self
copied_reporting.save
end
app/models/project_association.rb
-2
View File
@@ -37,8 +37,6 @@ class ProjectAssociation < ActiveRecord::Base
validates_presence_of :project_a, :project_b
attr_accessible :description
validate :validate,
:validate_projects_not_identical
app/models/project_type.rb
-2
View File
@@ -44,8 +44,6 @@ class ProjectType < ActiveRecord::Base
validate: false
has_many :reported_project_statuses, through: :available_project_statuses
include ActiveModel::ForbiddenAttributesProtection
validates_presence_of :name
validates_inclusion_of :allows_association, in: [true, false]
app/models/query.rb
-3
View File
@@ -28,7 +28,6 @@
#++
class Query < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
include Queries::WorkPackages::AvailableFilterOptions
# referenced in plugin patches - currently there are only work package queries and filters
@@ -45,8 +44,6 @@ class Query < ActiveRecord::Base
serialize :column_names
serialize :sort_criteria, Array
attr_protected :project_id # , :user_id
validates :name, presence: true
validates_length_of :name, maximum: 255
app/models/relation.rb
-2
View File
@@ -59,8 +59,6 @@ class Relation < ActiveRecord::Base
before_save :update_schedule
attr_protected :from_id, :to_id
def validate_sanity_of_relation
if from && to
errors.add :to_id, :invalid if from_id == to_id
app/models/reporting.rb
-3
View File
@@ -37,9 +37,6 @@ class Reporting < ActiveRecord::Base
belongs_to :reported_project_status, class_name: 'ReportedProjectStatus',
foreign_key: 'reported_project_status_id'
attr_accessible :reported_project_status_comment,
:reported_project_status_id
validates_presence_of :project, :reporting_to_project
validates_uniqueness_of :reporting_to_project_id, scope: :project_id
app/models/repository.rb
-2
View File
@@ -46,8 +46,6 @@ class Repository < ActiveRecord::Base
# has_many :changesets, :dependent => :destroy is too slow for big repositories
before_destroy :clear_changesets
attr_protected :project_id
validates_length_of :password, maximum: 255, allow_nil: true
validate :validate_enabled_scm, on: :create
app/models/repository/git.rb
-1
View File
@@ -30,7 +30,6 @@
require 'open_project/scm/adapters/git'
class Repository::Git < Repository
attr_protected :root_url
validates_presence_of :url
def self.scm_adapter_class
app/models/repository/subversion.rb
-1
View File
@@ -30,7 +30,6 @@
require 'open_project/scm/adapters/subversion'
class Repository::Subversion < Repository
attr_protected :root_url
validates_presence_of :url
validates_format_of :url, with: /\A(http|https|svn(\+[^\s:\/\\]+)?|file):\/\/.+\z/i
app/models/role.rb
-2
View File
@@ -28,7 +28,6 @@
#++
class Role < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
extend Pagination::Model
# Built-in roles
@@ -56,7 +55,6 @@ class Role < ActiveRecord::Base
acts_as_list
serialize :permissions, Array
attr_protected :builtin
validates_presence_of :name
validates_uniqueness_of :name
app/models/status.rb
-1
View File
@@ -28,7 +28,6 @@
#++
class Status < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
extend Pagination::Model
default_scope { order('position ASC') }
app/models/time_entry.rb
-2
View File
@@ -36,8 +36,6 @@ class TimeEntry < ActiveRecord::Base
belongs_to :user
belongs_to :activity, class_name: 'TimeEntryActivity', foreign_key: 'activity_id'
attr_protected :project_id, :user_id, :tyear, :tmonth, :tweek
acts_as_customizable
acts_as_journalized
app/models/timeline.rb
-2
View File
@@ -53,8 +53,6 @@ class Timeline < ActiveRecord::Base
validate :validate_option_dates
validate :validate_option_numeric
attr_accessible :name, :options
before_save :remove_empty_options_values
before_save :split_joined_options_values
app/models/token.rb
-2
View File
@@ -31,8 +31,6 @@ class Token < ActiveRecord::Base
belongs_to :user
validates_uniqueness_of :value
# attr_protected :user_id
before_create :delete_previous_tokens
before_create :assign_generated_token
app/models/type.rb
-2
View File
@@ -30,8 +30,6 @@
class ::Type < ActiveRecord::Base
extend Pagination::Model
include ActiveModel::ForbiddenAttributesProtection
before_destroy :check_integrity
has_many :work_packages
app/models/user.rb
+4 -5
View File
@@ -30,7 +30,6 @@
require 'digest/sha1'
class User < Principal
