diff --git a/app/controllers/admin/articles_controller.rb b/app/controllers/admin/articles_controller.rb index 3db8dde5..15b30592 100644 --- a/app/controllers/admin/articles_controller.rb +++ b/app/controllers/admin/articles_controller.rb @@ -108,7 +108,7 @@ def autosave fetch_fresh_or_existing_draft_for_article - @article.attributes = params[:article].permit! + @article.assign_attributes(update_params) @article.author = current_user @article.save_attachments!(params[:attachments]) diff --git a/app/controllers/admin/notes_controller.rb b/app/controllers/admin/notes_controller.rb index c3ab98af..1104ee54 100644 --- a/app/controllers/admin/notes_controller.rb +++ b/app/controllers/admin/notes_controller.rb @@ -23,7 +23,7 @@ def create note = new_note note.state = "published" - note.attributes = params[:note].permit! + note.assign_attributes(note_params) note.text_filter ||= default_text_filter note.published_at ||= Time.zone.now if note.save @@ -41,7 +41,7 @@ def create end def update - @note.attributes = params[:note].permit! + @note.assign_attributes(note_params) @note.save redirect_to admin_notes_url end @@ -54,6 +54,15 @@ def destroy private + def note_params + params.require(:note).permit(:text_filter_name, + :body, + :push_to_twitter, + :in_reply_to_status_id, + :permalink, + :published_at) + end + def load_existing_notes @notes = Note.page(params[:page]).per(this_blog.limit_article_display) end diff --git a/app/controllers/admin/seo_controller.rb b/app/controllers/admin/seo_controller.rb index 37d32662..4695389b 100644 --- a/app/controllers/admin/seo_controller.rb +++ b/app/controllers/admin/seo_controller.rb @@ -30,7 +30,11 @@ def update private def settings_params - @settings_params ||= params.require(:setting).permit! + @settings_params ||= params.require(:setting).permit(settings_keys) + end + + def settings_keys + @setting.settings_keys + [:custom_permalink] end VALID_SECTIONS = %w(general titles permalinks).freeze diff --git a/app/controllers/admin/settings_controller.rb b/app/controllers/admin/settings_controller.rb index 626a558f..a894c443 100644 --- a/app/controllers/admin/settings_controller.rb +++ b/app/controllers/admin/settings_controller.rb @@ -36,7 +36,7 @@ def update VALID_ACTIONS = %w(index write feedback display).freeze def settings_params - @settings_params ||= params.require(:setting).permit! + @settings_params ||= params.require(:setting).permit(@setting.settings_keys) end def action_param diff --git a/app/controllers/admin/sidebar_controller.rb b/app/controllers/admin/sidebar_controller.rb index 8191933f..7731f279 100644 --- a/app/controllers/admin/sidebar_controller.rb +++ b/app/controllers/admin/sidebar_controller.rb @@ -8,9 +8,11 @@ def index # Just update a single active Sidebar instance at once def update - @sidebar = Sidebar.where(id: params[:id]).first + @sidebar = Sidebar.find(params[:id]) @old_s_index = @sidebar.staged_position || @sidebar.active_position - @sidebar.update params[:configure][@sidebar.id.to_s].permit! + @sidebar.update params.require(:configure) + .require(@sidebar.id.to_s) + .permit(@sidebar.fields.map(&:key)) respond_to do |format| format.js format.html do diff --git a/app/models/config_manager.rb b/app/models/config_manager.rb index a80c1690..ab4eb9e6 100644 --- a/app/models/config_manager.rb +++ b/app/models/config_manager.rb @@ -28,6 +28,10 @@ def default_for(key) fields[key.to_s].default end + def settings_keys + fields.keys + end + private def add_setting_reader(item) @@ -65,6 +69,10 @@ def canonicalize(key, value) self.class.fields[key.to_s].canonicalize(value) end + def settings_keys + self.class.settings_keys + end + class Item VALID_TYPES = [:boolean, :integer, :string, :text].freeze diff --git a/spec/controllers/admin/notes_controller_spec.rb b/spec/controllers/admin/notes_controller_spec.rb index c8af997e..49e9d9db 100644 --- a/spec/controllers/admin/notes_controller_spec.rb +++ b/spec/controllers/admin/notes_controller_spec.rb @@ -7,112 +7,107 @@ let(:admin) { create(:user, :as_admin, twitter: "@getpublify") } let!(:blog) { create(:blog, limit_article_display: 10) } + let(:note) { create(:note, user_id: admin) } before do sign_in admin end - context "with a blog" do - describe "index" do - let!(:notes) { create_list(:note, 2) } + describe "#index" do + let!