added sort for users list

2017-03-06 13:35:45 -06:00 · 2017-03-06 13:35:45 -06:00 · 8d36acd28e
commit 8d36acd28e
parent b6284fdd7e
3 changed files with 32 additions and 8 deletions
--- a/app/controllers/admin/user_controller.rb
+++ b/app/controllers/admin/user_controller.rb
@ -2,7 +2,8 @@
 module Admin
  class UserController < AdminController
    def index
-      @users = policy_scope User.order(:name)
+      @users = policy_scope User.order("#{sort_column} #{sort_direction}")
+               .page(params[:page])
    end

    def new
@ -52,5 +53,9 @@ module Admin
      def user_params
        params.require(:user).permit(policy(User).permitted_attributes)
      end
+
+      def sort_column
+        User.column_names.include?(params[:sort]) ? params[:sort] : 'name'
+      end
  end
 end
--- a/app/views/admin/user/_table_list.html.erb
+++ b/app/views/admin/user/_table_list.html.erb
@ -1,8 +1,8 @@
 <table cellspacing="0" cellpadding="0">
  <tr>
-    <th>User</th>
-    <th>Email</th>
-    <th>Role</th>
+    <th><%= sortable "name", "User" %></th>
+    <th><%= sortable "email" %></th>
+    <th><%= sortable "role" %></th>
    <th></th>
  </tr>

--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -6,7 +6,7 @@
      "fingerprint": "6f3216446dca0fa79e96267eb0323d50cc59e7bc1e1529fd160cd5beb185e2f2",
      "message": "Possible SQL injection",
      "file": "app/controllers/admin/candidate_controller.rb",
-      "line": 9,
+      "line": 7,
      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
      "code": "Candidate.order(\"#{sort_column} #{sort_direction}\")",
      "render_path": null,
@ -22,12 +22,31 @@
    {
      "warning_type": "SQL Injection",
      "warning_code": 0,
-      "fingerprint": "7b53c580318f2405b59e3332311533ed2d3b395020107634b5362462896dcc1a",
+      "fingerprint": "9e802ac2067c1ee551f97c1f37816b585451abc42b6a2c7903c6d97aa042da61",
+      "message": "Possible SQL injection",
+      "file": "app/controllers/admin/user_controller.rb",
+      "line": 5,
+      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "User.order(\"#{sort_column} #{sort_direction}\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Admin::UserController",
+        "method": "index"
+      },
+      "user_input": "sort_column",
+      "confidence": "Medium",
+      "note": ""
+    },
+    {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "a65b53d63f1d43cb831947d0693d2d1b8819e21aec5ee18bf09b577ade02a0ee",
      "message": "Possible SQL injection",
      "file": "app/controllers/admin/result_controller.rb",
      "line": 16,
      "link": "http://brakemanscanner.org/docs/warning_types/sql_injection/",
-      "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{sort_column} #{sort_direction}\")",
+      "code": "Candidate.where(:completed => true).includes(:recruiter).order(\"#{(\"(case when review_status = 0 then '' else name end)\" or sort_column)} #{sort_direction}\")",
      "render_path": null,
      "location": {
        "type": "method",
@ -57,6 +76,6 @@
      "note": "false positive"
    }
  ],
-  "updated": "2017-02-27 11:16:00 -0600",
+  "updated": "2017-03-06 12:16:23 -0600",
  "brakeman_version": "3.4.1"
 }