From 972b04d86e77a700df2e36901f4d6e89482f7dc4 Mon Sep 17 00:00:00 2001 From: Mohamed Wael Khobalatte Date: Thu, 8 Oct 2015 16:57:14 +0100 Subject: [PATCH] Refactor to allow for strong params We no longer need attr_accessible. --- Gemfile | 1 - Gemfile.lock | 2 - app/controllers/account_controller.rb | 4 +- app/controllers/categories_controller.rb | 6 +- app/controllers/copy_projects_controller.rb | 18 ++-- app/controllers/messages_controller.rb | 14 +-- app/controllers/my_controller.rb | 4 +- app/controllers/news/comments_controller.rb | 2 +- app/controllers/news_controller.rb | 4 +- app/controllers/projects_controller.rb | 31 ++++--- app/controllers/sys_controller.rb | 2 +- app/controllers/timelines_controller.rb | 8 +- app/controllers/timelog_controller.rb | 16 ++-- app/controllers/users_controller.rb | 4 +- app/controllers/versions_controller.rb | 12 +-- app/controllers/watchers_controller.rb | 11 ++- app/models/attachment.rb | 2 - app/models/auth_source.rb | 1 - app/models/available_project_status.rb | 2 - app/models/board.rb | 4 - app/models/category.rb | 2 - app/models/change.rb | 2 - app/models/changeset.rb | 2 - app/models/comment.rb | 2 - app/models/custom_field.rb | 1 - app/models/enabled_module.rb | 2 - app/models/enumeration.rb | 2 - app/models/group.rb | 2 - app/models/journal.rb | 2 - app/models/legacy_journal.rb | 2 - app/models/member.rb | 6 +- app/models/member_role.rb | 2 - app/models/menu_item.rb | 2 - app/models/message.rb | 2 - app/models/news.rb | 2 - app/models/permitted_params.rb | 89 +++++++++++++++---- app/models/planning_element_type_color.rb | 2 - app/models/project.rb | 2 - app/models/project/copy.rb | 18 ++-- app/models/project_association.rb | 2 - app/models/project_type.rb | 2 - app/models/query.rb | 3 - app/models/relation.rb | 2 - app/models/reporting.rb | 3 - app/models/repository.rb | 2 - app/models/repository/git.rb | 1 - app/models/repository/subversion.rb | 1 - app/models/role.rb | 2 - app/models/status.rb | 1 - app/models/time_entry.rb | 2 - app/models/timeline.rb | 2 - app/models/token.rb | 2 - app/models/type.rb | 2 - app/models/user.rb | 9 +- app/models/user_preference.rb | 8 -- app/models/version.rb | 2 - app/models/watcher.rb | 2 - app/models/wiki.rb | 2 - app/models/wiki_content.rb | 4 - app/models/wiki_page.rb | 2 - app/models/work_package.rb | 7 +- app/models/workflow.rb | 2 - config/application.rb | 6 -- config/initializers/mass_assignment.rb | 35 -------- lib/open_project/concerns/preview.rb | 12 +-- .../lib/redmine/acts/journalized/creation.rb | 2 +- .../lib/redmine/acts/journalized/users.rb | 1 - .../lib/acts_as_watchable.rb | 1 - .../copy_projects_controller_spec.rb | 2 +- spec/models/available_project_status_spec.rb | 6 +- spec/models/project_association_spec.rb | 8 +- spec/models/reporting_spec.rb | 6 +- .../work_package_custom_fields_spec.rb | 2 +- .../work_package_planning_spec.rb | 20 ++--- spec/models/work_package_spec.rb | 6 +- .../functional/messages_controller_spec.rb | 2 +- .../project_enumerations_controller_spec.rb | 2 +- spec_legacy/unit/category_spec.rb | 6 +- spec_legacy/unit/group_spec.rb | 4 +- spec_legacy/unit/issue_nested_set_spec.rb | 12 +-- spec_legacy/unit/member_spec.rb | 10 +-- spec_legacy/unit/project_spec.rb | 2 +- spec_legacy/unit/user_spec.rb | 4 +- spec_legacy/unit/version_spec.rb | 28 +++--- 84 files changed, 227 insertions(+), 307 deletions(-) delete mode 100644 config/initializers/mass_assignment.rb diff --git a/Gemfile b/Gemfile index 0c4debfcd45..422fd8ca6d6 100644 --- a/Gemfile +++ b/Gemfile @@ -29,7 +29,6 @@ source 'https://rubygems.org' gem 'rails', '4.2.4' -gem 'protected_attributes' gem 'actionpack-action_caching' gem 'activerecord-session_store' gem 'rails-observers' diff --git a/Gemfile.lock b/Gemfile.lock index d3918abb28b..1cf21b16d3b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -333,8 +333,6 @@ GEM multi_json (~> 1.0) websocket-driver (>= 0.2.0) powerpack (0.1.1) - protected_attributes (1.0.9) - activemodel (>= 4.0.1, < 5.0) pry (0.9.12.6) coderay (~> 1.0) method_source (~> 0.8) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index b835c06b3cd..f039cf4cca0 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -85,7 +85,7 @@ class AccountController < ApplicationController return else if request.post? - user = User.find_by_mail(params[:mail]) + user = User.find_by(mail: params[:mail]) unless user # user not found in db @@ -98,7 +98,7 @@ class AccountController < ApplicationController end # create a new token for password recovery - token = Token.new(user: user, action: 'recovery') + token = Token.new(user_id: user.id, action: 'recovery') if token.save UserMailer.password_lost(token).deliver_now flash[:notice] = l(:notice_account_lost_email_sent) diff --git a/app/controllers/categories_controller.rb b/app/controllers/categories_controller.rb index 09bdceff6c8..6fb6cb27157 100644 --- a/app/controllers/categories_controller.rb +++ b/app/controllers/categories_controller.rb @@ -41,7 +41,7 @@ class CategoriesController < ApplicationController def create @category = @project.categories.build - @category.safe_attributes = params[:category] + @category.safe_attributes = permitted_params.category if @category.save respond_to do |format| @@ -66,11 +66,11 @@ class CategoriesController < ApplicationController end def edit - @category.safe_attributes = params[:category] + @category.safe_attributes = permitted_params.category end def update - @category.safe_attributes = params[:category] + @category.safe_attributes = permitted_params.category if @category.save flash[:notice] = l(:notice_successful_update) redirect_to controller: '/projects', action: 'settings', tab: 'categories', id: @project diff --git a/app/controllers/copy_projects_controller.rb b/app/controllers/copy_projects_controller.rb index 0aad8e6021f..37a780affc5 100644 --- a/app/controllers/copy_projects_controller.rb +++ b/app/controllers/copy_projects_controller.rb @@ -36,17 +36,17 @@ class CopyProjectsController < ApplicationController before_filter :prepare_for_copy_project, only: [:copy, :copy_project] def copy - target_project_name = params[:project][:name] + target_project_name = permitted_params.project[:name] @copy_project = Project.new - @copy_project.safe_attributes = params[:project] + @copy_project.safe_attributes = permitted_params.project if @copy_project.valid? - modules = params[:project][:enabled_module_names] || params[:enabled_modules] - copy_project_job = CopyProjectJob.new(user_id: User.current.id, - source_project_id: @project.id, - target_project_params: params[:project], - enabled_modules: modules, - associations_to_copy: params[:only], - send_mails: params[:notifications] == '1') + modules = permitted_params.project[:enabled_module_names] || params[:enabled_modules] + copy_project_job = CopyProjectJob.new(User.current.id, + @project.id, + permitted_params.project, + modules, + params[:only], + params[:notifications] == '1') Delayed::Job.enqueue copy_project_job flash[:notice] = I18n.t('copy_project.started', diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 02c7966f8cf..8edabd6a4ae 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -75,9 +75,9 @@ class MessagesController < ApplicationController m.board = @board end - @message.safe_attributes = params[:message] + @message.safe_attributes = permitted_params.message(@message) - @message.attach_files(params[:attachments]) + @message.attach_files(permitted_params.attachments) if @message.save call_hook(:controller_messages_new_after_save, params: params, message: @message) @@ -100,7 +100,7 @@ class MessagesController < ApplicationController @topic.children << @reply if !@reply.new_record? call_hook(:controller_messages_reply_after_save, params: params, message: @reply) - attachments = Attachment.attach_files(@reply, params[:attachments]) + attachments = Attachment.attach_files(@reply, permitted_params.attachments) render_attachment_warning_if_needed(@reply) end redirect_to topic_path(@topic, r: @reply) @@ -109,16 +109,16 @@ class MessagesController < ApplicationController # Edit a message def edit (render_403; return false) unless @message.editable_by?(User.current) - @message.safe_attributes = params[:message] + @message.safe_attributes = permitted_params.message(@message) end # Edit a message def update (render_403; return false) unless @message.editable_by?(User.current) - @message.safe_attributes = params[:message] + @message.safe_attributes = permitted_params.message(@message) - @message.attach_files(params[:attachments]) + @message.attach_files(permitted_params.attachments) if @message.save flash[:notice] = l(:notice_successful_update) @@ -156,7 +156,7 @@ class MessagesController < ApplicationController protected def parse_preview_data - if params[:message] + if params.has_key?