include ActiveModel::ForbiddenAttributesProtection
include User::Authorization
USER_FORMATS_STRUCTURE = {
@@ -46,9 +45,9 @@ class User < Principal
end
USER_FORMATS = {
firstname_lastname: User.user_format_structure_to_format(:firstname_lastname, ' '),
firstname_lastname: User.user_format_structure_to_format(:firstname_lastname),
firstname: User.user_format_structure_to_format(:firstname),
lastname_firstname: User.user_format_structure_to_format(:lastname_firstname, ' '),
lastname_firstname: User.user_format_structure_to_format(:lastname_firstname),
lastname_coma_firstname: User.user_format_structure_to_format(:lastname_coma_firstname, ', '),
username: User.user_format_structure_to_format(:username)
}
@@ -298,9 +297,9 @@ class User < Principal
# Return user's full name for display
def name(formatter = nil)
if formatter
eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"')
eval ('"' + (User::USER_FORMATS[formatter] || User::USER_FORMATS[:firstname_lastname]) + '"')
else
@name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"')
@name ||= eval ('"' + (User::USER_FORMATS[Setting.user_format] || User::USER_FORMATS[:firstname_lastname]) + '"')
end
end
app/models/user_preference.rb
-8
View File
@@ -35,14 +35,6 @@ class UserPreference < ActiveRecord::Base
validate :time_zone_correctness, if: -> { time_zone.present? }
validate :theme_correctness, if: -> { theme.present? }
attr_accessible :user
# attributes that have their own column
attr_accessible :hide_mail, :time_zone, :impaired
# shortcut methods to others hash
attr_accessible :comments_sorting, :warn_on_leaving_unsaved, :theme
after_initialize :init_other_preferences
def [](attr_name)
app/models/version.rb
-2
View File
@@ -41,8 +41,6 @@ class Version < ActiveRecord::Base
VERSION_STATUSES = %w(open locked closed)
VERSION_SHARINGS = %w(none descendants hierarchy tree system)
attr_protected :project_id
validates_presence_of :name
validates_uniqueness_of :name, scope: [:project_id]
validates_length_of :name, maximum: 60
app/models/watcher.rb
-2
View File
@@ -33,8 +33,6 @@ class Watcher < ActiveRecord::Base
belongs_to :watchable, polymorphic: true
belongs_to :user
attr_accessible :watchable, :user, :user_id
validates_presence_of :watchable, :user
validates_uniqueness_of :user_id, scope: [:watchable_type, :watchable_id]
app/models/wiki.rb
-2
View File
@@ -46,8 +46,6 @@ class Wiki < ActiveRecord::Base
safe_attributes 'wiki_menu_items_attributes'
attr_protected :project_id
validates_presence_of :start_page
validates_format_of :start_page, with: /\A[^,\.\/\?\;\|\:]*\z/
app/models/wiki_content.rb
-4
View File
@@ -30,8 +30,6 @@
require 'zlib'
class WikiContent < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
belongs_to :page, class_name: 'WikiPage', foreign_key: 'page_id'
belongs_to :author, class_name: 'User', foreign_key: 'author_id'
validates_presence_of :text
@@ -39,8 +37,6 @@ class WikiContent < ActiveRecord::Base
attr_accessor :comments
# attr_protected :author_id
before_save :comments_to_journal_notes
acts_as_journalized
app/models/wiki_page.rb
-2
View File
@@ -31,8 +31,6 @@ require 'diff'
require 'enumerator'
class WikiPage < ActiveRecord::Base
include ActiveModel::ForbiddenAttributesProtection
belongs_to :wiki
has_one :content, class_name: 'WikiContent', foreign_key: 'page_id', dependent: :destroy
acts_as_attachable delete_permission: :delete_wiki_pages_attachments
app/models/work_package.rb
+2 -5
View File
@@ -65,9 +65,6 @@ class WorkPackage < ActiveRecord::Base
order("#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC")
}
# >>> issues.rb >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
attr_protected :project_id, :author_id, :lft, :rgt
# <<< issues.rb <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
scope :recently_updated, ->() {
# Specified as a String due to https://github.com/rails/rails/issues/15405
@@ -290,8 +287,8 @@ class WorkPackage < ActiveRecord::Base
work_package = arg.is_a?(WorkPackage) ? arg : WorkPackage.visible.find(arg)
# attributes don't come from form, so it's save to force assign
self.force_attributes = work_package.attributes.dup.except(*merged_options[:exclude])
# attributes don't come from form, so it's safe to force assign
self.attributes = work_package.attributes.dup.except(*merged_options[:exclude])
