permits parameters in urls

2016-10-26 03:06:46 +02:00
parent dc88212b75
commit 1077a632cb
5 changed files with 23 additions and 14 deletions
--- a/app/controllers/admin/spending_proposals_controller.rb
+++ b/app/controllers/admin/spending_proposals_controller.rb
@@ -1,5 +1,6 @@
 class Admin::SpendingProposalsController < Admin::BaseController
  include FeatureFlags
+  before_action :load_filter_params
  feature_flag :spending_proposals

  has_filters %w{valuation_open without_admin managed valuating valuation_finished all}, only: :index
@@ -7,7 +8,7 @@ class Admin::SpendingProposalsController < Admin::BaseController
  load_and_authorize_resource

  def index
-    @spending_proposals = SpendingProposal.scoped_filter(params, @current_filter)
+    @spending_proposals = SpendingProposal.scoped_filter(filter_params, @current_filter)
                                          .order(cached_votes_up: :desc, created_at: :desc)
                                          .page(params[:page])
  end
@@ -23,7 +24,7 @@ class Admin::SpendingProposalsController < Admin::BaseController

  def update
    if @spending_proposal.update(spending_proposal_params)
-      redirect_to admin_spending_proposal_path(@spending_proposal, SpendingProposal.filter_params(params)),
+      redirect_to admin_spending_proposal_path(@spending_proposal, filter_params),
                  notice: t("flash.actions.update.spending_proposal")
    else
      load_admins
@@ -46,6 +47,14 @@ class Admin::SpendingProposalsController < Admin::BaseController
                                                :administrator_id, :tag_list, valuator_ids: [])
    end

+    def filter_params
+      params.permit(:geozone_id, :administrator_id, :tag_name, :valuator_id)
+    end
+
+    def load_filter_params
+      @filter_params ||= filter_params
+    end
+
    def load_admins
      @admins = Administrator.includes(:user).all
    end
--- a/app/models/spending_proposal.rb
+++ b/app/models/spending_proposal.rb
@@ -43,10 +43,6 @@ class SpendingProposal < ActiveRecord::Base
    super.try :html_safe
  end

-  def self.filter_params(params)
-    params.select{|x, _| %w{geozone_id administrator_id tag_name valuator_id}.include? x.to_s }
-  end
-
  def self.scoped_filter(params, current_filter)
    results = self
    results = results.by_geozone(params[:geozone_id])             if params[:geozone_id].present?
--- a/app/views/admin/spending_proposals/edit.html.erb
+++ b/app/views/admin/spending_proposals/edit.html.erb
@@ -1,11 +1,11 @@
-<%= link_to admin_spending_proposal_path(@spending_proposal, SpendingProposal.filter_params(params)), class: "back" do %>
+<%= link_to admin_spending_proposal_path(@spending_proposal, @filter_params.to_h), class: 'back' do %>
  <span class="icon-angle-left"></span> <%= t("admin.spending_proposals.show.back") %>
 <% end %>

 <%= form_for @spending_proposal,
             url: admin_spending_proposal_path(@spending_proposal) do |f| %>

-  <% SpendingProposal.filter_params(params).each do |filter_name, filter_value| %>
+  <% @filter_params.to_h.each do |filter_name, filter_value| %>
   <%= hidden_field_tag filter_name, filter_value %>
  <% end %>

@@ -15,7 +15,9 @@
    </div>

    <div class="ckeditor small-12 column">
-      <%= f.cktext_area :description, maxlength: SpendingProposal.description_max_length, ckeditor: { language: I18n.locale } %>
+      <%= f.cktext_area :description,
+                         maxlength: SpendingProposal.description_max_length,
+                         ckeditor: { language: I18n.locale } %>
    </div>

    <div class="small-12 column">
--- a/app/views/admin/spending_proposals/index.html.erb
+++ b/app/views/admin/spending_proposals/index.html.erb
@@ -55,7 +55,8 @@
        <strong><%= spending_proposal.id %></strong>
      </td>
      <td>
-        <%= link_to spending_proposal.title, admin_spending_proposal_path(spending_proposal, SpendingProposal.filter_params(params)) %>
+        <%= link_to spending_proposal.title,
+                    admin_spending_proposal_path(spending_proposal, @filter_params.to_h) %>
      </td>
      <td class="small">
        <% if spending_proposal.administrator.present? %>
--- a/app/views/admin/spending_proposals/show.html.erb
+++ b/app/views/admin/spending_proposals/show.html.erb
@@ -1,4 +1,4 @@
-<%= link_to admin_spending_proposals_path(SpendingProposal.filter_params(params)), data: {no_turbolink: true} do %>
+<%= link_to admin_spending_proposals_path(@filter_params.to_h), data: {no_turbolink: true} do %>
  <span class="icon-angle-left"></span> <%= t("admin.spending_proposals.show.back") %>
 <% end %>

@@ -6,7 +6,7 @@

 <%= link_to t("admin.spending_proposals.show.edit"),
              edit_admin_spending_proposal_path(@spending_proposal,
-                                                SpendingProposal.filter_params(params)) %>
+                                                @filter_params.to_h) %>

 <hr>

@@ -34,7 +34,7 @@
 <p>
  <%= link_to t("admin.spending_proposals.show.edit_classification"),
                edit_admin_spending_proposal_path(@spending_proposal,
-                                                  {anchor: "classification"}.merge(SpendingProposal.filter_params(params))) %>
+                                          {anchor: 'classification'}.merge(@filter_params.to_h)) %>
 </p>

 <hr>
@@ -44,6 +44,7 @@
 <%= render "valuation/spending_proposals/written_by_valuators" %>

 <p>
-  <%= link_to t("admin.spending_proposals.show.edit_dossier"), edit_valuation_spending_proposal_path(@spending_proposal) %>
+  <%= link_to t("admin.spending_proposals.show.edit_dossier"),
+              edit_valuation_spending_proposal_path(@spending_proposal) %>
 </p>