(:message) parse_preview_data_helper :message, :content else parse_preview_data_helper :reply, :content, Message diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb index 1512f1b44b8..01dc9fe4d31 100644 --- a/app/controllers/my_controller.rb +++ b/app/controllers/my_controller.rb @@ -126,7 +126,7 @@ class MyController < ApplicationController @back_url = url_for(params[:back_url]) elsif request.post? || request.put? - User.current.pref.attributes = params[:pref] || {} + User.current.pref.attributes = permitted_params.pref || {} User.current.pref.save flash[:notice] = l(:notice_account_updated) @@ -254,7 +254,7 @@ class MyController < ApplicationController def write_settings(redirect_to:) if request.patch? @user.attributes = permitted_params.user - @user.pref.attributes = params[:pref] || {} + @user.pref.attributes = permitted_params.pref || {} @user.pref[:no_self_notified] = (params[:no_self_notified] == '1') if @user.save @user.pref.save diff --git a/app/controllers/news/comments_controller.rb b/app/controllers/news/comments_controller.rb index 06ea247c89e..68b23462767 100644 --- a/app/controllers/news/comments_controller.rb +++ b/app/controllers/news/comments_controller.rb @@ -34,7 +34,7 @@ class News::CommentsController < ApplicationController before_filter :authorize def create - @comment = Comment.new(params[:comment]) + @comment = Comment.new(permitted_params.comment) @comment.author = User.current if @news.comments << @comment flash[:notice] = l(:label_comment_added) diff --git a/app/controllers/news_controller.rb b/app/controllers/news_controller.rb index ed730975204..4894341f36f 100644 --- a/app/controllers/news_controller.rb +++ b/app/controllers/news_controller.rb @@ -71,7 +71,7 @@ class NewsController < ApplicationController def create @news = News.new(project: @project, author: User.current) - @news.safe_attributes = params[:news] + @news.safe_attributes = permitted_params.news if @news.save flash[:notice] = l(:notice_successful_create) redirect_to controller: '/news', action: 'index', project_id: @project @@ -84,7 +84,7 @@ class NewsController < ApplicationController end def update - @news.safe_attributes = params[:news] + @news.safe_attributes = permitted_params.news if @news.save flash[:notice] = l(:notice_successful_update) redirect_to action: 'show', id: @news diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 363dbe53f2a..43b1789c881 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -79,17 +79,17 @@ class ProjectsController < ApplicationController @types = ::Type.all @project = Project.new @project.parent = Project.find(params[:parent_id]) if params[:parent_id] - @project.safe_attributes = params[:project] + @project.safe_attributes = permitted_params.project if params[:project].present? end def create @issue_custom_fields = WorkPackageCustomField.order("#{CustomField.table_name}.position") @types = ::Type.all @project = Project.new - @project.safe_attributes = params[:project] + @project.safe_attributes = permitted_params.project if validate_parent_id && @project.save - @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id') + @project.set_allowed_parent!(permitted_params.project['parent_id']) if permitted_params.project.has_key?('parent_id') add_current_user_to_project_if_not_admin(@project) respond_to do |format| format.html do @@ -139,10 +139,10 @@ class ProjectsController < ApplicationController def update @altered_project = Project.find(@project.id) - @altered_project.safe_attributes = params[:project] + @altered_project.safe_attributes = permitted_params.project if validate_parent_id && @altered_project.save - if params[:project].has_key?('parent_id') - @altered_project.set_allowed_parent!(params[:project]['parent_id']) + if permitted_params.project.has_key?('parent_id') + @altered_project.set_allowed_parent!(permitted_params.project['parent_id']) end respond_to do |format| format.html do @@ -163,21 +163,24 @@ class ProjectsController < ApplicationController def types flash[:notice] = [] + project_params = {} - unless params.has_key? :project - params[:project] = { 'type_ids' => [::Type.standard_type.id] } + if params.has_key? :project + project_params = permitted_params.project + else + project_params = { 'type_ids' => [::Type.standard_type.id] } flash[:notice] << l(:notice_automatic_set_of_standard_type) end - params[:project].assert_valid_keys('type_ids') + project_params.assert_valid_keys('type_ids') - selected_type_ids = params[:project][:type_ids].map(&:to_i) + selected_type_ids = project_params['type_ids'].map(&:to_i) if types_missing?(selected_type_ids) flash.delete :notice flash[:error] = I18n.t(:error_types_in_use_by_work_packages, types: missing_types(selected_type_ids).map(&:name).join(', ')) - elsif @project.update_attributes(params[:project]) + elsif @project.update_attributes(project_params) flash[:notice] << l('notice_successful_update') else flash[:error] = l('timelines.cannot_update_planning_element_types') @@ -186,13 +189,13 @@ class ProjectsController < ApplicationController end def modules - @project.enabled_module_names = params[:project][:enabled_module_names] + @project.enabled_module_names = permitted_params.project[:enabled_module_names] flash[:notice] = l(:notice_successful_update) redirect_to action: 'settings', id: @project, tab: 'modules' end def custom_fields - @project.work_package_custom_field_ids = params[:project][:work_package_custom_field_ids] + @project.work_package_custom_field_ids = permitted_params.project[:work_package_custom_field_ids] if @project.save flash[:notice] = l(:notice_successful_update) else @@ -300,7 +303,7 @@ class ProjectsController < ApplicationController # TODO: move it to Project model in a validation that depends on User.current def validate_parent_id return true if User.current.admin? - parent_id = params[:project] && params[:project][:parent_id] + parent_id = permitted_params.project && permitted_params.project[:parent_id] if parent_id || @project.new_record? parent = parent_id.blank? ? nil : Project.find_by(id: parent_id.to_i) unless @project.allowed_parents.include?(parent) diff --git a/app/controllers/sys_controller.rb b/app/controllers/sys_controller.rb index 37d4e7270ce..36d81d488a5 100644 --- a/app/controllers/sys_controller.rb +++ b/app/controllers/sys_controller.rb @@ -114,7 +114,7 @@ class SysController < ActionController::Base def find_project @project = Project.find(params[:id]) rescue ActiveRecord::RecordNotFound - render text: "Could not find project ##{params[:id]}.", status: 404 + render plain: "Could not find project ##{params[:id]}.", status: 404 end def find_repository_with_storage diff --git a/app/controllers/timelines_controller.rb b/app/controllers/timelines_controller.rb index 997598148fe..1cc6aa60269 100644 --- a/app/controllers/timelines_controller.rb +++ b/app/controllers/timelines_controller.rb @@ -56,7 +56,7 @@ class TimelinesController < ApplicationController def create remove_blank_options - @timeline = @project.timelines.build(params[:timeline]) + @timeline = @project.timelines.build(permitted_params.timeline) if @timeline.save flash[:notice] = l(:notice_successful_create) @@ -73,7 +73,7 @@ class TimelinesController < ApplicationController def update @timeline = @project.timelines.find(params[:id]) - if @timeline.update_attributes(params[:timeline]) + if @timeline.update_attributes(permitted_params.timeline) flash[:notice] = l(:notice_successful_update) redirect_to project_timeline_path(@project, @timeline) else @@ -100,12 +100,12 @@ class TimelinesController < ApplicationController end def remove_blank_options - options = params[:timeline][:options] || {} + options = permitted_params.timeline[:options] || {} options.each do |k, v| options[k] = v.reject(&:blank?) if v.is_a? Array end - params[:timeline][:options] = options + permitted_params.timeline[:options] = options end end diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb index 8418ac17ce6..48075570758 100644 --- a/app/controllers/timelog_controller.rb +++ b/app/controllers/timelog_controller.rb @@ -129,7 +129,7 @@ class TimelogController < ApplicationController def new @time_entry ||= TimeEntry.new(project: @project, work_package: @issue, user: User.current, spent_on: User.current.today) - @time_entry.safe_attributes = params[:time_entry] + @time_entry.safe_attributes = permitted_params.time_entry call_hook(:controller_timelog_edit_before_save, params: params, time_entry: @time_entry) @@ -138,7 +138,7 @@ class TimelogController < ApplicationController def create @time_entry ||= TimeEntry.new(project: @project, work_package: @issue, user: User.current, spent_on: User.current.today) - @time_entry.safe_attributes = params[:time_entry] + @time_entry.safe_attributes = permitted_params.time_entry call_hook(:controller_timelog_edit_before_save, params: params, time_entry: @time_entry) @@ -159,13 +159,13 @@ class TimelogController < ApplicationController end def edit - @time_entry.safe_attributes = params[:time_entry] + @time_entry.safe_attributes = permitted_params.time_entry call_hook(:controller_timelog_edit_before_save, params: params, time_entry: @time_entry) end def update - @time_entry.safe_attributes = params[:time_entry] + @time_entry.safe_attributes = permitted_params.time_entry call_hook(:controller_timelog_edit_before_save, params: params, time_entry: @time_entry) @@ -246,8 +246,8 @@ class TimelogController < ApplicationController def project_id_from_params if params.has_key?(:project_id) project_id = params[:project_id] - elsif params.has_key?(:time_entry) && params[:time_entry].has_key?(:project_id) - project_id = params[:time_entry][:project_id] + elsif params.has_key?(:time_entry) && permitted_params.time_entry.has_key?(:project_id) + project_id = permitted_params.time_entry[:project_id] end end @@ -259,8 +259,8 @@ class TimelogController < ApplicationController def work_package_from_params if params.has_key?(:work_package_id) work_package_id = params[:work_package_id] - elsif params.has_key?(:time_entry) && params[:time_entry].has_key?(:work_package_id) - work_package_id = params[:time_entry][:work_package_id] + elsif params.has_key?(:time_entry) && permitted_params.time_entry.has_key?