self.parent_id = work_package.parent_id if work_package.parent_id
self.custom_field_values =
work_package.custom_field_values.inject({}) do |h, v|
app/models/workflow.rb
-2
View File
@@ -32,8 +32,6 @@ class Workflow < ActiveRecord::Base
belongs_to :old_status, class_name: 'Status', foreign_key: 'old_status_id'
belongs_to :new_status, class_name: 'Status', foreign_key: 'new_status_id'
# attr_protected :role_id
validates_presence_of :role, :old_status, :new_status
# Returns workflow transitions count by type and role
config/application.rb
-6
View File
@@ -141,12 +141,6 @@ module OpenProject
instance_eval File.read(File.join(File.dirname(__FILE__), 'additional_environment.rb'))
end
# Enforce whitelist mode for mass assignment.
# This will create an empty whitelist of attributes available for mass-assignment for all models
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
# parameters by using an attr_accessible or attr_protected declaration.
config.active_record.whitelist_attributes = false
# Do not swallow errors in after_commit/after_rollback callbacks.
config.active_record.raise_in_transactional_callbacks = true
config/initializers/mass_assignment.rb
-35
View File
@@ -1,35 +0,0 @@
#-- encoding: UTF-8
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
class ActiveRecord::Base
# call this to force mass assignment even of protected attributes
def force_attributes=(new_attributes)
send(:assign_attributes, new_attributes, without_protection: true)
end
end
lib/open_project/concerns/preview.rb
+6 -6
View File
@@ -31,13 +31,13 @@
# This concern provides a general implementation of preview functionality #
# found in different controllers. #
# #
# Nevertheless, this concern expects the controller to implement the function #
# This concern expects the controller to implement the function #
# #parse_preview_data. #parse_preview_data must return a list of (wiki) texts, #
# attachments required to render the texts, and the object. Attachments and #
# object may be nil. #
# object can be nil. #
# #
# You may use #parse_preview_data_helper to implement #parse_preview_data. #
# Then, a minimal implementation of #parse_preview_data may looks as follows: #
# You can use #parse_preview_data_helper to implement #parse_preview_data. #
# Then, a minimal implementation of #parse_preview_data is as follows: #
# #
# def parse_preview_data #
# parse_preview_data_helper :work_packages, [:description, :notes] #
@@ -45,12 +45,12 @@
# #
# The first parameter 'param_name' specifies the key in the params object that #
# contains the values. The second parameter 'attributes' specifies the value #
# keys. Optionally, if 'param_name' is not equivalent to a class name, you #
# keys. If 'param_name' is not equivalent to a class name, you #
# can pass the objects class as third parameter. #
# #
# For object identification #parse_preview_data_helper uses the params #
# object's 'id' key, if available. If 'id' needs some preprocessing or is not #
# the id to the object instance, you may override #parse_preview_id to provide #
# the id to the object instance, you can override #parse_preview_id to provide #
# a different id. #
################################################################################
module OpenProject::Concerns::Preview
lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/creation.rb
+1 -1
View File
@@ -129,7 +129,7 @@ module Redmine::Acts::Journalized
attributes_setter = ActiveRecord::Base.instance_method(:assign_attributes)
attributes_setter = attributes_setter.bind(fill_object)
attributes_setter.call(initial_changes, without_protection: true)
attributes_setter.call(initial_changes)
# Call the journal creating method
changed_data = fill_object.send(:merge_journal_changes)
lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/users.rb
-1
View File
@@ -97,7 +97,6 @@ module Redmine::Acts::Journalized
def self.included(base) # :nodoc:
base.class_eval do
belongs_to :user
# attr_protected :user_id
alias_method_chain :user=, :name
end
end
lib/plugins/acts_as_watchable/lib/acts_as_watchable.rb
-1
View File
@@ -61,7 +61,6 @@ module Redmine
includes(:watchers)
.where(watchers: { user_id: user_id })
}
attr_protected :watcher_ids, :watcher_user_ids if accessible_attributes.nil?
