From 8d36acd28e567bc5f7766709621e0ff04f390064 Mon Sep 17 00:00:00 2001 From: Mark Moser Date: Mon, 6 Mar 2017 13:35:45 -0600 Subject: [PATCH] added sort for users list --- app/controllers/admin/user_controller.rb | 7 +++++- app/views/admin/user/_table_list.html.erb | 6 ++--- config/brakeman.ignore | 27 +++++++++++++++++++---- 3 files changed, 32 insertions(+), 8 deletions(-) diff --git a/app/controllers/admin/user_controller.rb b/app/controllers/admin/user_controller.rb index d8ab69a..ead944c 100644 --- a/app/controllers/admin/user_controller.rb +++ b/app/controllers/admin/user_controller.rb @@ -2,7 +2,8 @@ module Admin class UserController < AdminController def index - @users = policy_scope User.order(:name) + @users = policy_scope User.order("#{sort_column} #{sort_direction}") + .page(params[:page]) end def new @@ -52,5 +53,9 @@ module Admin def user_params params.require(:user).permit(policy(User).permitted_attributes) end + + def sort_column + User.column_names.include?(params[:sort]) ? params[:sort] : 'name' + end end end diff --git a/app/views/admin/user/_table_list.html.erb b/app/views/admin/user/_table_list.html.erb index 9b8ef8f..63204eb 100644 --- a/app/views/admin/user/_table_list.html.erb +++ b/app/views/admin/user/_table_list.html.erb @@ -1,8 +1,8 @@ - - - + + + diff --git a/config/brakeman.ignore b/config/brakeman.ignore index ff0142e..e869cec 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -6,7 +6,7 @@ "fingerprint": "6f3216446dca0fa79e96267eb0323d50cc59e7bc1e1529fd160cd5beb185e2f2", "message": "Possible SQL injection", "file": "app/controllers/admin/candidate_controller.rb", - "line": 9, + "line": 7, "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "Candidate.order(\"#{sort_column} #{sort_direction}\")", "render_path": null, @@ -22,12 +22,31 @@ { "warning_type": "SQL Injection", "warning_code": 0, - "fingerprint": "7b53c580318f2405b59e3332311533ed2d3b395020107634b5362462896dcc1a", + "fingerprint": "9e802ac2067c1ee551f97c1f37816b585451abc42b6a2c7903c6d97aa042da61", + "message": "Possible SQL injection", + "file": "app/controllers/admin/user_controller.rb", + "line": 5, + "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/", + "code": "User.order(\"#{sort_column} #{sort_direction}\")", + "render_path": null, + "location": { + "type": "method", + "class": "Admin::UserController", + "method": "index" + }, + "user_input": "sort_column", + "confidence": "Medium", + "note": "" + }, + { + "warning_type": "SQL Injection", + "warning_code": 0, + "fingerprint": "a65b53d63f1d43cb831947d0693d2d1b8819e21aec5ee18bf09b577ade02a0ee", "message": "Possible SQL injection", "file": "app/controllers/admin/result_controller.rb", "line": 16, "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/", - "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{sort_column} #{sort_direction}\")", + "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{(\"(case when review_status = 0 then '' else name end)\" or sort_column)} #{sort_direction}\")", "render_path": null, "location": { "type": "method", @@ -57,6 +76,6 @@ "note": "false positive" } ], - "updated": "2017-02-27 11:16:00 -0600", + "updated": "2017-03-06 12:16:23 -0600", "brakeman_version": "3.4.1" }
UserEmailRole<%= sortable "name", "User" %><%= sortable "email" %><%= sortable "role" %>