(:work_package_id) + work_package_id = permitted_params.time_entry[:work_package_id] end WorkPackage.find_by id: work_package_id diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 3039b7ba966..61d754f4b43 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -162,7 +162,7 @@ class UsersController < ApplicationController if @user.save # TODO: Similar to My#account - @user.pref.attributes = params[:pref] || {} + @user.pref.attributes = permitted_params.pref || {} @user.pref[:no_self_notified] = (params[:no_self_notified] == '1') @user.pref.save @@ -238,7 +238,7 @@ class UsersController < ApplicationController end def edit_membership - @membership = Member.edit_membership(params[:membership_id], params[:membership], @user) + @membership = Member.edit_membership(params[:membership_id], permitted_params.membership, @user) @membership.save if request.post? respond_to do |format| if @membership.valid? diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index 011c91fdfc5..f34ae1f8f63 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -67,8 +67,8 @@ class VersionsController < ApplicationController def new @version = @project.versions.build - if params[:version] - attributes = params[:version].dup + if permitted_params.version.present? + attributes = permitted_params.version.dup attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing']) @version.safe_attributes = attributes end @@ -77,8 +77,8 @@ class VersionsController < ApplicationController def create # TODO: refactor with code above in #new @version = @project.versions.build - if params[:version] - attributes = params[:version].dup + if permitted_params.version.present? + attributes = permitted_params.version.dup attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing']) @version.safe_attributes = attributes end @@ -109,8 +109,8 @@ class VersionsController < ApplicationController end def update - if request.patch? && params[:version] - attributes = params[:version].dup + if request.patch? && permitted_params.version.present? + attributes = permitted_params.version.dup attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing']) @version.safe_attributes = attributes if @version.save diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb index 3faef9c8bdb..1c5c813e974 100644 --- a/app/controllers/watchers_controller.rb +++ b/app/controllers/watchers_controller.rb @@ -81,13 +81,18 @@ class WatchersController < ApplicationController private def find_watched_by_object + # Necessary check, otherwise anything can be constantized. + return false unless Redmine::Search.available_search_types.include?(params[:object_type]) + klass = params[:object_type].singularize.camelcase.constantize + return false unless klass.respond_to?('watched_by') and klass.ancestors.include? Redmine::Acts::Watchable and params[:object_id].to_s =~ /\A\d+\z/ - @watched = klass.find(params[:object_id]) - rescue - render_404 + + unless @watched = klass.find(params[:object_id]) + render_404 + end end def find_watched_by_id diff --git a/app/models/attachment.rb b/app/models/attachment.rb index 6f7119adb25..669fc84a26d 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -36,8 +36,6 @@ class Attachment < ActiveRecord::Base belongs_to :author, class_name: 'User', foreign_key: 'author_id' - attr_protected :author_id - validates_presence_of :container, :author, :content_type, :filesize validates_length_of :description, maximum: 255 diff --git a/app/models/auth_source.rb b/app/models/auth_source.rb index cdaab434fa0..092a05af4f0 100644 --- a/app/models/auth_source.rb +++ b/app/models/auth_source.rb @@ -28,7 +28,6 @@ #++ class AuthSource < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection include Redmine::Ciphering has_many :users diff --git a/app/models/available_project_status.rb b/app/models/available_project_status.rb index 3aff67cd6c9..6193144cce3 100644 --- a/app/models/available_project_status.rb +++ b/app/models/available_project_status.rb @@ -35,7 +35,5 @@ class AvailableProjectStatus < ActiveRecord::Base belongs_to :reported_project_status, class_name: 'ReportedProjectStatus', foreign_key: 'reported_project_status_id' - attr_accessible :reported_project_status_id - validates_presence_of :reported_project_status, :project_type end diff --git a/app/models/board.rb b/app/models/board.rb index 51ed09e5b6e..9340b558756 100644 --- a/app/models/board.rb +++ b/app/models/board.rb @@ -28,8 +28,6 @@ #++ class Board < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection - belongs_to :project has_many :topics, -> { where("#{Message.table_name}.parent_id IS NULL") @@ -42,8 +40,6 @@ class Board < ActiveRecord::Base acts_as_list scope: :project_id acts_as_watchable - attr_protected :project_id - validates_presence_of :name, :description validates_length_of :name, maximum: 30 validates_length_of :description, maximum: 255 diff --git a/app/models/category.rb b/app/models/category.rb index b4fa581b5f8..d66f5987dda 100644 --- a/app/models/category.rb +++ b/app/models/category.rb @@ -33,8 +33,6 @@ class Category < ActiveRecord::Base belongs_to :assigned_to, class_name: 'Principal', foreign_key: 'assigned_to_id' has_many :work_packages, foreign_key: 'category_id', dependent: :nullify - attr_protected :project_id - validates_presence_of :name validates_uniqueness_of :name, scope: [:project_id] validates_length_of :name, maximum: 30 diff --git a/app/models/change.rb b/app/models/change.rb index ae5340086d2..985b5cabf48 100644 --- a/app/models/change.rb +++ b/app/models/change.rb @@ -35,8 +35,6 @@ class Change < ActiveRecord::Base delegate :repository_encoding, to: :changeset, allow_nil: true, prefix: true - attr_protected :changeset_id - def relative_path changeset.repository.relative_path(path) end diff --git a/app/models/changeset.rb b/app/models/changeset.rb index 560560bae25..b2d3c49e526 100644 --- a/app/models/changeset.rb +++ b/app/models/changeset.rb @@ -47,8 +47,6 @@ class Changeset < ActiveRecord::Base project_key: "#{Repository.table_name}.project_id", date_column: 'committed_on' - attr_protected :user_id - validates_presence_of :repository_id, :revision, :committed_on, :commit_date validates_uniqueness_of :revision, scope: :repository_id validates_uniqueness_of :scmid, scope: :repository_id, allow_nil: true diff --git a/app/models/comment.rb b/app/models/comment.rb index 498747c75f7..3d40876ef9a 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -31,8 +31,6 @@ class Comment < ActiveRecord::Base belongs_to :commented, polymorphic: true, counter_cache: true belongs_to :author, class_name: 'User', foreign_key: 'author_id' - attr_accessible :commented, :author, :comments - validates :commented, :author, :comments, presence: true def text diff --git a/app/models/custom_field.rb b/app/models/custom_field.rb index 818218227d4..91cb72fc352 100644 --- a/app/models/custom_field.rb +++ b/app/models/custom_field.rb @@ -28,7 +28,6 @@ #++ class CustomField < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection include CustomField::OrderStatements has_many :custom_values, dependent: :delete_all diff --git a/app/models/enabled_module.rb b/app/models/enabled_module.rb index f39888fddf1..1c7949f5b3e 100644 --- a/app/models/enabled_module.rb +++ b/app/models/enabled_module.rb @@ -30,8 +30,6 @@ class EnabledModule < ActiveRecord::Base belongs_to :project - attr_protected :project_id - validates_presence_of :name validates_uniqueness_of :name, scope: :project_id diff --git a/app/models/enumeration.rb b/app/models/enumeration.rb index 08499850817..667bf0218df 100644 --- a/app/models/enumeration.rb +++ b/app/models/enumeration.rb @@ -28,8 +28,6 @@ #++ class Enumeration < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection - default_scope { order("#{Enumeration.table_name}.position ASC") } belongs_to :project diff --git a/app/models/group.rb b/app/models/group.rb index 92067bed714..a2efc58e253 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -28,8 +28,6 @@ #++ class Group < Principal - include ActiveModel::ForbiddenAttributesProtection - has_and_belongs_to_many :users, join_table: "#{table_name_prefix}group_users#{table_name_suffix}", after_add: :user_added, diff --git a/app/models/journal.rb b/app/models/journal.rb index 4f42e70b666..597b90f9656 100644 --- a/app/models/journal.rb +++ b/app/models/journal.rb @@ -38,8 +38,6 @@ class Journal < ActiveRecord::Base register_journal_formatter :attachment, OpenProject::JournalFormatter::Attachment register_journal_formatter :custom_field, OpenProject::JournalFormatter::CustomField - attr_accessible :journable_type, :journable_id, :activity_type, :version, :notes, :user_id - # Make sure each journaled model instance only has unique version ids validates_uniqueness_of :version, scope: [:journable_id, :journable_type] diff --git a/app/models/legacy_journal.rb b/app/models/legacy_journal.rb index b192856108c..869a4771453 100644 --- a/app/models/legacy_journal.rb +++ b/app/models/legacy_journal.rb @@ -50,8 +50,6 @@ class LegacyJournal < ActiveRecord::Base belongs_to :journaled, class_name: 'Journal' belongs_to :user - # attr_protected :user_id - register_journal_formatter :diff, OpenProject::JournalFormatter::Diff register_journal_formatter :attachment, OpenProject::JournalFormatter::Attachment register_journal_formatter :custom_field, OpenProject::JournalFormatter::CustomField diff --git a/app/models/member.rb b/app/models/member.rb index f0ef8734894..5f74929055e 100644 --- a/app/models/member.rb +++ b/app/models/member.rb @@ -28,8 +28,6 @@ #++ class Member < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection - belongs_to :user belongs_to :principal, foreign_key: 'user_id' has_many :member_roles, dependent: :destroy, autosave: true @@ -127,9 +125,7 @@ class Member < ActiveRecord::Base # Find or initialize a Member with an id, attributes, and for a Principal def self.edit_membership(id, new_attributes, principal = nil) @membership = id.present? ? Member.find(id) : Member.new(principal: principal) - # interface refactoring needed - # not critical atm because only admins can invoke it (see users and groups controllers) - @membership.force_attributes = new_attributes + @membership.attributes = new_attributes @membership end diff --git a/app/models/member_role.rb b/app/models/member_role.rb index f684052808d..b90e7f75f15 100644 --- a/app/models/member_role.rb +++ b/app/models/member_role.rb @@ -34,8 +34,6 @@ class MemberRole < ActiveRecord::Base after_create :add_role_to_group_users after_destroy :remove_role_from_group_users - attr_protected :member_id, :role_id - validates_presence_of :role validate :validate_project_member_role diff --git a/app/models/menu_item.rb b/app/models/menu_item.rb index 49cc8b9c796..11fed299d74 100644 --- a/app/models/menu_item.rb +++ b/app/models/menu_item.rb @@ -28,8 +28,6 @@ #++ class MenuItem < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection - belongs_to :parent, class_name: 'MenuItem' has_many :children, -> { order('id ASC') diff --git