Commit f66019a9 authored by jplang's avatar jplang

Handle admin and login with safe_attributes.

git-svn-id: https://svn.redmine.org/redmine/trunk@15663 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 1ed19970
......@@ -137,7 +137,6 @@ class AccountController < ApplicationController
redirect_to my_account_path
end
else
@user.login = params[:user][:login]
unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
@user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
end
......
......@@ -87,10 +87,8 @@ class UsersController < ApplicationController
end
def create
@user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
@user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option, :admin => false)
@user.safe_attributes = params[:user]
@user.admin = params[:user][:admin] || false
@user.login = params[:user][:login]
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
@user.pref.attributes = params[:pref] if params[:pref]
......@@ -127,8 +125,6 @@ class UsersController < ApplicationController
end
def update
@user.admin = params[:user][:admin] if params[:user][:admin]
@user.login = params[:user][:login] if params[:user][:login]
if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
end
......
......@@ -100,7 +100,7 @@ class User < Principal
attr_accessor :remote_ip
# Prevents unauthorized assignments
attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
attr_protected :password, :password_confirmation, :hashed_password
LOGIN_LENGTH_LIMIT = 60
MAIL_LENGTH_LIMIT = 60
......@@ -696,10 +696,15 @@ class User < Principal
'custom_fields',
'identity_url'
safe_attributes 'login',
:if => lambda {|user, current_user| user.new_record?}
safe_attributes 'status',
'auth_source_id',
'generate_password',
'must_change_passwd',
'login',
'admin',
:if => lambda {|user, current_user| current_user.admin?}
safe_attributes 'group_ids',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment