From: Tom Hughes <tom@compton.nu>
Date: Tue, 25 Feb 2025 19:08:57 +0000 (+0000)
Subject: Replace permit/require with expect for parameter validation
X-Git-Tag: live~98^2~2
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/05423504d7e560c258d5c7f34010b4051f4ebb06?ds=inline;hp=--cc

Replace permit/require with expect for parameter validation
---

05423504d7e560c258d5c7f34010b4051f4ebb06
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index e2a82c20e..31653448a 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -25,7 +25,7 @@ class AccountsController < ApplicationController
   end
 
   def update
-    user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
+    user_params = params.expect(:user => [:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider])
 
     if params[:user][:auth_provider].blank? ||
        (params[:user][:auth_provider] == current_user.auth_provider &&
diff --git a/app/controllers/diary_comments_controller.rb b/app/controllers/diary_comments_controller.rb
index 91e05ff74..5bbf2bf63 100644
--- a/app/controllers/diary_comments_controller.rb
+++ b/app/controllers/diary_comments_controller.rb
@@ -51,6 +51,6 @@ class DiaryCommentsController < ApplicationController
   ##
   # return permitted diary comment parameters
   def comment_params
-    params.require(:diary_comment).permit(:body)
+    params.expect(:diary_comment => [:body])
   end
 end
diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb
index 94876e72a..f3752cb2c 100644
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@@ -219,7 +219,7 @@ class DiaryEntriesController < ApplicationController
   ##
   # return permitted diary entry parameters
   def entry_params
-    params.require(:diary_entry).permit(:title, :body, :language_code, :latitude, :longitude)
+    params.expect(:diary_entry => [:title, :body, :language_code, :latitude, :longitude])
   rescue ActionController::ParameterMissing
     ActionController::Parameters.new.permit(:title, :body, :language_code, :latitude, :longitude)
   end
diff --git a/app/controllers/issue_comments_controller.rb b/app/controllers/issue_comments_controller.rb
index 5bf4d0237..cb504ad04 100644
--- a/app/controllers/issue_comments_controller.rb
+++ b/app/controllers/issue_comments_controller.rb
@@ -33,7 +33,7 @@ class IssueCommentsController < ApplicationController
   private
 
   def issue_comment_params
-    params.require(:issue_comment).permit(:body)
+    params.expect(:issue_comment => [:body])
   end
 
   # This sort of assumes there are only two roles
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index 1979c9edc..cb72d4d57 100644
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -78,7 +78,7 @@ class MessagesController < ApplicationController
   ##
   # return permitted message parameters
   def message_params
-    params.require(:message).permit(:title, :body)
+    params.expect(:message => [:title, :body])
   rescue ActionController::ParameterMissing
     ActionController::Parameters.new.permit(:title, :body)
   end
diff --git a/app/controllers/oauth2_applications_controller.rb b/app/controllers/oauth2_applications_controller.rb
index 97d84b173..fcb9afc3b 100644
--- a/app/controllers/oauth2_applications_controller.rb
+++ b/app/controllers/oauth2_applications_controller.rb
@@ -21,8 +21,8 @@ class Oauth2ApplicationsController < Doorkeeper::ApplicationsController
 
   def application_params
     params[:oauth2_application][:scopes]&.delete("")
-    params.require(:oauth2_application)
-          .permit(:name, :redirect_uri, :confidential, :scopes => [])
-          .merge(:owner => current_resource_owner)
+    params
+      .expect(:oauth2_application => [:name, :redirect_uri, :confidential, { :scopes => [] }])
+      .merge(:owner => current_resource_owner)
   end
 end
diff --git a/app/controllers/reports_controller.rb b/app/controllers/reports_controller.rb
index e2ec400a5..e4a0bf41b 100644
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -49,7 +49,7 @@ class ReportsController < ApplicationController
   end
 
   def report_params
-    params.require(:report).permit(:details, :category)
+    params.expect(:report => [:details, :category])
   end
 
   def issue_params
diff --git a/app/controllers/traces_controller.rb b/app/controllers/traces_controller.rb
index 53c1dedd6..2bf34f593 100644
--- a/app/controllers/traces_controller.rb
+++ b/app/controllers/traces_controller.rb
@@ -223,6 +223,6 @@ class TracesController < ApplicationController
   end
 
   def trace_params
-    params.require(:trace).permit(:description, :tagstring, :visibility)
+    params.expect(:trace => [:description, :tagstring, :visibility])
   end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 2ea2ea36f..58ed0c48a 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -239,9 +239,9 @@ class UsersController < ApplicationController
   ##
   # return permitted user parameters
   def user_params
-    params.require(:user).permit(:email, :display_name,
-                                 :auth_provider, :auth_uid,
-                                 :pass_crypt, :pass_crypt_confirmation)
+    params.expect(:user => [:email, :display_name,
+                            :auth_provider, :auth_uid,
+                            :pass_crypt, :pass_crypt_confirmation])
   end
 
   ##