a/app/models/message.rb b/app/models/message.rb index ed6f0688bbd..32174bcfdab 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -61,8 +61,6 @@ class Message < ActiveRecord::Base acts_as_watchable - attr_protected :author_id - validates_presence_of :board, :subject, :content validates_length_of :subject, maximum: 255 diff --git a/app/models/news.rb b/app/models/news.rb index b98f340257d..ea78c05bc32 100644 --- a/app/models/news.rb +++ b/app/models/news.rb @@ -35,8 +35,6 @@ class News < ActiveRecord::Base order('created_on') }, as: :commented, dependent: :delete_all - attr_protected :project_id, :author_id - validates_presence_of :title, :description validates_length_of :title, maximum: 60 validates_length_of :summary, maximum: 255 diff --git a/app/models/permitted_params.rb b/app/models/permitted_params.rb index 370181edcc3..c401191d3d2 100644 --- a/app/models/permitted_params.rb +++ b/app/models/permitted_params.rb @@ -31,12 +31,6 @@ class PermittedParams # This class intends to provide a method for all params hashes coming from the # client and that are used for mass assignment. # - # As such, please make it a deliberate decision to whitelist attributes. - # - # This implementation depends on the strong_parameters gem. For further - # information see here: https://github.com/rails/strong_parameters - # - # # A method should look like the following: # # def name_of_the_params_key_referenced @@ -46,18 +40,8 @@ class PermittedParams # # A controller could use a permitted_params method like this # - # model_instance.attributes = permitted_params.name_of_the_params_key_referenced + # model_instance.METHOD_USING_ASSIGMENT = permitted_params.name_of_the_params_key_referenced # - # instead of doing something like this which will not work anymore once the - # model is protected: - # - # model_instance.attributes = params[:name_of_the_params_key_referenced] - # - # - # A model will need the following module included in order to be protected by - # strong_params - # - # include ActiveModel::ForbiddenAttributesProtection attr_reader :params, :current_user def initialize(params, current_user) @@ -268,6 +252,77 @@ class PermittedParams params.require(:content).permit(*self.class.permitted_attributes[:wiki_content]) end + def timeline + params.require(:timeline).permit(:name, :options) + end + + def pref + params.require(:pref).permit(:hide_mail, :time_zone, :impaired, + :comments_sorting, :warn_on_leaving_unsaved, + :theme) + end + + def membership + params.require(:membership).permit(:project_id, role_ids: []) + end + + def project + params.require(:project).permit(:name, + :description, + :is_public, + :identifier, + :project_type_id, + custom_field_values: {}, + custom_fields: [], + work_package_custom_field_ids: [], + type_ids: [], + enabled_module_names: []) + end + + def time_entry + params.require(:time_entry).permit(:hours, :comments, :work_package_id, + :activity_id, :spent_on, custom_field_values: []) + end + + def news + params.require(:news).permit(:title, :summary, :description) + end + + def category + params.require(:category).permit(:name, :assigned_to_id) + end + + def version + params.require(:version).permit(:name, + :description, + :effective_date, + :due_date, + :start_date, + :wiki_page_title, + :status, + :sharing, + :custom_field_value) + end + + def comment + params.require(:comment).permit(:commented, :author, :comments) + end + + # `params.fetch` and not `require` because the update controller action associated + # with this is doing multiple things, therefore not requiring a message hash + # all the time. + def message(instance = nil) + if instance && current_user.allowed_to?(:edit_messages, instance.project) + params.fetch(:message, {}).permit(:subject, :content, :board_id, :locked, :sticky) + else + params.fetch(:message, {}).permit(:subject, :content, :board_id) + end + end + + def attachments + params.permit(attachments: [:file, :description])['attachments'] + end + protected def custom_field_values(key) diff --git a/app/models/planning_element_type_color.rb b/app/models/planning_element_type_color.rb index c68e3d11482..d962d539050 100644 --- a/app/models/planning_element_type_color.rb +++ b/app/models/planning_element_type_color.rb @@ -37,8 +37,6 @@ class PlanningElementTypeColor < ActiveRecord::Base foreign_key: 'color_id', dependent: :nullify - include ActiveModel::ForbiddenAttributesProtection - before_validation :normalize_hexcode validates_presence_of :name, :hexcode diff --git a/app/models/project.rb b/app/models/project.rb index 9b2f5b2ab8e..acc7181fed8 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -130,8 +130,6 @@ class Project < ActiveRecord::Base author: nil, datetime: :created_on - attr_protected :status - validates_presence_of :name, :identifier # TODO: we temporarily disable this validation because it leads to failed tests # it implicitly assumes a db:seed-created standard type to be present and currently diff --git a/app/models/project/copy.rb b/app/models/project/copy.rb index e28e8848c15..4961f461627 100644 --- a/app/models/project/copy.rb +++ b/app/models/project/copy.rb @@ -97,7 +97,7 @@ module Project::Copy wiki_menu_items_map = {} project.wiki.wiki_menu_items.each do |item| new_item = MenuItems::WikiMenuItem.new - new_item.force_attributes = item.attributes.dup.except('id', 'wiki_id', 'parent_id') + new_item.attributes = item.attributes.dup.except('id', 'wiki_id', 'parent_id') new_item.wiki = wiki (wiki_menu_items_map[item.id] = new_item.reload) if new_item.save end @@ -122,7 +122,7 @@ module Project::Copy def copy_categories(project) project.categories.each do |category| new_category = Category.new - new_category.send(:assign_attributes, category.attributes.dup.except('id', 'project_id'), without_protection: true) + new_category.send(:assign_attributes, category.attributes.dup.except('id', 'project_id')) categories << new_category end end @@ -182,7 +182,7 @@ module Project::Copy # Relations issue.relations_from.each do |source_relation| new_relation = Relation.new - new_relation.force_attributes = source_relation.attributes.dup.except('id', 'from_id', 'to_id') + new_relation.attributes = source_relation.attributes.dup.except('id', 'from_id', 'to_id') new_relation.to = work_packages_map[source_relation.to_id] if new_relation.to.nil? && Setting.cross_project_work_package_relations? new_relation.to = source_relation.to @@ -193,7 +193,7 @@ module Project::Copy issue.relations_to.each do |source_relation| new_relation = Relation.new - new_relation.force_attributes = source_relation.attributes.dup.except('id', 'from_id', 'to_id') + new_relation.attributes = source_relation.attributes.dup.except('id', 'from_id', 'to_id') new_relation.from = work_packages_map[source_relation.from_id] if new_relation.from.nil? && Setting.cross_project_work_package_relations? new_relation.from = source_relation.from @@ -212,7 +212,7 @@ module Project::Copy members_to_copy += project.memberships.select { |m| !m.principal.is_a?(User) } members_to_copy.each do |member| new_member = Member.new - new_member.send(:assign_attributes, member.attributes.dup.except('id', 'project_id', 'created_on'), without_protection: true) + new_member.send(:assign_attributes, member.attributes.dup.except('id', 'project_id', 'created_on')) # only copy non inherited roles # inherited roles will be added when copying the group membership role_ids = member.member_roles.reject(&:inherited?).map(&:role_id) @@ -265,7 +265,7 @@ module Project::Copy [:project_a, :project_b].each do |association_type| project.send(:"#{association_type}_associations").each do |association| new_association = ProjectAssociation.new - new_association.force_attributes = association.attributes.dup.except('id', "#{association_type}_id") + new_association.attributes = association.attributes.dup.except('id', "#{association_type}_id") new_association.send(:"#{association_type}=", self) new_association.save end @@ -276,7 +276,7 @@ module Project::Copy def copy_timelines(project) project.timelines.each do |timeline| copied_timeline = Timeline.new - copied_timeline.force_attributes = timeline.attributes.dup.except('id', 'project_id', 'options') + copied_timeline.attributes = timeline.attributes.dup.except('id', 'project_id', 'options') copied_timeline.options = timeline.options if timeline.options.present? copied_timeline.project = self copied_timeline.save @@ -287,13 +287,13 @@ module Project::Copy def copy_reportings(project) project.reportings_via_source.each do |reporting| copied_reporting = Reporting.new - copied_reporting.force_attributes = reporting.attributes.dup.except('id', 'project_id') + copied_reporting.attributes = reporting.attributes.dup.except('id', 'project_id') copied_reporting.project = self copied_reporting.save end project.reportings_via_target.each do |reporting| copied_reporting = Reporting.new - copied_reporting.force_attributes = reporting.attributes.dup.except('id', 'reporting_to_project') + copied_reporting.attributes = reporting.attributes.dup.except('id', 'reporting_to_project') copied_reporting.reporting_to_project = self copied_reporting.save end diff --git a/app/models/project_association.rb b/app/models/project_association.rb index 9333f189af4..45ed53756cc 100644 --- a/app/models/project_association.rb +++ b/app/models/project_association.rb @@ -37,8 +37,6 @@ class ProjectAssociation < ActiveRecord::Base validates_presence_of :project_a, :project_b - attr_accessible :description - validate :validate, :validate_projects_not_identical diff --git a/app/models/project_type.rb b/app/models/project_type.rb index a948199065b..5b667954d26 100644 --- a/app/models/project_type.rb +++ b/app/models/project_type.rb @@ -44,8 +44,6 @@ class ProjectType < ActiveRecord::Base validate: false has_many :reported_project_statuses, through: :available_project_statuses - include ActiveModel::ForbiddenAttributesProtection - validates_presence_of :name validates_inclusion_of :allows_association, in: [true, false] diff --git a/app/models/query.rb b/app/models/query.rb index 30e8002114d..4c2e6a79351 100644 --- a/app/models/query.rb +++ b/app/models/query.rb @@ -28,7 +28,6 @@ #++ class Query < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection include Queries::WorkPackages::AvailableFilterOptions # referenced in plugin patches - currently there are only work package queries and filters @@ -45,8 +44,6 @@ class Query < ActiveRecord::Base serialize :column_names serialize :sort_criteria, Array - attr_protected :project_id # , :user_id - validates :name, presence: true validates_length_of :name, maximum: 255 diff --git a/app/models/relation.rb b/app/models/relation.rb index f8ccfbb2d1b..d728a080297 100644 --- a/app/models/relation.rb +++ b/app/models/relation.rb @@ -59,8 +59,6 @@ class Relation < ActiveRecord::Base before_save :update_schedule - attr_protected :from_id, :to_id - def validate_sanity_of_relation if from && to errors.add :to_id, :invalid if from_id == to_id diff --git a/app/models/reporting.rb b/app/models/reporting.rb index 5b25623c3e5..e63eb331ac2 100644 --- a/app/models/reporting.rb +++ b/app/models/reporting.rb @@ -37,9 +37,6 @@ class Reporting < ActiveRecord::Base belongs_to :reported_project_status, class_name: 'ReportedProjectStatus', foreign_key: 'reported_project_status_id' - attr_accessible :reported_project_status_comment, - :reported_project_status_id - validates_presence_of :project, :reporting_to_project validates_uniqueness_of :reporting_to_project_id, scope: :project_id diff --git a/app/models/repository.rb b/app/models/repository.rb index fd5afa65739..7cd01e49709 100644 --- a/app/models/repository.rb +++ b/app/models/repository.rb @@ -46,8 +46,6 @@ class Repository < ActiveRecord::Base # has_many :changesets, :dependent => :destroy is too slow for big repositories before_destroy :clear_changesets - attr_protected :project_id - validates_length_of :password, maximum: 255, allow_nil: true validate :validate_enabled_scm, on: :create diff --git a/app/models/repository/git.rb b/app/models/repository/git.rb index 41ce366e5ec..1a569f96925 100644 --- a/app/models/repository/git.rb +++ b/app/models/repository/git.rb @@ -30,7 +30,6 @@ require 'open_project/scm/adapters/git' class Repository::Git < Repository - attr_protected :root_url validates_presence_of :url def self.scm_adapter_class diff --git a/app/models/repository/subversion.rb b/app/models/repository/subversion.rb index e51328abd09..038a5c7124b 100644 --- a/app/models/repository/subversion.rb +++ b/app/models/repository/subversion.rb @@ -30,7 +30,6 @@ require 'open_project/scm/adapters/subversion' class Repository::Subversion < Repository - attr_protected :root_url validates_presence_of :url validates_format_of :url, with: /\A(http|https|svn(\+[^\s:\/\\]+)?|file):\/\/.+\z/i diff --git a/app/models/role.rb b/app/models/role.rb index 84944b9c9f1..0f9bf06b2ce 100644 --- a/app/models/role.rb +++ b/app/models/role.rb @@ -28,7 +28,6 @@ #++ class Role < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection extend Pagination::Model # Built-in roles @@ -56,7 +55,6 @@ class Role < ActiveRecord::Base acts_as_list serialize :permissions, Array - attr_protected :builtin validates_presence_of :name validates_uniqueness_of :name diff --git a/app/models/status.rb b/app/models/status.rb index 23f81e33838..fce7345988d 100644 --- a/app/models/status.rb +++ b/app/models/status.rb @@ -28,7 +28,6 @@ #++ class Status < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection extend Pagination::Model default_scope { order('position ASC') } diff --git a/app/models/time_entry.rb b/app/models/time_entry.rb index c9a1c1055e4..e3d4fc0a3ea 100644 --- a/app/models/time_entry.rb +++ b/app/models/time_entry.rb @@ -36,8 +36,6 @@ class TimeEntry < ActiveRecord::Base belongs_to :user belongs_to :activity, class_name: 'TimeEntryActivity', foreign_key: 'activity_id' - attr_protected :project_id, :user_id, :tyear, :tmonth, :tweek - acts_as_customizable acts_as_journalized diff --git a/app/models/timeline.rb b/app/models/timeline.rb index 679edf8f4c4..f863bef5665 100644 --- a/app/models/timeline.rb +++ b/app/models/timeline.rb @@ -53,8 +53,6 @@ class Timeline < ActiveRecord::Base validate :validate_option_dates validate :validate_option_numeric - attr_accessible :name, :options - before_save :remove_empty_options_values before_save :split_joined_options_values diff --git a/app/models/token.rb b/app/models/token.rb index 75e04182920..f341f918a41 100644 --- a/app/models/token.rb +++ b/app/models/token.rb @@ -31,8 +31,6 @@ class Token < ActiveRecord::Base belongs_to :user validates_uniqueness_of :value - # attr_protected :user_id - before_create :delete_previous_tokens before_create :assign_generated_token diff --git a/app/models/type.rb b/app/models/type.rb index 6fb7f0b6720..28788a79d16 100644 --- a/app/models/type.rb +++ b/app/models/type.rb @@ -30,8 +30,6 @@ class ::Type < ActiveRecord::Base extend Pagination::Model - include ActiveModel::ForbiddenAttributesProtection - before_destroy :check_integrity has_many :work_packages diff --git a/app/models/user.rb b/app/models/user.rb index 47304e9b064..ff8e710d856 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -30,7 +30,6 @@ require 'digest/sha1' class User < Principal - include ActiveModel::ForbiddenAttributesProtection include User::Authorization USER_FORMATS_STRUCTURE = { @@ -46,9 +45,9 @@ class User < Principal end USER_FORMATS = { - firstname_lastname: User.user_format_structure_to_format(:firstname_lastname, ' '), + firstname_lastname: User.user_format_structure_to_format(:firstname_lastname), firstname: User.user_format_structure_to_format(:firstname), - lastname_firstname: User.user_format_structure_to_format(:lastname_firstname, ' '), + lastname_firstname: User.user_format_structure_to_format(:lastname_firstname), lastname_coma_firstname: User.user_format_structure_to_format(:lastname_coma_firstname, ', '), username: User.user_format_structure_to_format(:username) } @@ -298,9 +297,9 @@ class User < Principal # Return user's full name for display def name(formatter = nil) if formatter - eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"') + eval ('"' + (User::USER_FORMATS[formatter] || User::USER_FORMATS[:firstname_lastname]) + '"') else - @name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"') + @name ||= eval ('"' + (User::USER_FORMATS[Setting.user_format] || User::USER_FORMATS[:firstname_lastname]) + '"') end end diff --git a/app/models/user_preference.rb b/app/models/user_preference.rb index 7612ff6be04..22a72d962ea 100644 --- a/app/models/user_preference.rb +++ b/app/models/user_preference.rb @@ -35,14 +35,6 @@ class UserPreference < ActiveRecord::Base validate :time_zone_correctness, if: -> { time_zone.present? } validate :theme_correctness, if: -> { theme.present? } - attr_accessible :user - - # attributes that have their own column - attr_accessible :hide_mail, :time_zone, :impaired - - # shortcut methods to others hash - attr_accessible :comments_sorting, :warn_on_leaving_unsaved, :theme - after_initialize :init_other_preferences def [](attr_name) diff --git a/app/models/version.rb b/app/models/version.rb index 9ed5febebcb..7cc3ec8179d 100644 --- a/app/models/version.rb +++ b/app/models/version.rb @@ -41,8 +41,6 @@ class Version < ActiveRecord::Base VERSION_STATUSES = %w(open locked closed) VERSION_SHARINGS = %w(none descendants hierarchy tree system) - attr_protected :project_id - validates_presence_of :name validates_uniqueness_of :name, scope: [:project_id] validates_length_of :name, maximum: 60 diff --git a/app/models/watcher.rb b/app/models/watcher.rb index a93e10e2fe1..eb5612c699c 100644 --- a/app/models/watcher.rb +++ b/app/models/watcher.rb @@ -33,8 +33,6 @@ class Watcher < ActiveRecord::Base belongs_to :watchable, polymorphic: true belongs_to :user - attr_accessible :watchable, :user, :user_id - validates_presence_of :watchable, :user validates_uniqueness_of :user_id, scope: [:watchable_type, :watchable_id] diff --git a/app/models/wiki.rb b/app/models/wiki.rb index baab8821867..63d0f69a386 100644 --- a/app/models/wiki.rb +++ b/app/models/wiki.rb @@ -46,8 +46,6 @@ class Wiki < ActiveRecord::Base safe_attributes 'wiki_menu_items_attributes' - attr_protected :project_id - validates_presence_of :start_page validates_format_of :start_page, with: /\A[^,\.\/\?\;\|\:]*\z/ diff --git a/app/models/wiki_content.rb b/app/models/wiki_content.rb index a566694f4eb..eb6e834f97c 100644 --- a/app/models/wiki_content.rb +++ b/app/models/wiki_content.rb @@ -30,8 +30,6 @@ require 'zlib' class WikiContent < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection - belongs_to :page, class_name: 'WikiPage', foreign_key: 'page_id' belongs_to :author, class_name: 'User', foreign_key: 'author_id' validates_presence_of :text @@ -39,8 +37,6 @@ class WikiContent < ActiveRecord::Base attr_accessor :comments - # attr_protected :author_id - before_save :comments_to_journal_notes acts_as_journalized diff --git a/app/models/wiki_page.rb b/app/models/wiki_page.rb index 5dc9ba879dd..c5e60caf3e3 100644 --- a/app/models/wiki_page.rb +++ b/app/models/wiki_page.rb @@ -31,8 +31,6 @@ require 'diff' require 'enumerator' class WikiPage < ActiveRecord::Base - include ActiveModel::ForbiddenAttributesProtection - belongs_to :wiki has_one :content, class_name: 'WikiContent', foreign_key: 'page_id', dependent: :destroy acts_as_attachable delete_permission: :delete_wiki_pages_attachments diff --git a/app/models/work_package.rb b/app/models/work_package.rb index 28aa084d7f2..98aade2ff8d 100644 --- a/app/models/work_package.rb +++ b/app/models/work_package.rb @@ -65,9 +65,6 @@ class WorkPackage < ActiveRecord::Base order("#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC") } - # >>> issues.rb >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - attr_protected :project_id, :author_id, :lft, :rgt - # <<< issues.rb <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< scope :recently_updated, ->() { # Specified as a String due to https://github.com/rails/rails/issues/15405 @@ -290,8 +287,8 @@ class WorkPackage < ActiveRecord::Base work_package = arg.is_a?