end
send :include, Redmine::Acts::Watchable::InstanceMethods
alias_method_chain :watcher_user_ids=, :uniq_ids
spec/controllers/copy_projects_controller_spec.rb
+1 -1
View File
@@ -111,7 +111,7 @@ describe CopyProjectsController, type: :controller do
it { expect(Project.count).to eq(2) }
it 'copied project should have enabled modules specified in params' do
it 'copied project enables modules specified in params' do
expect(Project.order(:id).last.enabled_modules.map(&:name)).to match_array(['work_package_tracking', 'boards'])
end
spec/models/available_project_status_spec.rb
+3 -3
View File
@@ -66,12 +66,12 @@ describe AvailableProjectStatus, type: :model do
FactoryGirl.create(:reported_project_status, id: 2)
}
it { expect(AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes, without_protection: true) }).to be_valid }
it { expect(AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes) }).to be_valid }
describe 'project_type' do
it 'is invalid w/o a project_type' do
attributes[:project_type_id] = nil
available_project_status = AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes, without_protection: true) }
available_project_status = AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes) }
expect(available_project_status).not_to be_valid
@@ -83,7 +83,7 @@ describe AvailableProjectStatus, type: :model do
describe 'reported_project_status' do
it 'is invalid w/o a reported_project_status' do
attributes[:reported_project_status_id] = nil
available_project_status = AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes, without_protection: true) }
available_project_status = AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes) }
expect(available_project_status).not_to be_valid
spec/models/project_association_spec.rb
+4 -4
View File
@@ -78,13 +78,13 @@ describe ProjectAssociation, type: :model do
FactoryGirl.create(:project, id: 2)
}
it { expect(ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes, without_protection: true) }).to be_valid }
it { expect(ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes) }).to be_valid }
it 'should be invalid for a self referential association' do
attributes[:project_b_id] = attributes[:project_a_id]
project_association = ProjectAssociation.new do |a|
a.send(:assign_attributes, attributes, without_protection: true)
a.send(:assign_attributes, attributes)
end
expect(project_association).not_to be_valid
@@ -98,7 +98,7 @@ describe ProjectAssociation, type: :model do
describe 'project_a' do
it 'is invalid w/o a project_a' do
attributes[:project_a_id] = nil
project_association = ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes, without_protection: true) }
project_association = ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes) }
expect(project_association).not_to be_valid
@@ -109,7 +109,7 @@ describe ProjectAssociation, type: :model do
describe 'project_b' do
it 'is invalid w/o a project_b' do
attributes[:project_b_id] = nil
project_association = ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes, without_protection: true) }
project_association = ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes) }
expect(project_association).not_to be_valid
spec/models/reporting_spec.rb
+3 -3
View File
@@ -74,13 +74,13 @@ describe Reporting, type: :model do
FactoryGirl.create(:project, id: 2)
}
it { expect(Reporting.new.tap { |r| r.send(:assign_attributes, attributes, without_protection: true) }).to be_valid }
it { expect(Reporting.new.tap { |r| r.send(:assign_attributes, attributes) }).to be_valid }
describe 'project' do
it 'is invalid w/o a project' do
attributes[:project_id] = nil
reporting = Reporting.new
reporting.send(:assign_attributes, attributes, without_protection: true)
reporting.send(:assign_attributes, attributes)
expect(reporting).not_to be_valid
@@ -93,7 +93,7 @@ describe Reporting, type: :model do
it 'is invalid w/o a reporting_to_project' do
attributes[:reporting_to_project_id] = nil
reporting = Reporting.new
reporting.send(:assign_attributes, attributes, without_protection: true)
reporting.send(:assign_attributes, attributes)
expect(reporting).not_to be_valid
spec/models/work_package/work_package_custom_fields_spec.rb
+1 -1
View File
@@ -231,7 +231,7 @@ describe WorkPackage, type: :model do
subject do
wp = WorkPackage.new.tap do |i|
i.force_attributes = { project: project }
i.attributes = { project: project }
end
wp.attributes = attribute_hash
spec/models/work_package/work_package_planning_spec.rb
+10 -10
View File
@@ -93,12 +93,12 @@ describe WorkPackage, type: :model do
}
}
