From 1077a632cb8198301e6feab9046c217c1c33bb1d Mon Sep 17 00:00:00 2001 From: rgarcia Date: Wed, 26 Oct 2016 03:06:46 +0200 Subject: [PATCH] permits parameters in urls --- .../admin/spending_proposals_controller.rb | 13 +++++++++++-- app/models/spending_proposal.rb | 4 ---- app/views/admin/spending_proposals/edit.html.erb | 8 +++++--- app/views/admin/spending_proposals/index.html.erb | 3 ++- app/views/admin/spending_proposals/show.html.erb | 9 +++++---- 5 files changed, 23 insertions(+), 14 deletions(-) diff --git a/app/controllers/admin/spending_proposals_controller.rb b/app/controllers/admin/spending_proposals_controller.rb index 899a32486..4ef96a3c0 100644 --- a/app/controllers/admin/spending_proposals_controller.rb +++ b/app/controllers/admin/spending_proposals_controller.rb @@ -1,5 +1,6 @@ class Admin::SpendingProposalsController < Admin::BaseController include FeatureFlags + before_action :load_filter_params feature_flag :spending_proposals has_filters %w{valuation_open without_admin managed valuating valuation_finished all}, only: :index @@ -7,7 +8,7 @@ class Admin::SpendingProposalsController < Admin::BaseController load_and_authorize_resource def index - @spending_proposals = SpendingProposal.scoped_filter(params, @current_filter) + @spending_proposals = SpendingProposal.scoped_filter(filter_params, @current_filter) .order(cached_votes_up: :desc, created_at: :desc) .page(params[:page]) end @@ -23,7 +24,7 @@ class Admin::SpendingProposalsController < Admin::BaseController def update if @spending_proposal.update(spending_proposal_params) - redirect_to admin_spending_proposal_path(@spending_proposal, SpendingProposal.filter_params(params)), + redirect_to admin_spending_proposal_path(@spending_proposal, filter_params), notice: t("flash.actions.update.spending_proposal") else load_admins @@ -46,6 +47,14 @@ class Admin::SpendingProposalsController < Admin::BaseController :administrator_id, :tag_list, valuator_ids: []) end + def filter_params + params.permit(:geozone_id, :administrator_id, :tag_name, :valuator_id) + end + + def load_filter_params + @filter_params ||= filter_params + end + def load_admins @admins = Administrator.includes(:user).all end diff --git a/app/models/spending_proposal.rb b/app/models/spending_proposal.rb index 2b6b9fd67..f5501dc5b 100644 --- a/app/models/spending_proposal.rb +++ b/app/models/spending_proposal.rb @@ -43,10 +43,6 @@ class SpendingProposal < ActiveRecord::Base super.try :html_safe end - def self.filter_params(params) - params.select{|x, _| %w{geozone_id administrator_id tag_name valuator_id}.include? x.to_s } - end - def self.scoped_filter(params, current_filter) results = self results = results.by_geozone(params[:geozone_id]) if params[:geozone_id].present? diff --git a/app/views/admin/spending_proposals/edit.html.erb b/app/views/admin/spending_proposals/edit.html.erb index f7a4d545d..29438f28b 100644 --- a/app/views/admin/spending_proposals/edit.html.erb +++ b/app/views/admin/spending_proposals/edit.html.erb @@ -1,11 +1,11 @@ -<%= link_to admin_spending_proposal_path(@spending_proposal, SpendingProposal.filter_params(params)), class: "back" do %> +<%= link_to admin_spending_proposal_path(@spending_proposal, @filter_params.to_h), class: 'back' do %> <%= t("admin.spending_proposals.show.back") %> <% end %> <%= form_for @spending_proposal, url: admin_spending_proposal_path(@spending_proposal) do |f| %> - <% SpendingProposal.filter_params(params).each do |filter_name, filter_value| %> + <% @filter_params.to_h.each do |filter_name, filter_value| %> <%= hidden_field_tag filter_name, filter_value %> <% end %> @@ -15,7 +15,9 @@
- <%= f.cktext_area :description, maxlength: SpendingProposal.description_max_length, ckeditor: { language: I18n.locale } %> + <%= f.cktext_area :description, + maxlength: SpendingProposal.description_max_length, + ckeditor: { language: I18n.locale } %>
diff --git a/app/views/admin/spending_proposals/index.html.erb b/app/views/admin/spending_proposals/index.html.erb index 8f2711c29..a36c19d35 100644 --- a/app/views/admin/spending_proposals/index.html.erb +++ b/app/views/admin/spending_proposals/index.html.erb @@ -55,7 +55,8 @@ <%= spending_proposal.id %> - <%= link_to spending_proposal.title, admin_spending_proposal_path(spending_proposal, SpendingProposal.filter_params(params)) %> + <%= link_to spending_proposal.title, + admin_spending_proposal_path(spending_proposal, @filter_params.to_h) %> <% if spending_proposal.administrator.present? %> diff --git a/app/views/admin/spending_proposals/show.html.erb b/app/views/admin/spending_proposals/show.html.erb index ddb47e359..6569a0036 100644 --- a/app/views/admin/spending_proposals/show.html.erb +++ b/app/views/admin/spending_proposals/show.html.erb @@ -1,4 +1,4 @@ -<%= link_to admin_spending_proposals_path(SpendingProposal.filter_params(params)), data: {no_turbolink: true} do %> +<%= link_to admin_spending_proposals_path(@filter_params.to_h), data: {no_turbolink: true} do %> <%= t("admin.spending_proposals.show.back") %> <% end %> @@ -6,7 +6,7 @@ <%= link_to t("admin.spending_proposals.show.edit"), edit_admin_spending_proposal_path(@spending_proposal, - SpendingProposal.filter_params(params)) %> + @filter_params.to_h) %>
@@ -34,7 +34,7 @@

<%= link_to t("admin.spending_proposals.show.edit_classification"), edit_admin_spending_proposal_path(@spending_proposal, - {anchor: "classification"}.merge(SpendingProposal.filter_params(params))) %> + {anchor: 'classification'}.merge(@filter_params.to_h)) %>

@@ -44,6 +44,7 @@ <%= render "valuation/spending_proposals/written_by_valuators" %>

- <%= link_to t("admin.spending_proposals.show.edit_dossier"), edit_valuation_spending_proposal_path(@spending_proposal) %> + <%= link_to t("admin.spending_proposals.show.edit_dossier"), + edit_valuation_spending_proposal_path(@spending_proposal) %>