(WorkPackage) ? arg : WorkPackage.visible.find(arg) - # attributes don't come from form, so it's save to force assign - self.force_attributes = work_package.attributes.dup.except(*merged_options[:exclude]) + # attributes don't come from form, so it's safe to force assign + self.attributes = work_package.attributes.dup.except(*merged_options[:exclude]) self.parent_id = work_package.parent_id if work_package.parent_id self.custom_field_values = work_package.custom_field_values.inject({}) do |h, v| diff --git a/app/models/workflow.rb b/app/models/workflow.rb index 48eab3c27dd..83ed8173ff6 100644 --- a/app/models/workflow.rb +++ b/app/models/workflow.rb @@ -32,8 +32,6 @@ class Workflow < ActiveRecord::Base belongs_to :old_status, class_name: 'Status', foreign_key: 'old_status_id' belongs_to :new_status, class_name: 'Status', foreign_key: 'new_status_id' - # attr_protected :role_id - validates_presence_of :role, :old_status, :new_status # Returns workflow transitions count by type and role diff --git a/config/application.rb b/config/application.rb index 3c17e91c80f..8b5176cc575 100644 --- a/config/application.rb +++ b/config/application.rb @@ -141,12 +141,6 @@ module OpenProject instance_eval File.read(File.join(File.dirname(__FILE__), 'additional_environment.rb')) end - # Enforce whitelist mode for mass assignment. - # This will create an empty whitelist of attributes available for mass-assignment for all models - # in your app. As such, your models will need to explicitly whitelist or blacklist accessible - # parameters by using an attr_accessible or attr_protected declaration. - config.active_record.whitelist_attributes = false - # Do not swallow errors in after_commit/after_rollback callbacks. config.active_record.raise_in_transactional_callbacks = true diff --git a/config/initializers/mass_assignment.rb b/config/initializers/mass_assignment.rb deleted file mode 100644 index b62e452706e..00000000000 --- a/config/initializers/mass_assignment.rb +++ /dev/null @@ -1,35 +0,0 @@ -#-- encoding: UTF-8 -#-- copyright -# OpenProject is a project management system. -# Copyright (C) 2012-2015 the OpenProject Foundation (OPF) -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License version 3. -# -# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: -# Copyright (C) 2006-2013 Jean-Philippe Lang -# Copyright (C) 2010-2013 the ChiliProject Team -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# See doc/COPYRIGHT.rdoc for more details. -#++ - -class ActiveRecord::Base - # call this to force mass assignment even of protected attributes - def force_attributes=(new_attributes) - send(:assign_attributes, new_attributes, without_protection: true) - end -end diff --git a/lib/open_project/concerns/preview.rb b/lib/open_project/concerns/preview.rb index 3729412fbd9..98c81d9193c 100644 --- a/lib/open_project/concerns/preview.rb +++ b/lib/open_project/concerns/preview.rb @@ -31,13 +31,13 @@ # This concern provides a general implementation of preview functionality # # found in different controllers. # # # -# Nevertheless, this concern expects the controller to implement the function # +# This concern expects the controller to implement the function # # #parse_preview_data. #parse_preview_data must return a list of (wiki) texts, # # attachments required to render the texts, and the object. Attachments and # -# object may be nil. # +# object can be nil. # # # -# You may use #parse_preview_data_helper to implement #parse_preview_data. # -# Then, a minimal implementation of #parse_preview_data may looks as follows: # +# You can use #parse_preview_data_helper to implement #parse_preview_data. # +# Then, a minimal implementation of #parse_preview_data is as follows: # # # # def parse_preview_data # # parse_preview_data_helper :work_packages, [:description, :notes] # @@ -45,12 +45,12 @@ # # # The first parameter 'param_name' specifies the key in the params object that # # contains the values. The second parameter 'attributes' specifies the value # -# keys. Optionally, if 'param_name' is not equivalent to a class name, you # +# keys. If 'param_name' is not equivalent to a class name, you # # can pass the objects class as third parameter. # # # # For object identification #parse_preview_data_helper uses the params # # object's 'id' key, if available. If 'id' needs some preprocessing or is not # -# the id to the object instance, you may override #parse_preview_id to provide # +# the id to the object instance, you can override #parse_preview_id to provide # # a different id. # ################################################################################ module OpenProject::Concerns::Preview diff --git a/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/creation.rb b/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/creation.rb index f5c41f49187..9a3c872c6b6 100644 --- a/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/creation.rb +++ b/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/creation.rb @@ -129,7 +129,7 @@ module Redmine::Acts::Journalized attributes_setter = ActiveRecord::Base.instance_method(:assign_attributes) attributes_setter = attributes_setter.bind(fill_object) - attributes_setter.call(initial_changes, without_protection: true) + attributes_setter.call(initial_changes) # Call the journal creating method changed_data = fill_object.send(:merge_journal_changes) diff --git a/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/users.rb b/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/users.rb index 93d5ce0bc90..5bff886bef8 100644 --- a/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/users.rb +++ b/lib/plugins/acts_as_journalized/lib/redmine/acts/journalized/users.rb @@ -97,7 +97,6 @@ module Redmine::Acts::Journalized def self.included(base) # :nodoc: base.class_eval do belongs_to :user - # attr_protected :user_id alias_method_chain :user=, :name end end diff --git a/lib/plugins/acts_as_watchable/lib/acts_as_watchable.rb b/lib/plugins/acts_as_watchable/lib/acts_as_watchable.rb index ff211bd81ee..00c0ed628a5 100644 --- a/lib/plugins/acts_as_watchable/lib/acts_as_watchable.rb +++ b/lib/plugins/acts_as_watchable/lib/acts_as_watchable.rb @@ -61,7 +61,6 @@ module Redmine includes(:watchers) .where(watchers: { user_id: user_id }) } - attr_protected :watcher_ids, :watcher_user_ids if accessible_attributes.nil? end send :include, Redmine::Acts::Watchable::InstanceMethods alias_method_chain :watcher_user_ids=, :uniq_ids diff --git a/spec/controllers/copy_projects_controller_spec.rb b/spec/controllers/copy_projects_controller_spec.rb index df5b2dca9c0..024772b7520 100644 --- a/spec/controllers/copy_projects_controller_spec.rb +++ b/spec/controllers/copy_projects_controller_spec.rb @@ -111,7 +111,7 @@ describe CopyProjectsController, type: :controller do it { expect(Project.count).to eq(2) } - it 'copied project should have enabled modules specified in params' do + it 'copied project enables modules specified in params' do expect(Project.order(:id).last.enabled_modules.map(&:name)).to match_array(['work_package_tracking', 'boards']) end diff --git a/spec/models/available_project_status_spec.rb b/spec/models/available_project_status_spec.rb index c02ce5b4f84..9ee3df7876c 100644 --- a/spec/models/available_project_status_spec.rb +++ b/spec/models/available_project_status_spec.rb @@ -66,12 +66,12 @@ describe AvailableProjectStatus, type: :model do FactoryGirl.create(:reported_project_status, id: 2) } - it { expect(AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes, without_protection: true) }).to be_valid } + it { expect(AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes) }).to be_valid } describe 'project_type' do it 'is invalid w/o a project_type' do attributes[:project_type_id] = nil - available_project_status = AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes, without_protection: true) } + available_project_status = AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes) } expect(available_project_status).not_to be_valid @@ -83,7 +83,7 @@ describe AvailableProjectStatus, type: :model do describe 'reported_project_status' do it 'is invalid w/o a reported_project_status' do attributes[:reported_project_status_id] = nil - available_project_status = AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes, without_protection: true) } + available_project_status = AvailableProjectStatus.new.tap { |ps| ps.send(:assign_attributes, attributes) } expect(available_project_status).not_to be_valid diff --git a/spec/models/project_association_spec.rb b/spec/models/project_association_spec.rb index 87d407d7f86..d1a1203e4e0 100644 --- a/spec/models/project_association_spec.rb +++ b/spec/models/project_association_spec.rb @@ -78,13 +78,13 @@ describe ProjectAssociation, type: :model do FactoryGirl.create(:project, id: 2) } - it { expect(ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes, without_protection: true) }).to be_valid } + it { expect(ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes) }).to be_valid } it 'should be invalid for a self referential association' do attributes[:project_b_id] = attributes[:project_a_id] project_association = ProjectAssociation.new do |a| - a.send(:assign_attributes, attributes, without_protection: true) + a.send(:assign_attributes, attributes) end expect(project_association).not_to be_valid @@ -98,7 +98,7 @@ describe ProjectAssociation, type: :model do describe 'project_a' do it 'is invalid w/o a project_a' do attributes[:project_a_id] = nil - project_association = ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes, without_protection: true) } + project_association = ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes) } expect(project_association).not_to be_valid @@ -109,7 +109,7 @@ describe ProjectAssociation, type: :model do describe 'project_b' do it 'is