From fed7af8dcec1a2f10d2a3e706f2da0b2bb02e270 Mon Sep 17 00:00:00 2001 From: Jay Hardee Date: Thu, 16 Feb 2017 14:08:36 -0500 Subject: [PATCH] Fix strong params usage in Dashboard::ProtocolsController. Use a fork of filterrific gem until bug is fixed. See https://github.com/jhund/filterrific/pull/116 --- Gemfile | 2 +- Gemfile.lock | 9 +++++-- .../dashboard/protocols_controller.rb | 25 ++++++++++++++++--- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 724125867c..246d384815 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,7 @@ gem 'devise', '~> 4.2' gem 'dynamic_form' gem 'execjs' gem 'exception_notification' -gem 'filterrific' +gem 'filterrific', git: 'https://github.com/ayaman/filterrific.git' gem 'gon', '~> 6.1' gem 'grape', '0.7.0' gem 'grape-entity', '~> 0.4.4' diff --git a/Gemfile.lock b/Gemfile.lock index c089d5efd9..2f2845ccff 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,6 +12,12 @@ GIT acts_as_list (0.9.2) activerecord (>= 3.0) +GIT + remote: https://github.com/ayaman/filterrific.git + revision: 292ecd953df4ec70f2f9a879105ef5aba5b77e95 + specs: + filterrific (2.1.2) + GIT remote: https://github.com/jleonardw9/grouped_validations.git revision: dc4207a7966fe691a240a47718b3d9689861a76f @@ -206,7 +212,6 @@ GEM railties (>= 3.0.0) faker (1.7.3) i18n (~> 0.5) - filterrific (2.1.2) formtastic (2.2.1) actionpack (>= 3.0) globalid (0.3.7) @@ -562,7 +567,7 @@ DEPENDENCIES execjs factory_girl_rails faker - filterrific + filterrific! gon (~> 6.1) grape (= 0.7.0) grape-entity (~> 0.4.4) diff --git a/app/controllers/dashboard/protocols_controller.rb b/app/controllers/dashboard/protocols_controller.rb index 27f2322b1d..09725662d8 100644 --- a/app/controllers/dashboard/protocols_controller.rb +++ b/app/controllers/dashboard/protocols_controller.rb @@ -39,11 +39,10 @@ def index else @organizations = Dashboard::IdentityOrganizations.new(@user.id).general_user_organizations_with_protocols @default_filter_params[:admin_filter] = "for_identity #{@user.id}" - params[:filterrific][:admin_filter] = "for_identity #{@user.id}" if params[:filterrific] end @filterrific = - initialize_filterrific(Protocol, params[:filterrific], + initialize_filterrific(Protocol, params[:filterrific] && filterrific_params, default_filter_params: @default_filter_params, select_options: { with_status: AVAILABLE_STATUSES.invert, @@ -211,6 +210,24 @@ def view_details private + def filterrific_params + temp = params.require(:filterrific).permit(:identity_id, + :search_name, + :show_archived, + :admin_filter, + :search_query, + :sorted_by, + with_organization: [], + with_status: [], + with_owner: []) + + unless @admin + temp[:admin_filter] = "for_identity #{@user.id}" + end + + temp + end + def protocol_params @protocol_params ||= begin params.require(:protocol).permit(:archived, @@ -282,9 +299,9 @@ def find_protocol def setup_sorting_variables # Set filterrific params for sorting logic, store sorted by to re-apply styling - @filterrific_params = params[:filterrific] ? params[:filterrific].except(:sorted_by) : @default_filter_params + @filterrific_params = params[:filterrific] ? filterrific_params.except(:sorted_by) : @default_filter_params @page = params[:page] - @sorted_by = params[:filterrific][:sorted_by] if params[:filterrific] + @sorted_by = filterrific_params[:sorted_by] if params[:filterrific] @sort_name = @sorted_by.split(' ')[0] if @sorted_by @sort_order = @sorted_by.split(' ')[1] if @sorted_by @new_sort_order = (@sort_order == 'asc' ? 'desc' : 'asc') if @sort_order