mmoser/skill-assessment-app
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added sort for users list

Browse Source
This commit is contained in:
Mark Moser 2017-03-06 13:35:45 -06:00
parent b6284fdd7e
commit 8d36acd28e
3 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/controllers/admin/user_controller.rb
View File

@ -2,7 +2,8 @@
module Admin module Admin
class UserController < AdminController class UserController < AdminController
def index def index
@users = policy_scope User.order(:name) @users = policy_scope User.order("#{sort_column} #{sort_direction}")
.page(params[:page])
end end
def new def new
@ -52,5 +53,9 @@ module Admin
def user_params def user_params
params.require(:user).permit(policy(User).permitted_attributes) params.require(:user).permit(policy(User).permitted_attributes)
end end
def sort_column
User.column_names.include?(params[:sort]) ? params[:sort] : 'name'
end
end end
end end

6
app/views/admin/user/_table_list.html.erb
View File

@ -1,8 +1,8 @@
<table cellspacing="0" cellpadding="0"> <table cellspacing="0" cellpadding="0">
<tr> <tr>
<th>User</th> <th><%= sortable "name", "User" %></th>
<th>Email</th> <th><%= sortable "email" %></th>
<th>Role</th> <th><%= sortable "role" %></th>
<th></th> <th></th>
</tr> </tr>

27
config/brakeman.ignore
View File

@ -6,7 +6,7 @@
"fingerprint": "6f3216446dca0fa79e96267eb0323d50cc59e7bc1e1529fd160cd5beb185e2f2", "fingerprint": "6f3216446dca0fa79e96267eb0323d50cc59e7bc1e1529fd160cd5beb185e2f2",
"message": "Possible SQL injection", "message": "Possible SQL injection",
"file": "app/controllers/admin/candidate_controller.rb", "file": "app/controllers/admin/candidate_controller.rb",
"line": 9, "line": 7,
"link": "http://brakemanscanner.org/docs/warning_types/sql_injection/", "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "Candidate.order(\"#{sort_column} #{sort_direction}\")", "code": "Candidate.order(\"#{sort_column} #{sort_direction}\")",
"render_path": null, "render_path": null,
@ -22,12 +22,31 @@
{ {
"warning_type": "SQL Injection", "warning_type": "SQL Injection",
"warning_code": 0, "warning_code": 0,
"fingerprint": "7b53c580318f2405b59e3332311533ed2d3b395020107634b5362462896dcc1a", "fingerprint": "9e802ac2067c1ee551f97c1f37816b585451abc42b6a2c7903c6d97aa042da61",
"message": "Possible SQL injection",
"file": "app/controllers/admin/user_controller.rb",
"line": 5,
"link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "User.order(\"#{sort_column} #{sort_direction}\")",
"render_path": null,
"location": {
"type": "method",
"class": "Admin::UserController",
"method": "index"
},
"user_input": "sort_column",
"confidence": "Medium",
"note": ""
},
{
"warning_type": "SQL Injection",
"warning_code": 0,
"fingerprint": "a65b53d63f1d43cb831947d0693d2d1b8819e21aec5ee18bf09b577ade02a0ee",
"message": "Possible SQL injection", "message": "Possible SQL injection",
"file": "app/controllers/admin/result_controller.rb", "file": "app/controllers/admin/result_controller.rb",
"line": 16, "line": 16,
"link": "http://brakemanscanner.org/docs/warning_types/sql_injection/", "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{sort_column} #{sort_direction}\")", "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{(\"(case when review_status = 0 then '' else name end)\" or sort_column)} #{sort_direction}\")",
"render_path": null, "render_path": null,
"location": { "location": {
"type": "method", "type": "method",
@ -57,6 +76,6 @@
"note": "false positive" "note": "false positive"
} }
], ],
"updated": "2017-02-27 11:16:00 -0600", "updated": "2017-03-06 12:16:23 -0600",
"brakeman_version": "3.4.1" "brakeman_version": "3.4.1"
} }