Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
5928388b
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
5928388b
编写于
9月 26, 2012
作者:
M
Marin Jankovski
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Protect users projects_limit from mass assignment.
上级
8ec95642
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
32 addition
and
5 deletion
+32
-5
app/controllers/admin/users_controller.rb
app/controllers/admin/users_controller.rb
+3
-3
app/models/user.rb
app/models/user.rb
+3
-2
spec/models/user_spec.rb
spec/models/user_spec.rb
+26
-0
未找到文件。
app/controllers/admin/users_controller.rb
浏览文件 @
5928388b
...
...
@@ -30,7 +30,7 @@ class Admin::UsersController < AdminController
def
new
@admin_user
=
User
.
new
(
projects_limit:
Gitlab
.
config
.
default_projects_limit
)
@admin_user
=
User
.
new
(
{
projects_limit:
Gitlab
.
config
.
default_projects_limit
},
as: :admin
)
end
def
edit
...
...
@@ -60,7 +60,7 @@ class Admin::UsersController < AdminController
def
create
admin
=
params
[
:user
].
delete
(
"admin"
)
@admin_user
=
User
.
new
(
params
[
:user
])
@admin_user
=
User
.
new
(
params
[
:user
]
,
as: :admin
)
@admin_user
.
admin
=
(
admin
&&
admin
.
to_i
>
0
)
respond_to
do
|
format
|
...
...
@@ -86,7 +86,7 @@ class Admin::UsersController < AdminController
@admin_user
.
admin
=
(
admin
&&
admin
.
to_i
>
0
)
respond_to
do
|
format
|
if
@admin_user
.
update_attributes
(
params
[
:user
])
if
@admin_user
.
update_attributes
(
params
[
:user
]
,
as: :admin
)
format
.
html
{
redirect_to
[
:admin
,
@admin_user
],
notice:
'User was successfully updated.'
}
format
.
json
{
head
:ok
}
else
...
...
app/models/user.rb
浏览文件 @
5928388b
...
...
@@ -6,8 +6,9 @@ class User < ActiveRecord::Base
:recoverable
,
:rememberable
,
:trackable
,
:validatable
,
:omniauthable
attr_accessible
:email
,
:password
,
:password_confirmation
,
:remember_me
,
:bio
,
:name
,
:projects_limit
,
:skype
,
:linkedin
,
:twitter
,
:dark_scheme
,
:theme_id
,
:force_random_password
,
:extern_uid
,
:provider
:name
,
:skype
,
:linkedin
,
:twitter
,
:dark_scheme
,
:theme_id
,
:force_random_password
,
:extern_uid
,
:provider
,
:as
=>
[
:default
,
:admin
]
attr_accessible
:projects_limit
,
:as
=>
:admin
attr_accessor
:force_random_password
...
...
spec/models/user_spec.rb
浏览文件 @
5928388b
...
...
@@ -73,4 +73,30 @@ describe User do
user
.
authentication_token
.
should_not
be_blank
end
end
describe
"attributes can be changed by a regular user"
do
before
do
@user
=
Factory
:user
@user
.
update_attributes
(
skype:
"testskype"
,
linkedin:
"testlinkedin"
)
end
it
{
@user
.
skype
.
should
==
'testskype'
}
it
{
@user
.
linkedin
.
should
==
'testlinkedin'
}
end
describe
"attributes that shouldn't be changed by a regular user"
do
before
do
@user
=
Factory
:user
@user
.
update_attributes
(
projects_limit:
50
)
end
it
{
@user
.
projects_limit
.
should_not
==
50
}
end
describe
"attributes can be changed by an admin user"
do
before
do
@admin_user
=
Factory
:admin
@admin_user
.
update_attributes
({
skype:
"testskype"
,
projects_limit:
50
},
as: :admin
)
end
it
{
@admin_user
.
skype
.
should
==
'testskype'
}
it
{
@admin_user
.
projects_limit
.
should
==
50
}
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录