invalid w/o a project_b' do attributes[:project_b_id] = nil - project_association = ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes, without_protection: true) } + project_association = ProjectAssociation.new.tap { |a| a.send(:assign_attributes, attributes) } expect(project_association).not_to be_valid diff --git a/spec/models/reporting_spec.rb b/spec/models/reporting_spec.rb index a377e4e5cd7..96c85368ad3 100644 --- a/spec/models/reporting_spec.rb +++ b/spec/models/reporting_spec.rb @@ -74,13 +74,13 @@ describe Reporting, type: :model do FactoryGirl.create(:project, id: 2) } - it { expect(Reporting.new.tap { |r| r.send(:assign_attributes, attributes, without_protection: true) }).to be_valid } + it { expect(Reporting.new.tap { |r| r.send(:assign_attributes, attributes) }).to be_valid } describe 'project' do it 'is invalid w/o a project' do attributes[:project_id] = nil reporting = Reporting.new - reporting.send(:assign_attributes, attributes, without_protection: true) + reporting.send(:assign_attributes, attributes) expect(reporting).not_to be_valid @@ -93,7 +93,7 @@ describe Reporting, type: :model do it 'is invalid w/o a reporting_to_project' do attributes[:reporting_to_project_id] = nil reporting = Reporting.new - reporting.send(:assign_attributes, attributes, without_protection: true) + reporting.send(:assign_attributes, attributes) expect(reporting).not_to be_valid diff --git a/spec/models/work_package/work_package_custom_fields_spec.rb b/spec/models/work_package/work_package_custom_fields_spec.rb index d1dc2bb7916..e79d6c1dccf 100644 --- a/spec/models/work_package/work_package_custom_fields_spec.rb +++ b/spec/models/work_package/work_package_custom_fields_spec.rb @@ -231,7 +231,7 @@ describe WorkPackage, type: :model do subject do wp = WorkPackage.new.tap do |i| - i.force_attributes = { project: project } + i.attributes = { project: project } end wp.attributes = attribute_hash diff --git a/spec/models/work_package/work_package_planning_spec.rb b/spec/models/work_package/work_package_planning_spec.rb index 554b8354297..9b7576af5c8 100644 --- a/spec/models/work_package/work_package_planning_spec.rb +++ b/spec/models/work_package/work_package_planning_spec.rb @@ -93,12 +93,12 @@ describe WorkPackage, type: :model do } } - it { expect(WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) }).to be_valid } + it { expect(WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) }).to be_valid } describe 'subject' do it 'is invalid w/o a subject' do attributes[:subject] = nil - planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) } + planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) } expect(planning_element).not_to be_valid @@ -108,7 +108,7 @@ describe WorkPackage, type: :model do it 'is invalid w/ a subject longer than 255 characters' do attributes[:subject] = 'A' * 500 - planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) } + planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) } expect(planning_element).not_to be_valid @@ -120,7 +120,7 @@ describe WorkPackage, type: :model do describe 'start_date' do it 'is valid w/o a start_date' do attributes[:start_date] = nil - planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) } + planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) } expect(planning_element).to be_valid @@ -131,7 +131,7 @@ describe WorkPackage, type: :model do describe 'due_date' do it 'is valid w/o a due_date' do attributes[:due_date] = nil - planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) } + planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) } expect(planning_element).to be_valid @@ -141,7 +141,7 @@ describe WorkPackage, type: :model do it 'is invalid if start_date is after due_date' do attributes[:start_date] = Date.today attributes[:due_date] = Date.today - 1.week - planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) } + planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) } expect(planning_element).not_to be_valid @@ -153,7 +153,7 @@ describe WorkPackage, type: :model do attributes[:type] = FactoryGirl.build(:type, is_milestone: true) attributes[:start_date] = Date.today attributes[:due_date] = Date.today + 1.week - planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) } + planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) } expect(planning_element).not_to be_valid @@ -165,7 +165,7 @@ describe WorkPackage, type: :model do describe 'project' do it 'is invalid w/o a project' do attributes[:project_id] = nil - planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) } + planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) } expect(planning_element).not_to be_valid @@ -179,11 +179,11 @@ describe WorkPackage, type: :model do it 'is invalid if parent is_milestone' do parent = WorkPackage.new.tap do |pe| - pe.send(:assign_attributes, attributes.merge(type: FactoryGirl.build(:type, is_milestone: true)), without_protection: true) + pe.send(:assign_attributes, attributes.merge(type: FactoryGirl.build(:type, is_milestone: true))) end attributes[:parent] = parent - planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes, without_protection: true) } + planning_element = WorkPackage.new.tap { |pe| pe.send(:assign_attributes, attributes) } expect(planning_element).not_to be_valid diff --git a/spec/models/work_package_spec.rb b/spec/models/work_package_spec.rb index 85f0bc8e733..a79489559e1 100644 --- a/spec/models/work_package_spec.rb +++ b/spec/models/work_package_spec.rb @@ -41,7 +41,7 @@ describe WorkPackage, type: :model do let(:priority) { FactoryGirl.create(:priority) } let(:work_package) { WorkPackage.new.tap do |w| - w.force_attributes = { project_id: project.id, + w.attributes = { project_id: project.id, type_id: type.id, author_id: user.id, status_id: status.id, @@ -73,7 +73,7 @@ describe WorkPackage, type: :model do describe 'minimal' do let(:work_package_minimal) { WorkPackage.new.tap do |w| - w.force_attributes = { project_id: project.id, + w.attributes = { project_id: project.id, type_id: type.id, author_id: user.id, status_id: status.id, @@ -166,7 +166,7 @@ describe WorkPackage, type: :model do } before do - work_package.force_attributes = { category_id: category.id } + work_package.attributes = { category_id: category.id } work_package.save! end diff --git a/spec_legacy/functional/messages_controller_spec.rb b/spec_legacy/functional/messages_controller_spec.rb index a3eebcde141..360d92f506b 100644 --- a/spec_legacy/functional/messages_controller_spec.rb +++ b/spec_legacy/functional/messages_controller_spec.rb @@ -52,7 +52,7 @@ describe MessagesController, type: :controller do assert_difference 'Message.count', 110 do 110.times do m = Message.new - m.force_attributes = { subject: 'Reply', content: 'Reply body', author_id: 2, board_id: 1 } + m.attributes = { subject: 'Reply', content: 'Reply body', author_id: 2, board_id: 1 } message.children << m end end diff --git a/spec_legacy/functional/project_enumerations_controller_spec.rb b/spec_legacy/functional/project_enumerations_controller_spec.rb index 101e43dbf60..0afe47d8600 100644 --- a/spec_legacy/functional/project_enumerations_controller_spec.rb +++ b/spec_legacy/functional/project_enumerations_controller_spec.rb @@ -150,7 +150,7 @@ describe ProjectEnumerationsController, type: :controller do # second one is a duplicate # parent = TimeEntryActivity.find(9) parent = TimeEntryActivity.new - parent.force_attributes = { name: parent.name, project_id: 1, position: parent.position, active: true } + parent.attributes = { name: parent.name, project_id: 1, position: parent.position, active: true } parent.save(validate: false) project = Project.find(1) diff --git a/spec_legacy/unit/category_spec.rb b/spec_legacy/unit/category_spec.rb index 217a6cb1cc4..488e0bc1f23 100644 --- a/spec_legacy/unit/category_spec.rb +++ b/spec_legacy/unit/category_spec.rb @@ -38,7 +38,7 @@ describe Category, type: :model do end it 'should create' do - (new_cat = Category.new).force_attributes = { project_id: @project.id, name: 'New category' } + (new_cat = Category.new).attributes = { project_id: @project.id, name: 'New category' } assert new_cat.valid? assert new_cat.save assert_equal 'New category', new_cat.name @@ -48,9 +48,9 @@ describe Category, type: :model do group = FactoryGirl.create :group role = FactoryGirl.create :role (Member.new.tap do |m| - m.force_attributes = { principal: group, project: @project, role_ids: [role.id] } + m.attributes = { principal: group, project: @project, role_ids: [role.id] } end).save! - (new_cat = Category.new).force_attributes = { project_id: @project.id, name: 'Group assignment', assigned_to_id: group.id } + (new_cat = Category.new).attributes = { project_id: @project.id, name: 'Group assignment', assigned_to_id: group.id } assert new_cat.valid? assert new_cat.save assert_kind_of Group, new_cat.assigned_to diff --git a/spec_legacy/unit/group_spec.rb b/spec_legacy/unit/group_spec.rb index 0dfc3190cb2..c7846df1d79 100644 --- a/spec_legacy/unit/group_spec.rb +++ b/spec_legacy/unit/group_spec.rb @@ -34,7 +34,7 @@ describe Group, type: :model do @member = FactoryGirl.build :member @work_package = FactoryGirl.create :work_package @roles = FactoryGirl.create_list :role, 2 - @member.force_attributes = { principal: @group, role_ids: @roles.map(&:id) } + @member.attributes = { principal: @group, role_ids: @roles.map(&:id) } @member.save! @project = @member.project @user = FactoryGirl.create :user @@ -63,7 +63,7 @@ describe Group, type: :model do member = FactoryGirl.build :member roles = FactoryGirl.create_list :role, 2 role_ids = roles.map(&:id) - member.force_attributes = { principal: group, role_ids: role_ids } + member.attributes = { principal: group, role_ids: role_ids } member.save! user = FactoryGirl.create :user group.users << user diff --git a/spec_legacy/unit/issue_nested_set_spec.rb b/spec_legacy/unit/issue_nested_set_spec.rb index 133130a3391..22b9cf44136 100644 --- a/spec_legacy/unit/issue_nested_set_spec.rb +++ b/spec_legacy/unit/issue_nested_set_spec.rb @@ -43,7 +43,7 @@ describe 'IssueNestedSet', type: :model do Setting.cross_project_work_package_relations = '0' issue = create_issue! child = WorkPackage.new.tap do |i| - i.force_attributes = { project_id: 2, + i.attributes = { project_id: 2, type_id: 1, author_id: 1, subject: 'child', @@ -57,7 +57,7 @@ describe 'IssueNestedSet', type: :model do Setting.cross_project_work_package_relations = '1' issue = create_issue! child = WorkPackage.new.tap do |i| - i.force_attributes = { project_id: 2, + i.attributes = { project_id: 2, type_id: 1, author_id: 1, subject: 'child', @@ -107,17 +107,17 @@ describe 'IssueNestedSet', type: :model do issue3 = create_issue!