policy strong_params

This commit is contained in:
Mark Moser 2016-09-21 15:50:02 -05:00
parent d3205a6080
commit 4a70b795e5
3 changed files with 7 additions and 2 deletions

View File

@ -26,7 +26,7 @@ module Admin
private private
def user_params def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation) params.require(:user).permit(policy(User).permitted_attributes)
end end
end end
end end

View File

@ -50,7 +50,7 @@ module Admin
private private
def user_params def user_params
params.require(:user).permit(:name, :email, :role, :password, quiz_ids: []) params.require(:user).permit(policy(User).permitted_attributes)
end end
end end
end end

View File

@ -17,6 +17,11 @@ class UserPolicy < ApplicationPolicy
user.admin? || user == record user.admin? || user == record
end end
def permitted_attributes
return [:name, :email, :role, :password, quiz_ids: []] if user.admin?
[:name, :email, :password, :password_confirmation]
end
class Scope < Scope class Scope < Scope
def resolve def resolve
return scope if user.admin? return scope if user.admin?