deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Protect users projects_limit from mass assignment.

Browse source
This commit is contained in:
Marin Jankovski 2012-09-26 13:20:44 +02:00
parent 8ec956421c
commit 5928388b1c
3 changed files with 32 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/admin/users_controller.rb
View file

@ -30,7 +30,7 @@ class Admin::UsersController < AdminController
def new
@admin_user = User.new(projects_limit: Gitlab.config.default_projects_limit)
@admin_user = User.new({ projects_limit: Gitlab.config.default_projects_limit }, as: :admin)
end
def edit
@ -60,7 +60,7 @@ class Admin::UsersController < AdminController
def create
admin = params[:user].delete("admin")
@admin_user = User.new(params[:user])
@admin_user = User.new(params[:user], as: :admin)
@admin_user.admin = (admin && admin.to_i > 0)
respond_to do |format|
@ -86,7 +86,7 @@ class Admin::UsersController < AdminController
@admin_user.admin = (admin && admin.to_i > 0)
respond_to do |format|
if @admin_user.update_attributes(params[:user])
if @admin_user.update_attributes(params[:user], as: :admin)
format.html { redirect_to [:admin, @admin_user], notice: 'User was successfully updated.' }
format.json { head :ok }
else