policy strong_params
This commit is contained in:
parent
d3205a6080
commit
4a70b795e5
@ -26,7 +26,7 @@ module Admin
|
|||||||
private
|
private
|
||||||
|
|
||||||
def user_params
|
def user_params
|
||||||
params.require(:user).permit(:name, :email, :password, :password_confirmation)
|
params.require(:user).permit(policy(User).permitted_attributes)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -50,7 +50,7 @@ module Admin
|
|||||||
private
|
private
|
||||||
|
|
||||||
def user_params
|
def user_params
|
||||||
params.require(:user).permit(:name, :email, :role, :password, quiz_ids: [])
|
params.require(:user).permit(policy(User).permitted_attributes)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -17,6 +17,11 @@ class UserPolicy < ApplicationPolicy
|
|||||||
user.admin? || user == record
|
user.admin? || user == record
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def permitted_attributes
|
||||||
|
return [:name, :email, :role, :password, quiz_ids: []] if user.admin?
|
||||||
|
[:name, :email, :password, :password_confirmation]
|
||||||
|
end
|
||||||
|
|
||||||
class Scope < Scope
|
class Scope < Scope
|
||||||
def resolve
|
def resolve
|
||||||
return scope if user.admin?
|
return scope if user.admin?
|
||||||
|
Loading…
Reference in New Issue
Block a user