From 3c360ab1b8caeedfff838b268463100abeccb12c Mon Sep 17 00:00:00 2001 From: Taylor Griffin Date: Fri, 23 Jan 2015 09:22:13 +1100 Subject: [PATCH 1/3] specify permitted params for nested attributes --- app/controllers/crops_controller.rb | 2 +- db/schema.rb | 109 ++++++++++++++-------------- 2 files changed, 56 insertions(+), 55 deletions(-) diff --git a/app/controllers/crops_controller.rb b/app/controllers/crops_controller.rb index 48f8342f0..2b5e2f22e 100644 --- a/app/controllers/crops_controller.rb +++ b/app/controllers/crops_controller.rb @@ -146,6 +146,6 @@ class CropsController < ApplicationController private def crop_params - params.require(:crop).permit(:en_wikipedia_url, :name, :parent_id, :creator_id, :scientific_names_attributes) + params.require(:crop).permit(:en_wikipedia_url, :name, :parent_id, :creator_id, :scientific_names_attributes => [:scientific_name]) end end diff --git a/db/schema.rb b/db/schema.rb index 9c4137f40..56877d351 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20141119130555) do +ActiveRecord::Schema.define(version: 20141209074953) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -20,24 +20,24 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.string "name", null: false t.boolean "is_paid" t.boolean "is_permanent_paid" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "accounts", force: true do |t| t.integer "member_id", null: false t.integer "account_type_id" t.datetime "paid_until" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "alternate_names", force: true do |t| t.string "name", null: false t.integer "crop_id", null: false t.integer "creator_id", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "authentications", force: true do |t| @@ -46,8 +46,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.string "uid" t.string "token" t.string "secret" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "name" end @@ -57,19 +57,20 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.integer "post_id", null: false t.integer "author_id", null: false t.text "body", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "crops", force: true do |t| - t.string "name", null: false + t.string "name", null: false t.string "en_wikipedia_url" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "slug" t.integer "parent_id" t.integer "plantings_count", default: 0 t.integer "creator_id" + t.boolean "approved", default: true end add_index "crops", ["name"], name: "index_crops_on_name", using: :btree @@ -86,16 +87,16 @@ ActiveRecord::Schema.define(version: 20141119130555) do create_table "follows", force: true do |t| t.integer "follower_id" t.integer "followed_id" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "forums", force: true do |t| t.string "name", null: false t.text "description", null: false t.integer "owner_id", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "slug" end @@ -105,8 +106,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.string "name", null: false t.integer "owner_id" t.string "slug", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.text "description" t.boolean "active", default: true t.string "location" @@ -116,7 +117,7 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.string "area_unit" end - add_index "gardens", ["owner_id"], name: "index_gardens_on_owner_id", using: :btree + add_index "gardens", ["owner_id"], name: "index_gardens_on_user_id", using: :btree add_index "gardens", ["slug"], name: "index_gardens_on_slug", unique: true, using: :btree create_table "harvests", force: true do |t| @@ -126,8 +127,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.decimal "quantity" t.string "unit" t.text "description" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "slug" t.decimal "weight_quantity" t.string "weight_unit" @@ -159,8 +160,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.integer "failed_attempts", default: 0 t.string "unlock_token" t.datetime "locked_at" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "login_name" t.string "slug" t.boolean "tos_agreement" @@ -175,11 +176,11 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.boolean "send_planting_reminder", default: true end - add_index "members", ["confirmation_token"], name: "index_members_on_confirmation_token", unique: true, using: :btree - add_index "members", ["email"], name: "index_members_on_email", unique: true, using: :btree - add_index "members", ["reset_password_token"], name: "index_members_on_reset_password_token", unique: true, using: :btree - add_index "members", ["slug"], name: "index_members_on_slug", unique: true, using: :btree - add_index "members", ["unlock_token"], name: "index_members_on_unlock_token", unique: true, using: :btree + add_index "members", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree + add_index "members", ["email"], name: "index_users_on_email", unique: true, using: :btree + add_index "members", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree + add_index "members", ["slug"], name: "index_users_on_slug", unique: true, using: :btree + add_index "members", ["unlock_token"], name: "index_users_on_unlock_token", unique: true, using: :btree create_table "members_roles", id: false, force: true do |t| t.integer "member_id" @@ -193,8 +194,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.text "body" t.boolean "read", default: false t.integer "post_id" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "order_items", force: true do |t| @@ -202,13 +203,13 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.integer "product_id" t.integer "price" t.integer "quantity" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "orders", force: true do |t| - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.datetime "completed_at" t.integer "member_id" t.string "paypal_express_token" @@ -225,8 +226,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.integer "owner_id", null: false t.string "thumbnail_url", null: false t.string "fullsize_url", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "title", null: false t.string "license_name", null: false t.string "license_url" @@ -241,8 +242,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do create_table "plant_parts", force: true do |t| t.string "name" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "slug" end @@ -252,8 +253,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.date "planted_at" t.integer "quantity" t.text "description" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "slug" t.string "sunniness" t.string "planted_from" @@ -268,21 +269,21 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.integer "author_id", null: false t.string "subject", null: false t.text "body", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "slug" t.integer "forum_id" end - add_index "posts", ["created_at", "author_id"], name: "index_posts_on_created_at_and_author_id", using: :btree - add_index "posts", ["slug"], name: "index_posts_on_slug", unique: true, using: :btree + add_index "posts", ["created_at", "author_id"], name: "index_updates_on_created_at_and_user_id", using: :btree + add_index "posts", ["slug"], name: "index_updates_on_slug", unique: true, using: :btree create_table "products", force: true do |t| t.string "name", null: false t.text "description", null: false t.integer "min_price", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.integer "account_type_id" t.integer "paid_months" t.integer "recommended_price" @@ -291,8 +292,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do create_table "roles", force: true do |t| t.string "name", null: false t.text "description" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "slug" end @@ -301,8 +302,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do create_table "scientific_names", force: true do |t| t.string "scientific_name", null: false t.integer "crop_id", null: false - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.integer "creator_id" end @@ -312,8 +313,8 @@ ActiveRecord::Schema.define(version: 20141119130555) do t.text "description" t.integer "quantity" t.date "plant_before" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "tradable_to", default: "nowhere" t.string "slug" end From 1ea5257da40758a2bd20484c947fd08a804ef79e Mon Sep 17 00:00:00 2001 From: Taylor Griffin Date: Fri, 23 Jan 2015 09:56:23 +1100 Subject: [PATCH 2/3] include sci names in create crop feature spec --- spec/features/crops/crop_wranglers_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec/features/crops/crop_wranglers_spec.rb b/spec/features/crops/crop_wranglers_spec.rb index 26259e3a9..0e0b08fbe 100644 --- a/spec/features/crops/crop_wranglers_spec.rb +++ b/spec/features/crops/crop_wranglers_spec.rb @@ -43,8 +43,10 @@ feature "crop wranglers" do click_link 'Add Crop' fill_in 'Name', with: "aubergine" fill_in 'Wikipedia URL', with: "http://en.wikipedia.org/wiki/Maize" + fill_in 'crop_scientific_names_attributes_0_scientific_name', with: "planticus maximus" click_on 'Save' expect(page).to have_content 'Crop was successfully created' + expect(page).to have_content 'planticus maximus' end end From 20b9996f14b0aacc77177209a591310b01a36f2b Mon Sep 17 00:00:00 2001 From: Taylor Griffin Date: Fri, 23 Jan 2015 10:15:06 +1100 Subject: [PATCH 3/3] raise exceptions on unpermitted parameters in staging --- config/environments/staging.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/environments/staging.rb b/config/environments/staging.rb index d8f0e530c..ece8f9abb 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -1,6 +1,8 @@ Growstuff::Application.configure do # Settings specified here will take precedence over those in config/application.rb + config.action_controller.action_on_unpermitted_parameters = :raise + # Eager load code on boot. This eager loads most of Rails and # your application in memory, allowing both threaded web servers # and those relying on copy on write to perform better.