Protected Gallery and Event models against mass assignment

scriptbots · Oct 9, 2008 · 074a05d · 074a05d
1 parent 9eb0745
commit 074a05d
Show file tree

Hide file tree

Showing 26 changed files with 156 additions and 120 deletions.
diff --git a/app/controllers/galleries_controller.rb b/app/controllers/galleries_controller.rb
@@ -19,7 +19,7 @@ def new
   end
 
   def create
-    @gallery = Gallery.new(params[:gallery].merge(:person => current_person))
+    @gallery = current_person.galleries.build(params[:galleries])
     respond_to do |format|
       if @gallery.save
         flash[:success] = "Gallery successfully created"

diff --git a/app/models/activity.rb b/app/models/activity.rb
@@ -1,12 +1,12 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: activities
 #
-#  id         :integer(11)     not null, primary key
+#  id         :integer(4)      not null, primary key
 #  public     :boolean(1)      
-#  item_id    :integer(11)     
-#  person_id  :integer(11)     
+#  item_id    :integer(4)      
+#  person_id  :integer(4)      
 #  item_type  :string(255)     
 #  created_at :datetime        
 #  updated_at :datetime        

diff --git a/app/models/all_person.rb b/app/models/all_person.rb
@@ -1,9 +1,9 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: people
 #
-#  id                         :integer(11)     not null, primary key
+#  id                         :integer(4)      not null, primary key
 #  email                      :string(255)     
 #  name                       :string(255)     
 #  remember_token             :string(255)     
@@ -12,9 +12,9 @@
 #  remember_token_expires_at  :datetime        
 #  last_contacted_at          :datetime        
 #  last_logged_in_at          :datetime        
-#  forum_posts_count          :integer(11)     default(0), not null
-#  blog_post_comments_count   :integer(11)     default(0), not null
-#  wall_comments_count        :integer(11)     default(0), not null
+#  forum_posts_count          :integer(4)      default(0), not null
+#  blog_post_comments_count   :integer(4)      default(0), not null
+#  wall_comments_count        :integer(4)      default(0), not null
 #  created_at                 :datetime        
 #  updated_at                 :datetime        
 #  admin                      :boolean(1)      not null
@@ -24,6 +24,8 @@
 #  wall_comment_notifications :boolean(1)      default(TRUE)
 #  blog_comment_notifications :boolean(1)      default(TRUE)
 #  email_verified             :boolean(1)      
+#  avatar_id                  :integer(4)      
+#  identity_url               :string(255)     
 #
 
 class AllPerson < Person

diff --git a/app/models/blog.rb b/app/models/blog.rb
@@ -1,10 +1,10 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: blogs
 #
-#  id         :integer(11)     not null, primary key
-#  person_id  :integer(11)     
+#  id         :integer(4)      not null, primary key
+#  person_id  :integer(4)      
 #  created_at :datetime        
 #  updated_at :datetime        
 #

diff --git a/app/models/blog_post.rb b/app/models/blog_post.rb
@@ -1,18 +1,17 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: posts
 #
-#  id                       :integer(11)     not null, primary key
-#  blog_id                  :integer(11)     
-#  topic_id                 :integer(11)     
-#  person_id                :integer(11)     
-#  title                    :string(255)     
-#  body                     :text            
-#  blog_post_comments_count :integer(11)     default(0), not null
-#  type                     :string(255)     
-#  created_at               :datetime        
-#  updated_at               :datetime        
+#  id         :integer(4)      not null, primary key
+#  blog_id    :integer(4)      
+#  topic_id   :integer(4)      
+#  person_id  :integer(4)      
+#  title      :string(255)     
+#  body       :text            
+#  type       :string(255)     
+#  created_at :datetime        
+#  updated_at :datetime        
 #
 
 class BlogPost < Post

diff --git a/app/models/comment.rb b/app/models/comment.rb
@@ -1,11 +1,11 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: comments
 #
-#  id               :integer(11)     not null, primary key
-#  commenter_id     :integer(11)     
-#  commentable_id   :integer(11)     
+#  id               :integer(4)      not null, primary key
+#  commenter_id     :integer(4)      
+#  commentable_id   :integer(4)      
 #  commentable_type :string(255)     default(""), not null
 #  body             :text            
 #  created_at       :datetime        