it { expect(WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }).to be_valid }
it { expect(WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }).to be_valid }
describe 'subject' do
it 'is invalid w/o a subject' do
attributes[:subject] = nil
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }
expect(planning_element).not_to be_valid
@@ -108,7 +108,7 @@ describe WorkPackage, type: :model do
it 'is invalid w/ a subject longer than 255 characters' do
attributes[:subject] = 'A' * 500
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }
expect(planning_element).not_to be_valid
@@ -120,7 +120,7 @@ describe WorkPackage, type: :model do
describe 'start_date' do
it 'is valid w/o a start_date' do
attributes[:start_date] = nil
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }
expect(planning_element).to be_valid
@@ -131,7 +131,7 @@ describe WorkPackage, type: :model do
describe 'due_date' do
it 'is valid w/o a due_date' do
attributes[:due_date] = nil
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }
expect(planning_element).to be_valid
@@ -141,7 +141,7 @@ describe WorkPackage, type: :model do
it 'is invalid if start_date is after due_date' do
attributes[:start_date] = Date.today
attributes[:due_date] = Date.today - 1.week
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }
expect(planning_element).not_to be_valid
@@ -153,7 +153,7 @@ describe WorkPackage, type: :model do
attributes[:type] = FactoryGirl.build(:type, is_milestone: true)
attributes[:start_date] = Date.today
attributes[:due_date] = Date.today + 1.week
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }
expect(planning_element).not_to be_valid
@@ -165,7 +165,7 @@ describe WorkPackage, type: :model do
describe 'project' do
it 'is invalid w/o a project' do
attributes[:project_id] = nil
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }
expect(planning_element).not_to be_valid
@@ -179,11 +179,11 @@ describe WorkPackage, type: :model do
it 'is invalid if parent is_milestone' do
parent = WorkPackage.new.tap do |pe|
pe.send(:assign_attributes, attributes.merge(type: FactoryGirl.build(:type, is_milestone: true)), without_protection: true)
pe.send(:assign_attributes, attributes.merge(type: FactoryGirl.build(:type, is_milestone: true)))
end
attributes[:parent] = parent
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }
planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }
expect(planning_element).not_to be_valid
spec/models/work_package_spec.rb
+3 -3
View File
@@ -41,7 +41,7 @@ describe WorkPackage, type: :model do
let(:priority) { FactoryGirl.create(:priority) }
let(:work_package) {
WorkPackage.new.tap do |w|
w.force_attributes = { project_id: project.id,
w.attributes = { project_id: project.id,
type_id: type.id,
author_id: user.id,
status_id: status.id,
@@ -73,7 +73,7 @@ describe WorkPackage, type: :model do
describe 'minimal' do
let(:work_package_minimal) {
WorkPackage.new.tap do |w|
w.force_attributes = { project_id: project.id,
w.attributes = { project_id: project.id,
type_id: type.id,
author_id: user.id,
status_id: status.id,
@@ -166,7 +166,7 @@ describe WorkPackage, type: :model do
}
before do
work_package.force_attributes = { category_id: category.id }
work_package.attributes = { category_id: category.id }
work_package.save!
end
spec_legacy/functional/messages_controller_spec.rb
+1 -1
View File
@@ -52,7 +52,7 @@ describe MessagesController, type: :controller do
assert_difference 'Message.count', 110 do
110.times do
m = Message.new
m.force_attributes = { subject: 'Reply', content: 'Reply body', author_id: 2, board_id: 1 }
m.attributes = { subject: 'Reply', content: 'Reply body', author_id: 2, board_id: 1 }
message.children << m
end
end
spec_legacy/functional/project_enumerations_controller_spec.rb
+1 -1
View File
@@ -150,7 +150,7 @@ describe ProjectEnumerationsController, type: :controller do
# second one is a duplicate
# parent = TimeEntryActivity.find(9)
parent = TimeEntryActivity.new
parent.force_attributes = { name: parent.name, project_id: 1, position: parent.position, active: true }
parent.attributes = { name: parent.name, project_id: 1, position: parent.position, active: true }
parent.save(validate: false)
project = Project.find(1)
spec_legacy/unit/category_spec.rb
+3 -3
View File
@@ -38,7 +38,7 @@ describe Category, type: :model do
end
it 'should create' do
(new_cat = Category.new).force_attributes = { project_id: @project.id, name: 'New category' }
(new_cat = Category.new).attributes = { project_id: @project.id, name: 'New category' }
assert new_cat.valid?