(:notes) { create_list(:note, 2) } - it "shows the index template" do - get :index - expect(response).to render_template("index") - end + it "shows the index template" do + get :index + expect(response).to render_template("index") + end - it "lists existing notes" do - get :index - expect(assigns(:notes)).to match_array notes - end + it "lists existing notes" do + get :index + expect(assigns(:notes)).to match_array notes + end - it "assigns a new note for the note form" do - get :index + it "assigns a new note for the note form" do + get :index - aggregate_failures do - expect(assigns(:note)).to be_a(Note) - expect(assigns(:note).author).to eq(admin.login) - expect(assigns(:note).user).to eq(admin) - end + aggregate_failures do + expect(assigns(:note)).to be_a(Note) + expect(assigns(:note).author).to eq(admin.login) + expect(assigns(:note).user).to eq(admin) end + end - it "lists notes without publication date" do - create(:note, published_at: nil) + it "lists notes without publication date" do + create(:note, published_at: nil) - get :index - expect(response).to be_successful - end + get :index + expect(response).to be_successful end + end - describe "create" do - context "a simple note" do - before { post :create, params: { note: { body: "Emphasis _mine_" } } } + describe "#create" do + context "a simple note" do + before { post :create, params: { note: { body: "Emphasis _mine_" } } } - it { expect(response).to redirect_to(admin_notes_path) } - it { expect(flash[:notice]).to eq(I18n.t("notice.note_successfully_created")) } - end + it { expect(response).to redirect_to(admin_notes_path) } + it { expect(flash[:notice]).to eq(I18n.t("notice.note_successfully_created")) } + end + + it "creates a note" do + expect do + post :create, params: { note: { body: "Emphasis _mine_" } } + end.to change(Note, :count).from(0).to(1) + end - it "creates a note" do - expect do - post :create, params: { note: { body: "Emphasis _mine_" } } - end.to change(Note, :count).from(0).to(1) + context "with twitter access configured" do + before do + blog.twitter_consumer_key = "consumer_key" + blog.twitter_consumer_secret = "consumer_secret" + blog.save + + admin.twitter_oauth_token = "oauth_token" + admin.twitter_oauth_token_secret = "oauth_token" + admin.save end - context "with twitter access configured" do - before do - blog.twitter_consumer_key = "consumer_key" - blog.twitter_consumer_secret = "consumer_secret" - blog.save - - admin.twitter_oauth_token = "oauth_token" - admin.twitter_oauth_token_secret = "oauth_token" - admin.save - end - - it "sends the note to twitter" do - expect(Note.count).to eq(0) - twitter_cli = double(:twitter_cli) - expect(Twitter::Client).to receive(:new).and_return(twitter_cli) - tweet = Struct.new(:attrs).new({ id_str: "2344" }) - expect(twitter_cli).to receive(:update).and_return(tweet) - post :create, params: { note: { body: "Emphasis _mine_, arguments *strong*" }, - push_to_twitter: "true" } - expect(Note.first.twitter_id).to eq("2344") - end + it "sends the note to twitter" do + expect(Note.count).to eq(0) + twitter_cli = double(:twitter_cli) + expect(Twitter::Client).to receive(:new).and_return(twitter_cli) + tweet = Struct.new(:attrs).new({ id_str: "2344" }) + expect(twitter_cli).to receive(:update).and_return(tweet) + post :create, params: { note: { body: "Emphasis _mine_, arguments *strong*" }, + push_to_twitter: "true" } + expect(Note.first.twitter_id).to eq("2344") end end + end - context "with an existing note from current user" do - let(:note) { create(:note, user_id: admin) } - - describe "edit" do - before { get :edit, params: { id: note.id } } + describe "#edit" do + before { get :edit, params: { id: note.id } } - it { expect(response).to be_successful } - it { expect(response).to render_template("edit") } - it { expect(assigns(:note)).to eq(note) } - it { expect(assigns(:notes)).to eq([note]) } - end + it { expect(response).to be_successful } + it { expect(response).to render_template("edit") } + it { expect(assigns(:note)).to eq(note) } + it { expect(assigns(:notes)).to eq([note]) } + end - describe "update" do - before { post :update, params: { id: note.id, note: { body: "new body" } } } + describe "#update" do + before { post :update, params: { id: note.id, note: { body: "new body" } } } - it { expect(response).to redirect_to(action: :index) } - it { expect(note.reload.body).to eq("new body") } - end + it { expect(response).to redirect_to(action: :index) } + it { expect(note.reload.body).to eq("new body") } + end - describe "show" do - before { get :show, params: { id: note.id } } + describe "#show" do + before { get :show, params: { id: note.id } } - it { expect(response).to render_template("show") } - end + it { expect(response).to render_template("show") } + end - describe "Destroying a note" do - before { post :destroy, params: { id: note.id } } + describe "#destroy" do + before { post :destroy, params: { id: note.id } } - it { expect(response).to redirect_to(admin_notes_path) } - it { expect(Note.count).to eq(0) } - end - end + it { expect(response).to redirect_to(admin_notes_path) } + it { expect(Note.count).to eq(0) } end end