From 829aecfce33530d28d72ffb8c83fa9453301b260 Mon Sep 17 00:00:00 2001 From: Andrew Tomaka Date: Sat, 6 Apr 2013 12:25:31 -0400 Subject: [PATCH] Autofill user_id; editing still vulnerable --- app/controllers/alerts_controller.rb | 1 + app/models/alert.rb | 8 ++++---- app/views/alerts/_form.html.erb | 12 ------------ 3 files changed, 5 insertions(+), 16 deletions(-) diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb index 6ec982f..47d7ec7 100644 --- a/app/controllers/alerts_controller.rb +++ b/app/controllers/alerts_controller.rb @@ -40,6 +40,7 @@ class AlertsController < ApplicationController # POST /alerts.json def create @alert = Alert.new(params[:alert]) + @alert.user_id = current_user.id respond_to do |format| if @alert.save diff --git a/app/models/alert.rb b/app/models/alert.rb index db84ded..412a7a3 100644 --- a/app/models/alert.rb +++ b/app/models/alert.rb @@ -17,10 +17,10 @@ class Alert < ActiveRecord::Base :format => { :with => /\A[0-9]+[A-Za-z]?\Z/ } - validates :user_id, :presence => true, - :numericality => { - only_integer: true - } + # validates :user_id, :presence => true, + # :numericality => { + # only_integer: true + # } validates :semester, :presence => true scope :user_alerts, lambda { |user_id| diff --git a/app/views/alerts/_form.html.erb b/app/views/alerts/_form.html.erb index 758bfe6..5937420 100644 --- a/app/views/alerts/_form.html.erb +++ b/app/views/alerts/_form.html.erb @@ -1,10 +1,4 @@ <%= form_for @alert, :html => { :class => 'form-horizontal' } do |f| %> -
- <%= f.label :user_id, :class => 'control-label' %> -
- <%= f.number_field :user_id, :class => 'number_field' %> -
-
<%= f.label :department, :class => 'control-label' %>
@@ -23,12 +17,6 @@ <%= f.text_field :semester, :class => 'text_field' %>
-
- <%= f.label :alerted, :class => 'control-label' %> -
- <%= f.check_box :alerted, :class => 'check_box' %> -
-
<%= f.submit nil, :class => 'btn btn-primary' %>