Prevent mass-assignment when adding a project member (#10390).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9132 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
460239d1f9
commit
2c6ad7525a
|
@ -49,16 +49,18 @@ class MembersController < ApplicationController
|
||||||
|
|
||||||
def create
|
def create
|
||||||
members = []
|
members = []
|
||||||
if params[:membership] && params[:membership][:user_ids]
|
if params[:membership]
|
||||||
attrs = params[:membership].dup
|
if params[:membership][:user_ids]
|
||||||
user_ids = attrs.delete(:user_ids)
|
attrs = params[:membership].dup
|
||||||
user_ids.each do |user_id|
|
user_ids = attrs.delete(:user_ids)
|
||||||
members << Member.new(attrs.merge(:user_id => user_id))
|
user_ids.each do |user_id|
|
||||||
|
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
|
||||||
|
end
|
||||||
|
else
|
||||||
|
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
|
||||||
end
|
end
|
||||||
else
|
@project.members << members
|
||||||
members << Member.new(params[:membership])
|
|
||||||
end
|
end
|
||||||
@project.members << members
|
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
if members.present? && members.all? {|m| m.valid? }
|
if members.present? && members.all? {|m| m.valid? }
|
||||||
|
|
Loading…
Reference in New Issue