(parent_id: issue2.id) issue4 = create_issue! (r1 = Relation.new.tap do |i| - i.force_attributes = { from: issue1, + i.attributes = { from: issue1, to: issue2, relation_type: Relation::TYPE_PRECEDES } end).save! (r2 = Relation.new.tap do |i| - i.force_attributes = { from: issue1, + i.attributes = { from: issue1, to: issue3, relation_type: Relation::TYPE_PRECEDES } end).save! (r3 = Relation.new.tap do |i| - i.force_attributes = { from: issue2, + i.attributes = { from: issue2, to: issue4, relation_type: Relation::TYPE_PRECEDES } end).save! @@ -296,7 +296,7 @@ describe 'IssueNestedSet', type: :model do def create_issue!(attributes = {}) (i = WorkPackage.new.tap do |i| attr = { project_id: 1, type_id: 1, author_id: 1, subject: 'test' }.merge(attributes) - i.force_attributes = attr + i.attributes = attr end).save! i end diff --git a/spec_legacy/unit/member_spec.rb b/spec_legacy/unit/member_spec.rb index 78302984136..f52f209fe23 100644 --- a/spec_legacy/unit/member_spec.rb +++ b/spec_legacy/unit/member_spec.rb @@ -41,7 +41,7 @@ describe Member, type: :model do it 'should create' do member = Member.new.tap do |m| - m.force_attributes = { project_id: @project.id, + m.attributes = { project_id: @project.id, user_id: FactoryGirl.create(:user).id, role_ids: [@role.id] } end @@ -73,7 +73,7 @@ describe Member, type: :model do user_id = FactoryGirl.create(:user).id 2.times do members << Member.new.tap do |m| - m.force_attributes = { project_id: @project.id, + m.attributes = { project_id: @project.id, user_id: user_id, role_ids: [@role.id] } end @@ -84,7 +84,7 @@ describe Member, type: :model do assert !members.last.save member = Member.new.tap do |m| - m.force_attributes = { project_id: @project, + m.attributes = { project_id: @project, user_id: FactoryGirl.create(:user).id, role_ids: [] } end @@ -131,7 +131,7 @@ describe Member, type: :model do context 'of user' do before do (@member = Member.new.tap do |m| - m.force_attributes = { project_id: @private_project.id, + m.attributes = { project_id: @private_project.id, user_id: @watcher_user.id, role_ids: [@private_role.id, FactoryGirl.create(:role).id] } end).save! @@ -161,7 +161,7 @@ describe Member, type: :model do before do @group = FactoryGirl.create :group @member = (Member.new.tap do |m| - m.force_attributes = { project_id: @private_project.id, + m.attributes = { project_id: @private_project.id, user_id: @group.id, role_ids: [@private_role.id, FactoryGirl.create(:role).id] } end) diff --git a/spec_legacy/unit/project_spec.rb b/spec_legacy/unit/project_spec.rb index 5558b2fec48..d06988d2450 100644 --- a/spec_legacy/unit/project_spec.rb +++ b/spec_legacy/unit/project_spec.rb @@ -875,7 +875,7 @@ describe Project, type: :model do # group role (Member.new.tap do |m| - m.force_attributes = { project_id: @source_project.id, + m.attributes = { project_id: @source_project.id, principal: group, role_ids: [2] } end).save! diff --git a/spec_legacy/unit/user_spec.rb b/spec_legacy/unit/user_spec.rb index 5ae8846db71..ab671cca668 100644 --- a/spec_legacy/unit/user_spec.rb +++ b/spec_legacy/unit/user_spec.rb @@ -500,7 +500,7 @@ describe User, type: :model do it "should be false for a user with :only_my_events and isn't an author, creator, or assignee" do @user = FactoryGirl.create(:user, mail_notification: 'only_my_events') (Member.new.tap do |m| - m.force_attributes = { user: @user, project: @project, role_ids: [1] } + m.attributes = { user: @user, project: @project, role_ids: [1] } end).save! assert ! @user.notify_about?(@issue) end @@ -548,7 +548,7 @@ describe User, type: :model do it 'should be false for a user with :selected and is not the author or assignee' do @user = FactoryGirl.create(:user, mail_notification: 'selected') (Member.new.tap do |m| - m.force_attributes = { user: @user, project: @project, role_ids: [1] } + m.attributes = { user: @user, project: @project, role_ids: [1] } end).save! assert ! @user.notify_about?(@issue) end diff --git a/spec_legacy/unit/version_spec.rb b/spec_legacy/unit/version_spec.rb index ebf4ab14fcd..206243c232a 100644 --- a/spec_legacy/unit/version_spec.rb +++ b/spec_legacy/unit/version_spec.rb @@ -33,7 +33,7 @@ describe Version, type: :model do it 'should create' do (v = Version.new.tap do |v| - v.force_attributes = { project: Project.find(1), name: '1.1', effective_date: '2011-03-25' } + v.attributes = { project: Project.find(1), name: '1.1', effective_date: '2011-03-25' } end) assert v.save assert_equal 'open', v.status @@ -41,7 +41,7 @@ describe Version, type: :model do it 'should invalid effective date validation' do (v = Version.new.tap do |v| - v.force_attributes = { project: Project.find(1), name: '1.1', effective_date: '99999-01-01' } + v.attributes = { project: Project.find(1), name: '1.1', effective_date: '99999-01-01' } end) assert !v.save assert_includes v.errors[:effective_date], I18n.translate('activerecord.errors.messages.not_a_date') @@ -52,7 +52,7 @@ describe Version, type: :model do it 'should be the date of the earlist issue' do project = Project.find(1) (v = Version.new.tap do |v| - v.force_attributes = { project: project, name: 'Progress' } + v.attributes = { project: project, name: 'Progress' } end).save! add_work_package(v, estimated_hours: 10, start_date: '2010-03-01') FactoryGirl.create(:work_package, project: project, subject: 'not assigned', start_date: '2010-01-01') @@ -65,7 +65,7 @@ describe Version, type: :model do it 'should be the value' do project = Project.find(1) (v = Version.new.tap do |v| - v.force_attributes = { project: project, name: 'Progress', start_date: '2010-01-05' } + v.attributes = { project: project, name: 'Progress', start_date: '2010-01-05' } end).save! add_work_package(v, estimated_hours: 10, start_date: '2010-03-01') @@ -78,7 +78,7 @@ describe Version, type: :model do it 'should progress should be 0 with no assigned issues' do project = Project.find(1) (v = Version.new.tap do |v| - v.force_attributes = { project: project, name: 'Progress' } + v.attributes = { project: project, name: 'Progress' } end).save! assert_equal 0, v.completed_percent assert_equal 0, v.closed_percent @@ -87,7 +87,7 @@ describe Version, type: :model do it 'should progress should be 0 with unbegun assigned issues' do project = Project.find(1) (v = Version.new.tap do |v| - v.force_attributes = { project: project, name: 'Progress' } + v.attributes = { project: project, name: 'Progress' } end).save! add_work_package(v) add_work_package(v, done_ratio: 0) @@ -99,7 +99,7 @@ describe Version, type: :model do project = Project.find(1) status = Status.where(is_closed: true).first (v = Version.new.tap do |v| - v.force_attributes = { project: project, name: 'Progress' } + v.attributes = { project: project, name: 'Progress' } end).save! add_work_package(v, status: status) add_work_package(v, status: status, done_ratio: 20) @@ -112,7 +112,7 @@ describe Version, type: :model do it 'should progress should consider done ratio of open assigned issues' do project = Project.find(1) (v = Version.new.tap do |v| - v.force_attributes = { project: project, name: 'Progress' } + v.attributes = { project: project, name: 'Progress' } end).save! add_work_package(v) add_work_package(v, done_ratio: 20) @@ -124,7 +124,7 @@ describe Version, type: :model do it 'should progress should consider closed issues as completed' do project = Project.find(1) (v = Version.new.tap do |v| - v.force_attributes = { project: project, name: 'Progress' } + v.attributes = { project: project, name: 'Progress' } end).save! add_work_package(v) add_work_package(v, done_ratio: 20) @@ -136,7 +136,7 @@ describe Version, type: :model do it 'should progress should consider estimated hours to weigth issues' do project = Project.find(1) (v = Version.new.tap do |v| - v.force_attributes = { project: project, name: 'Progress' } + v.attributes = { project: project, name: 'Progress' } end).save! add_work_package(v, estimated_hours: 10) add_work_package(v, estimated_hours: 20, done_ratio: 30) @@ -149,7 +149,7 @@ describe Version, type: :model do it 'should progress should consider average estimated hours to weigth unestimated issues' do project = Project.find(1) (v = Version.new.tap do |v| - v.force_attributes = { project: project, name: 'Progress' } + v.attributes = { project: project, name: 'Progress' } end).save! add_work_package(v, done_ratio: 20) add_work_package(v, status: Status.where(is_closed: true).first) @@ -166,7 +166,7 @@ describe Version, type: :model do @project.types << FactoryGirl.create(:type) (@version = Version.new.tap do |v| - v.force_attributes = { project: @project, effective_date: nil, name: 'test' } + v.attributes = { project: @project, effective_date: nil, name: 'test' } end).save! end @@ -213,7 +213,7 @@ describe Version, type: :model do context '#estimated_hours' do before do (@version = Version.new.tap do |v| - v.force_attributes = { project_id: 1, name: '#estimated_hours' } + v.attributes = { project_id: 1, name: '#estimated_hours' } end).save! end @@ -279,7 +279,7 @@ describe Version, type: :model do def add_work_package(version, attributes = {}) (v = WorkPackage.new.tap do |v| - v.force_attributes = { project: version.project, + v.attributes = { project: version.project, fixed_version: version, subject: 'Test', author: User.first,