mirror of
https://github.com/discourse/discourse.git
synced 2024-11-28 03:33:58 -06:00
0d01c33482
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that. The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method. It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
52 lines
1.3 KiB
Ruby
52 lines
1.3 KiB
Ruby
class Admin::SiteCustomizationsController < Admin::AdminController
|
|
|
|
def index
|
|
@site_customizations = SiteCustomization.all
|
|
|
|
respond_to do |format|
|
|
format.json { render json: @site_customizations }
|
|
end
|
|
end
|
|
|
|
def create
|
|
@site_customization = SiteCustomization.new(site_customization_params)
|
|
@site_customization.user_id = current_user.id
|
|
|
|
respond_to do |format|
|
|
if @site_customization.save
|
|
format.json { render json: @site_customization, status: :created}
|
|
else
|
|
format.json { render json: @site_customization.errors, status: :unprocessable_entity }
|
|
end
|
|
end
|
|
end
|
|
|
|
def update
|
|
@site_customization = SiteCustomization.find(params[:id])
|
|
|
|
respond_to do |format|
|
|
if @site_customization.update_attributes(site_customization_params)
|
|
format.json { head :no_content }
|
|
else
|
|
format.json { render json: @site_customization.errors, status: :unprocessable_entity }
|
|
end
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
@site_customization = SiteCustomization.find(params[:id])
|
|
@site_customization.destroy
|
|
|
|
respond_to do |format|
|
|
format.json { head :no_content }
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def site_customization_params
|
|
params.require(:site_customization).permit(:name, :stylesheet, :header, :position, :enabled, :key, :override_default_style, :stylesheet_baked)
|
|
end
|
|
|
|
end
|