assert new_cat.save
assert_equal 'New category', new_cat.name
@@ -48,9 +48,9 @@ describe Category, type: :model do
group = FactoryGirl.create :group
role = FactoryGirl.create :role
(Member.new.tap do |m|
m.force_attributes = { principal: group, project: @project, role_ids: [role.id] }
m.attributes = { principal: group, project: @project, role_ids: [role.id] }
end).save!
(new_cat = Category.new).force_attributes = { project_id: @project.id, name: 'Group assignment', assigned_to_id: group.id }
(new_cat = Category.new).attributes = { project_id: @project.id, name: 'Group assignment', assigned_to_id: group.id }
assert new_cat.valid?
assert new_cat.save
assert_kind_of Group, new_cat.assigned_to
spec_legacy/unit/group_spec.rb
+2 -2
View File
@@ -34,7 +34,7 @@ describe Group, type: :model do
@member = FactoryGirl.build :member
@work_package = FactoryGirl.create :work_package
@roles = FactoryGirl.create_list :role, 2
@member.force_attributes = { principal: @group, role_ids: @roles.map(&:id) }
@member.attributes = { principal: @group, role_ids: @roles.map(&:id) }
@member.save!
@project = @member.project
@user = FactoryGirl.create :user
@@ -63,7 +63,7 @@ describe Group, type: :model do
member = FactoryGirl.build :member
roles = FactoryGirl.create_list :role, 2
role_ids = roles.map(&:id)
member.force_attributes = { principal: group, role_ids: role_ids }
member.attributes = { principal: group, role_ids: role_ids }
member.save!
user = FactoryGirl.create :user
group.users << user
spec_legacy/unit/issue_nested_set_spec.rb
+6 -6
View File
@@ -43,7 +43,7 @@ describe 'IssueNestedSet', type: :model do
Setting.cross_project_work_package_relations = '0'
issue = create_issue!
child = WorkPackage.new.tap do |i|
i.force_attributes = { project_id: 2,
i.attributes = { project_id: 2,
type_id: 1,
author_id: 1,
subject: 'child',
@@ -57,7 +57,7 @@ describe 'IssueNestedSet', type: :model do
Setting.cross_project_work_package_relations = '1'
issue = create_issue!
child = WorkPackage.new.tap do |i|
i.force_attributes = { project_id: 2,
i.attributes = { project_id: 2,
type_id: 1,
author_id: 1,
subject: 'child',
@@ -107,17 +107,17 @@ describe 'IssueNestedSet', type: :model do
issue3 = create_issue!(parent_id: issue2.id)
issue4 = create_issue!
(r1 = Relation.new.tap do |i|
i.force_attributes = { from: issue1,
i.attributes = { from: issue1,
to: issue2,
relation_type: Relation::TYPE_PRECEDES }
end).save!
(r2 = Relation.new.tap do |i|
i.force_attributes = { from: issue1,
i.attributes = { from: issue1,
to: issue3,
relation_type: Relation::TYPE_PRECEDES }
end).save!
(r3 = Relation.new.tap do |i|
i.force_attributes = { from: issue2,
i.attributes = { from: issue2,
to: issue4,
relation_type: Relation::TYPE_PRECEDES }
end).save!
