Replace permit/require with expect for parameter validation

author Tom Hughes <tom@compton.nu>

Tue, 25 Feb 2025 19:08:57 +0000 (19:08 +0000)

committer Tom Hughes <tom@compton.nu>

Thu, 20 Mar 2025 11:38:27 +0000 (11:38 +0000)
author Tom Hughes <tom@compton.nu>
Tue, 25 Feb 2025 19:08:57 +0000 (19:08 +0000)
committer Tom Hughes <tom@compton.nu>
Thu, 20 Mar 2025 11:38:27 +0000 (11:38 +0000)
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb

index e2a82c20edc154b8c4c4aa625ac583e153d8be2c..31653448ae2c140f30281c755b590a9bd0c91c19 100644 (file)
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -25,7 +25,7 @@ class AccountsController < ApplicationController
    end
  
    def update
-    user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
+    user_params = params.expect(:user => [:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider])
  
      if params[:user][:auth_provider].blank? ||
         (params[:user][:auth_provider] == current_user.auth_provider &&
diff --git a/app/controllers/diary_comments_controller.rb b/app/controllers/diary_comments_controller.rb

index 91e05ff7413f9cd3d0a5a28308e93aa0ad8d8a3a..5bbf2bf63dc0efd60f3b70d525f7fe20c4ca202b 100644 (file)
--- a/app/controllers/diary_comments_controller.rb
+++ b/app/controllers/diary_comments_controller.rb
@@ -51,6 +51,6 @@ class DiaryCommentsController < ApplicationController
    ##
    # return permitted diary comment parameters
    def comment_params
-    params.require(:diary_comment).permit(:body)
+    params.expect(:diary_comment => [:body])
    end
  end
diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb

index 94876e72a38b539bf2b21240cfa041f79f6a51c3..f3752cb2c047e8cc899df9019db4f42eff4b488f 100644 (file)
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@@ -219,7 +219,7 @@ class DiaryEntriesController < ApplicationController
    ##
    # return permitted diary entry parameters
    def entry_params
-    params.require(:diary_entry).permit(:title, :body, :language_code, :latitude, :longitude)
+    params.expect(:diary_entry => [:title, :body, :language_code, :latitude, :longitude])
    rescue ActionController::ParameterMissing
      ActionController::Parameters.new.permit(:title, :body, :language_code, :latitude, :longitude)
    end
diff --git a/app/controllers/issue_comments_controller.rb b/app/controllers/issue_comments_controller.rb

index 5bf4d023784a587613645f03891f5e2f22ae2cae..cb504ad049a8d4118072480904431058f390e6dd 100644 (file)
--- a/app/controllers/issue_comments_controller.rb
+++ b/app/controllers/issue_comments_controller.rb
@@ -33,7 +33,7 @@ class IssueCommentsController < ApplicationController
    private
  
    def issue_comment_params
-    params.require(:issue_comment).permit(:body)
+    params.expect(:issue_comment => [:body])
    end
  
    # This sort of assumes there are only two roles
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb

index 1979c9edc5f7bf8feba00f9901150af9420c4038..cb72d4d571ce4d893532d62fcc484889a3ac8be0 100644 (file)
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -78,7 +78,7 @@ class MessagesController < ApplicationController
    ##
    # return permitted message parameters
    def message_params
-    params.require(:message).permit(:title, :body)
+    params.expect(:message => [:title, :body])
    rescue ActionController::ParameterMissing
      ActionController::Parameters.new.permit(:title, :body)
    end
diff --git a/app/controllers/oauth2_applications_controller.rb b/app/controllers/oauth2_applications_controller.rb

index 97d84b1737eb5d7b86c434f65c97f7328eacd251..fcb9afc3b69945de81fe0d98999a7524713e62a3 100644 (file)
--- a/app/controllers/oauth2_applications_controller.rb
+++ b/app/controllers/oauth2_applications_controller.rb
@@ -21,8 +21,8 @@ class Oauth2ApplicationsController < Doorkeeper::ApplicationsController
  
    def application_params
      params[:oauth2_application][:scopes]&.delete("")
-    params.require(:oauth2_application)
-          .permit(:name, :redirect_uri, :confidential, :scopes => [])
-          .merge(:owner => current_resource_owner)
+    params
+      .expect(:oauth2_application => [:name, :redirect_uri, :confidential, { :scopes => [] }])
+      .merge(:owner => current_resource_owner)
    end
  end
diff --git a/app/controllers/reports_controller.rb b/app/controllers/reports_controller.rb

index e2ec400a57665ba92483cfefc3ebde36007878b9..e4a0bf41bd7c18fde286376db27daf2e32f0b324 100644 (file)
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -49,7 +49,7 @@ class ReportsController < ApplicationController
    end
  
    def report_params
-    params.require(:report).permit(:details, :category)
+    params.expect(:report => [:details, :category])
    end
  
    def issue_params
diff --git a/app/controllers/traces_controller.rb b/app/controllers/traces_controller.rb

index 53c1dedd6aeecb27e0c82dceaeb0184ffd12816e..2bf34f593e72c57710f7453026dae248b7ef0c6c 100644 (file)
--- a/app/controllers/traces_controller.rb
+++ b/app/controllers/traces_controller.rb
@@ -223,6 +223,6 @@ class TracesController < ApplicationController
    end
  
    def trace_params
-    params.require(:trace).permit(:description, :tagstring, :visibility)
+    params.expect(:trace => [:description, :tagstring, :visibility])
    end
  end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb

index 2ea2ea36f3006f4566e46830646904c529a88391..58ed0c48a06c43dae7cbd979dd39030ac92dfdd1 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -239,9 +239,9 @@ class UsersController < ApplicationController
    ##
    # return permitted user parameters
    def user_params
-    params.require(:user).permit(:email, :display_name,
-                                 :auth_provider, :auth_uid,
-                                 :pass_crypt, :pass_crypt_confirmation)
+    params.expect(:user => [:email, :display_name,
+                            :auth_provider, :auth_uid,
+                            :pass_crypt, :pass_crypt_confirmation])
    end
  
    ##
author	Tom Hughes <tom@compton.nu>
	Tue, 25 Feb 2025 19:08:57 +0000 (19:08 +0000)
committer	Tom Hughes <tom@compton.nu>
	Thu, 20 Mar 2025 11:38:27 +0000 (11:38 +0000)
app/controllers/accounts_controller.rb		patch \| blob \| history
app/controllers/diary_comments_controller.rb		patch \| blob \| history
app/controllers/diary_entries_controller.rb		patch \| blob \| history
app/controllers/issue_comments_controller.rb		patch \| blob \| history
app/controllers/messages_controller.rb		patch \| blob \| history
app/controllers/oauth2_applications_controller.rb		patch \| blob \| history
app/controllers/reports_controller.rb		patch \| blob \| history
app/controllers/traces_controller.rb		patch \| blob \| history
app/controllers/users_controller.rb		patch \| blob \| history