diff --git a/app/models/communication.rb b/app/models/communication.rb
@@ -1,14 +1,14 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: communications
 #
-#  id                   :integer(11)     not null, primary key
+#  id                   :integer(4)      not null, primary key
 #  subject              :string(255)     
 #  content              :text            
-#  parent_id            :integer(11)     
-#  sender_id            :integer(11)     
-#  recipient_id         :integer(11)     
+#  parent_id            :integer(4)      
+#  sender_id            :integer(4)      
+#  recipient_id         :integer(4)      
 #  sender_deleted_at    :datetime        
 #  sender_read_at       :datetime        
 #  recipient_deleted_at :datetime        
@@ -17,7 +17,7 @@
 #  type                 :string(255)     
 #  created_at           :datetime        
 #  updated_at           :datetime        
-#  conversation_id      :integer(11)     
+#  conversation_id      :integer(4)      
 #
 
 class Communication < ActiveRecord::Base

diff --git a/app/models/connection.rb b/app/models/connection.rb
@@ -1,12 +1,12 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: connections
 #
-#  id          :integer(11)     not null, primary key
-#  person_id   :integer(11)     
-#  contact_id  :integer(11)     
-#  status      :integer(11)     
+#  id          :integer(4)      not null, primary key
+#  person_id   :integer(4)      
+#  contact_id  :integer(4)      
+#  status      :integer(4)      
 #  accepted_at :datetime        
 #  created_at  :datetime        
 #  updated_at  :datetime        

diff --git a/app/models/conversation.rb b/app/models/conversation.rb
@@ -1,9 +1,9 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: conversations
 #
-#  id :integer(11)     not null, primary key
+#  id :integer(4)      not null, primary key
 #
 
 class Conversation < ActiveRecord::Base

diff --git a/app/models/email_verification.rb b/app/models/email_verification.rb
@@ -1,10 +1,10 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: email_verifications
 #
-#  id         :integer(11)     not null, primary key
-#  person_id  :integer(11)     
+#  id         :integer(4)      not null, primary key
+#  person_id  :integer(4)      
 #  code       :string(255)     
 #  created_at :datetime        
 #  updated_at :datetime        

diff --git a/app/models/event.rb b/app/models/event.rb
@@ -1,6 +1,26 @@
+# == Schema Information
+# Schema version: 20080916002106
+#
+# Table name: events
+#
+#  id                    :integer(4)      not null, primary key
+#  title                 :string(255)     default(""), not null
+#  description           :string(255)     
+#  person_id             :integer(4)      not null
+#  start_time            :datetime        not null
+#  end_time              :datetime        
+#  reminder              :boolean(1)      
+#  created_at            :datetime        
+#  updated_at            :datetime        
+#  event_attendees_count :integer(4)      default(0)
+#  privacy               :integer(4)      not null
+#
+
 class Event < ActiveRecord::Base
   include ActivityLogger
 
+  attr_accessible :title, :description
+
   MAX_DESCRIPTION_LENGTH = MAX_STRING_LENGTH
   MAX_TITLE_LENGTH = 40
   PRIVACY = { :public => 1, :contacts => 2 }

diff --git a/app/models/event_attendee.rb b/app/models/event_attendee.rb
@@ -1,3 +1,13 @@
+# == Schema Information
+# Schema version: 20080916002106
+#
+# Table name: event_attendees
+#
+#  id        :integer(4)      not null, primary key
+#  person_id :integer(4)      
+#  event_id  :integer(4)      
+#
+
 class EventAttendee < ActiveRecord::Base
   include ActivityLogger
 

diff --git a/app/models/feed.rb b/app/models/feed.rb
@@ -1,11 +1,11 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: feeds
 #
-#  id          :integer(11)     not null, primary key
-#  person_id   :integer(11)     
-#  activity_id :integer(11)     
+#  id          :integer(4)      not null, primary key
+#  person_id   :integer(4)      
+#  activity_id :integer(4)      
 #
 