@@ -296,7 +296,7 @@ describe 'IssueNestedSet', type: :model do
def create_issue!(attributes = {})
(i = WorkPackage.new.tap do |i|
attr = { project_id: 1, type_id: 1, author_id: 1, subject: 'test' }.merge(attributes)
i.force_attributes = attr
i.attributes = attr
end).save!
i
end
spec_legacy/unit/member_spec.rb
+5 -5
View File
@@ -41,7 +41,7 @@ describe Member, type: :model do
it 'should create' do
member = Member.new.tap do |m|
m.force_attributes = { project_id: @project.id,
m.attributes = { project_id: @project.id,
user_id: FactoryGirl.create(:user).id,
role_ids: [@role.id] }
end
@@ -73,7 +73,7 @@ describe Member, type: :model do
user_id = FactoryGirl.create(:user).id
2.times do
members << Member.new.tap do |m|
m.force_attributes = { project_id: @project.id,
m.attributes = { project_id: @project.id,
user_id: user_id,
role_ids: [@role.id] }
end
@@ -84,7 +84,7 @@ describe Member, type: :model do
assert !members.last.save
member = Member.new.tap do |m|
m.force_attributes = { project_id: @project,
m.attributes = { project_id: @project,
user_id: FactoryGirl.create(:user).id,
role_ids: [] }
end
@@ -131,7 +131,7 @@ describe Member, type: :model do
context 'of user' do
before do
(@member = Member.new.tap do |m|
m.force_attributes = { project_id: @private_project.id,
m.attributes = { project_id: @private_project.id,
user_id: @watcher_user.id,
role_ids: [@private_role.id, FactoryGirl.create(:role).id] }
end).save!
@@ -161,7 +161,7 @@ describe Member, type: :model do
before do
@group = FactoryGirl.create :group
@member = (Member.new.tap do |m|
m.force_attributes = { project_id: @private_project.id,
m.attributes = { project_id: @private_project.id,
user_id: @group.id,
role_ids: [@private_role.id, FactoryGirl.create(:role).id] }
end)
spec_legacy/unit/project_spec.rb
+1 -1
View File
@@ -875,7 +875,7 @@ describe Project, type: :model do
# group role
(Member.new.tap do |m|
m.force_attributes = { project_id: @source_project.id,
m.attributes = { project_id: @source_project.id,
principal: group,
role_ids: [2] }
end).save!
spec_legacy/unit/user_spec.rb
+2 -2
View File
@@ -500,7 +500,7 @@ describe User, type: :model do
it "should be false for a user with :only_my_events and isn't an author, creator, or assignee" do
@user = FactoryGirl.create(:user, mail_notification: 'only_my_events')
(Member.new.tap do |m|
m.force_attributes = { user: @user, project: @project, role_ids: [1] }
m.attributes = { user: @user, project: @project, role_ids: [1] }
end).save!
assert ! @user.notify_about?(@issue)
end
@@ -548,7 +548,7 @@ describe User, type: :model do
it 'should be false for a user with :selected and is not the author or assignee' do
@user = FactoryGirl.create(:user, mail_notification: 'selected')
(Member.new.tap do |m|
m.force_attributes = { user: @user, project: @project, role_ids: [1] }
m.attributes = { user: @user, project: @project, role_ids: [1] }
end).save!
assert ! @user.notify_about?(@issue)
end
spec_legacy/unit/version_spec.rb
+14 -14
View File
@@ -33,7 +33,7 @@ describe Version, type: :model do
it 'should create' do
(v = Version.new.tap do |v|
v.force_attributes = { project: Project.find(1), name: '1.1', effective_date: '2011-03-25' }
v.attributes = { project: Project.find(1), name: '1.1', effective_date: '2011-03-25' }
end)
assert v.save
assert_equal 'open', v.status
@@ -41,7 +41,7 @@ describe Version, type: :model do
it 'should invalid effective date validation' do
(v = Version.new.tap do |v|
v.force_attributes = { project: Project.find(1), name: '1.1', effective_date: '99999-01-01' }
v.attributes = { project: Project.find(1), name: '1.1', effective_date: '99999-01-01' }
end)
assert !v.save
assert_includes v.errors[:effective_date], I18n.translate('activerecord.errors.messages.not_a_date')
@@ -52,7 +52,7 @@ describe Version, type: :model do
it 'should be the date of the earlist issue' do
project = Project.find(1)
(v = Version.new.tap do |v|
v.force_attributes = { project: project, name: 'Progress' }
v.attributes = { project: project, name: 'Progress' }
end).save!
