Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix sanitize_params method #137

Closed
wants to merge 5 commits into from
Closed

Fix sanitize_params method #137

wants to merge 5 commits into from

Conversation

mizinsky
Copy link

Permit only @smart_listing params.

@mizinsky mizinsky requested a review from ljachymczyk January 12, 2018 07:38
@Ana06
Copy link

Ana06 commented Jan 15, 2018

Is this fixing #134?

@mizinsky
Copy link
Author

@Ana06 yes, this permit only smart-listing params.

ljachymczyk
ljachymczyk requested changes Jan 19, 2018
View reviewed changes
Copy link
Member

@ljachymczyk ljachymczyk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we still need to use if params.respond_to?(:permit!) just to handle Rails versions without strong parameters.
Also, in case we use strong parameters, I don't think we need to use UNSAFE_PARAMS any more (needs verification).

@mizinsky
Copy link
Author

I changed the approach, and there is no 'permit' method now.
I modeled on the kaminari's solution, and their way to handle strong params.
https://github.com/kaminari/kaminari/blob/e32c61cf6edd538bb9bca20421ec9447ebcd7d25/kaminari-core/lib/kaminari/helpers/tags.rb

ljachymczyk
ljachymczyk requested changes Feb 20, 2018
View reviewed changes
README.md Outdated
@@ -238,8 +238,9 @@ When form field changes its value, form is submitted and request is made. This n
```ruby
users_scope = User.active.joins(:stats)
users_scope = users_scope.like(params[:filter]) if params[:filter]
@users = smart_listing_create :users, users_scope, partial: "users/listing"
@users = smart_listing_create :users, users_scope, partial: "users/listing", custom_params: [:filter]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mizinsky is this still valid?

@ljachymczyk
Copy link
Member

Thanks @mizinsky

@mizinsky mizinsky deleted the sanitize-params branch March 12, 2018 07:22
vvondra added a commit to vvondra/smart_listing that referenced this pull request Mar 23, 2018
@vvondra
Merge remote-tracking branch 'sology/master'
54bfdd4 
* sology/master:
  Version bump.
  Remove duplicated href key from config template. Closes Sology#146
  Replace deprecated .any? with .present?. Closes Sology#143
  Update Dummy and Dev Environment to Rails 5.1. Closes Sology#140
  Fix sanitize_params method. Closes Sology#137
  Enable to configure global remote option. Closes Sology#131
  Kaminari update. Closes Sology#139
  Update Readme for Rails >= 5.1 Users
  Version bump.
  Fix indentation. Closes Sology#130
  Use #empty? for AC::Params. Closes Sology#122
  Add support for Turbolinks 5. Closes Sology#117
  Fix Kaminari #num_pages deprecation warning. Closes Sology#115
  Allow boostrap 4 compatibility. Closes Sology#114
  Use id.to_json so integers and uuids will both work. Closes Sology#113
  Fixing documentation for filter search icon to be displayed correctly.
  Allow to render outside of controllers. Closes Sology#106
  Update Gemfile.lock
  Version bump to 1.2.0
  Fix handling view arguments.
@fredZen fredZen mentioned this pull request May 23, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ljachymczyk ljachymczyk ljachymczyk approved these changes

Assignees

@ljachymczyk ljachymczyk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mizinsky @Ana06 @ljachymczyk