use Strong Parameters for Supplier

This commit is contained in:
JuliusR 2021-12-18 14:56:09 +01:00
parent e26ef59ea2
commit ad35e02ddb

View file

@ -37,7 +37,7 @@ class SuppliersController < ApplicationController
# POST /suppliers
# POST /suppliers.xml
def create
@supplier = Supplier.new(params[:supplier])
@supplier = Supplier.new(supplier_params)
respond_to do |format|
if @supplier.save
@ -55,7 +55,7 @@ class SuppliersController < ApplicationController
# PUT /suppliers/1.xml
def update
@supplier = Supplier.find(params[:id])
attrs = params[:supplier]
attrs = supplier_params
respond_to do |format|
# @todo fix by generating proper hidden input in html
@ -86,4 +86,32 @@ class SuppliersController < ApplicationController
format.xml { head :ok }
end
end
private
def supplier_params
params
.require(:supplier)
.permit(
:name,
:address,
:phone,
:phone2,
:fax,
:email,
:url,
:delivery_days,
:note,
:ftp_sync,
:ftp_host,
:ftp_user,
:ftp_password,
:ftp_type,
:ftp_regexp,
:mail_sync,
:mail_type,
:mail_from,
:mail_subject
)
end
end