add_work_package(v, estimated_hours: 10, start_date: '2010-03-01')
FactoryGirl.create(:work_package, project: project, subject: 'not assigned', start_date: '2010-01-01')
@@ -65,7 +65,7 @@ describe Version, type: :model do
it 'should be the value' do
project = Project.find(1)
(v = Version.new.tap do |v|
v.force_attributes = { project: project, name: 'Progress', start_date: '2010-01-05' }
v.attributes = { project: project, name: 'Progress', start_date: '2010-01-05' }
end).save!
add_work_package(v, estimated_hours: 10, start_date: '2010-03-01')
@@ -78,7 +78,7 @@ describe Version, type: :model do
it 'should progress should be 0 with no assigned issues' do
project = Project.find(1)
(v = Version.new.tap do |v|
v.force_attributes = { project: project, name: 'Progress' }
v.attributes = { project: project, name: 'Progress' }
end).save!
assert_equal 0, v.completed_percent
assert_equal 0, v.closed_percent
@@ -87,7 +87,7 @@ describe Version, type: :model do
it 'should progress should be 0 with unbegun assigned issues' do
project = Project.find(1)
(v = Version.new.tap do |v|
v.force_attributes = { project: project, name: 'Progress' }
v.attributes = { project: project, name: 'Progress' }
end).save!
add_work_package(v)
add_work_package(v, done_ratio: 0)
@@ -99,7 +99,7 @@ describe Version, type: :model do
project = Project.find(1)
status = Status.where(is_closed: true).first
(v = Version.new.tap do |v|
v.force_attributes = { project: project, name: 'Progress' }
v.attributes = { project: project, name: 'Progress' }
end).save!
add_work_package(v, status: status)
add_work_package(v, status: status, done_ratio: 20)
@@ -112,7 +112,7 @@ describe Version, type: :model do
it 'should progress should consider done ratio of open assigned issues' do
project = Project.find(1)
(v = Version.new.tap do |v|
v.force_attributes = { project: project, name: 'Progress' }
v.attributes = { project: project, name: 'Progress' }
end).save!
add_work_package(v)
add_work_package(v, done_ratio: 20)
@@ -124,7 +124,7 @@ describe Version, type: :model do
it 'should progress should consider closed issues as completed' do
project = Project.find(1)
(v = Version.new.tap do |v|
v.force_attributes = { project: project, name: 'Progress' }
v.attributes = { project: project, name: 'Progress' }
end).save!
add_work_package(v)
add_work_package(v, done_ratio: 20)
@@ -136,7 +136,7 @@ describe Version, type: :model do
it 'should progress should consider estimated hours to weigth issues' do
project = Project.find(1)
(v = Version.new.tap do |v|
v.force_attributes = { project: project, name: 'Progress' }
v.attributes = { project: project, name: 'Progress' }
end).save!
add_work_package(v, estimated_hours: 10)
add_work_package(v, estimated_hours: 20, done_ratio: 30)
@@ -149,7 +149,7 @@ describe Version, type: :model do
it 'should progress should consider average estimated hours to weigth unestimated issues' do
project = Project.find(1)
(v = Version.new.tap do |v|
v.force_attributes = { project: project, name: 'Progress' }
v.attributes = { project: project, name: 'Progress' }
end).save!
add_work_package(v, done_ratio: 20)
add_work_package(v, status: Status.where(is_closed: true).first)
@@ -166,7 +166,7 @@ describe Version, type: :model do
@project.types << FactoryGirl.create(:type)
(@version = Version.new.tap do |v|
v.force_attributes = { project: @project, effective_date: nil, name: 'test' }
v.attributes = { project: @project, effective_date: nil, name: 'test' }
end).save!
end
@@ -213,7 +213,7 @@ describe Version, type: :model do
context '#estimated_hours' do
before do
(@version = Version.new.tap do |v|
v.force_attributes = { project_id: 1, name: '#estimated_hours' }
v.attributes = { project_id: 1, name: '#estimated_hours' }
end).save!
end
@@ -279,7 +279,7 @@ describe Version, type: :model do
def add_work_package(version, attributes = {})
(v = WorkPackage.new.tap do |v|
v.force_attributes = { project: version.project,
v.attributes = { project: version.project,
fixed_version: version,
subject: 'Test',
author: User.first,