 class Feed < ActiveRecord::Base

diff --git a/app/models/forum.rb b/app/models/forum.rb
@@ -1,12 +1,12 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: forums
 #
-#  id           :integer(11)     not null, primary key
+#  id           :integer(4)      not null, primary key
 #  name         :string(255)     
 #  description  :text            
-#  topics_count :integer(11)     default(0), not null
+#  topics_count :integer(4)      default(0), not null
 #  created_at   :datetime        
 #  updated_at   :datetime        
 #

diff --git a/app/models/forum_post.rb b/app/models/forum_post.rb
@@ -1,18 +1,17 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: posts
 #
-#  id                       :integer(11)     not null, primary key
-#  blog_id                  :integer(11)     
-#  topic_id                 :integer(11)     
-#  person_id                :integer(11)     
-#  title                    :string(255)     
-#  body                     :text            
-#  blog_post_comments_count :integer(11)     default(0), not null
-#  type                     :string(255)     
-#  created_at               :datetime        
-#  updated_at               :datetime        
+#  id         :integer(4)      not null, primary key
+#  blog_id    :integer(4)      
+#  topic_id   :integer(4)      
+#  person_id  :integer(4)      
+#  title      :string(255)     
+#  body       :text            
+#  type       :string(255)     
+#  created_at :datetime        
+#  updated_at :datetime        
 #
 
 class ForumPost < Post

diff --git a/app/models/gallery.rb b/app/models/gallery.rb
@@ -1,21 +1,23 @@
 # == Schema Information
-# Schema version: 28
-# Schema version: 17
+# Schema version: 20080916002106
 #
 # Table name: galleries
 #
-#  id               :integer(11)     not null, primary key
-#  person_id        :integer(11)     
+#  id               :integer(4)      not null, primary key
+#  person_id        :integer(4)      
 #  title            :string(255)     
 #  description      :string(255)     
-#  photos_count     :integer(11)     default(0), not null
-#  primary_photo_id :integer(11)     
+#  photos_count     :integer(4)      default(0), not null
+#  primary_photo_id :integer(4)      
 #  created_at       :datetime        
 #  updated_at       :datetime        
 #
 
 class Gallery < ActiveRecord::Base
   include ActivityLogger
+
+  attr_accessible :title, :description
+
   belongs_to :person
   has_many :photos, :dependent => :destroy, :order => :position
   has_many :activities, :foreign_key => "item_id", :dependent => :destroy

diff --git a/app/models/message.rb b/app/models/message.rb
@@ -1,14 +1,14 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: communications
 #
-#  id                   :integer(11)     not null, primary key
+#  id                   :integer(4)      not null, primary key
 #  subject              :string(255)     
 #  content              :text            
-#  parent_id            :integer(11)     
-#  sender_id            :integer(11)     
-#  recipient_id         :integer(11)     
+#  parent_id            :integer(4)      
+#  sender_id            :integer(4)      
+#  recipient_id         :integer(4)      
 #  sender_deleted_at    :datetime        
 #  sender_read_at       :datetime        
 #  recipient_deleted_at :datetime        
@@ -17,7 +17,7 @@
 #  type                 :string(255)     
 #  created_at           :datetime        
 #  updated_at           :datetime        
-#  conversation_id      :integer(11)     
+#  conversation_id      :integer(4)      
 #
 
 class Message < Communication

diff --git a/app/models/page_view.rb b/app/models/page_view.rb
@@ -1,16 +1,16 @@
 # == Schema Information
-# Schema version: 28
+# Schema version: 20080916002106
 #
 # Table name: page_views
 #
-#  id          :integer(11)     not null, primary key
+#  id          :integer(4)      not null, primary key
 #  request_url :string(200)     
 #  ip_address  :string(16)      
 #  referer     :string(200)     
 #  user_agent  :string(200)     
 #  created_at  :datetime        
 #  updated_at  :datetime        
-#  person_id   :integer(11)     
+#  person_id   :integer(4)      
 #
 
 class PageView < ActiveRecord::Base