Project

General

Profile

Feature #3917

Add strong_parameters to foreman

Added by David Davis over 5 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Rails
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Related issues

Related to Foreman - Bug #7594: extract params defined in apipie documentation to use for strong parametersNew
Related to Foreman - Bug #7568: Use attr_accessible for rails 4 upgradeClosed2014-09-22
Related to Katello - Feature #15741: Use parameter_filter instead of attr_accessibleClosed2016-07-19
Related to Discovery - Refactor #15750: Add strong parameters to Discovery PluginClosed2016-07-20
Related to Docker - Feature #15888: Remove calls to attr_accessibleClosed2016-07-28
Related to Foreman - Bug #15951: host's interfaces_attributes compute_attributes not passed to vmClosed2016-08-03
Related to Salt - Bug #15958: Move to using strong parametersClosed2016-08-03
Related to Foreman Remote Execution - Bug #16002: move to strong parametersClosed2016-08-05
Related to Foreman - Bug #16025: Import subnets from proxy returns 500Closed2016-08-09
Related to OpenSCAP - Bug #16096: Remove attr_accessible from modelsClosed2016-08-12
Related to Foreman - Bug #16264: Template combinations cannot be createdClosed2016-08-24
Related to Foreman - Bug #16376: required flag not set from puppetclassClosed2016-08-30
Related to Foreman - Bug #16578: Resolve templates button throws undefined method `[]' for nil:NilClass on image hostsClosed2016-09-16
Related to Foreman - Bug #17170: NIC page does not reload when Bond is selectedClosed2016-11-01
Related to Foreman - Bug #17300: Attached devices not saved when editing bond network interfacesClosed2016-11-09
Related to Foreman - Bug #19417: keep_params throws error if params don't contain top level hashClosed2017-04-27
Related to Foreman - Feature #22285: Present error message when passing integer when array expected for API callNew
Is duplicate of Foreman - Bug #1519: rails security problemDuplicate2012-03-06
Blocks Foreman - Tracker #15715: Rails 5.0 upgrade tasksResolved2016-07-18

Associated revisions

Revision 12612809 (diff)
Added by Dominic Cleal almost 3 years ago

fixes #3917 - replace protected_attrs with strong parameters

Filtering of attributes has moved from the protected_attributes gem to
strong parameters in controller concerns, to be in line with current
Rails recommendations.

Concerns are shared between UI and both API controllers and list the
attributes using Foreman::ParameterFilter, which provides additional
features:

1. Registration of additional attributes from plugins, through the
plugin API or `attr_accessible` for short term compatibility.
2. Re-use of permitted attribute lists for nested models (e.g. host
and interface).
3. Combining of lists of attributes from all sources in a single
permit call.
4. A small DSL for changing accepted parameters based on controller,
action and UI/API type.

Plugins should either temporarily depend on protected_attributes to
continue to protect their models or call permit/use ParameterFilter
similarly: http://projects.theforeman.org/projects/foreman/wiki/Strong_parameters

Some UI changes were required to make nested model hash keys all
integers instead of "new_123456" etc, else strong parameters would
filter the entries out.

The Role model's builtin default has been moved from initialize to the
database as the removal of protected_attrs changed the initialisation
order.

Revision 87526d1e (diff)
Added by Dominic Cleal almost 3 years ago

refs #3917 - remove protected_attributes requirement

History

#2 Updated by David Davis about 5 years ago

  • Subject changed from Add strong_parameters gem to foreman to Add strong_parameters to foreman

#3 Updated by David Davis about 5 years ago

  • Assignee deleted (David Davis)

#4 Updated by Ohad Levy over 4 years ago

#5 Updated by Ohad Levy over 4 years ago

  • Is duplicate of Bug #1519: rails security problem added

#6 Updated by Ohad Levy over 4 years ago

  • Status changed from New to Duplicate

#7 Updated by Ohad Levy over 4 years ago

  • Status changed from Duplicate to New

#8 Updated by Ohad Levy over 4 years ago

  • Category set to Rails

#9 Updated by Ohad Levy over 4 years ago

#10 Updated by Ohad Levy over 4 years ago

#11 Updated by Shlomi Zadok over 4 years ago

  • Assignee set to Shlomi Zadok

#12 Updated by Shlomi Zadok over 4 years ago

  • Status changed from New to Assigned

#13 Updated by Joseph Magen over 4 years ago

  • Related to Bug #7594: extract params defined in apipie documentation to use for strong parameters added

#14 Updated by Ohad Levy over 4 years ago

  • Legacy Backlogs Release (now unused) set to 21

#15 Updated by The Foreman Bot over 4 years ago

  • Status changed from Assigned to Ready For Testing
  • Target version set to 1.7.2
  • Pull request https://github.com/theforeman/foreman/pull/1819 added
  • Pull request deleted ()

#16 Updated by David Davis over 4 years ago

  • Related to Refactor #7816: Refactor code now that foreman has strong_params added

#17 Updated by David Davis over 4 years ago

  • Related to deleted (Refactor #7816: Refactor code now that foreman has strong_params)

#18 Updated by David Davis over 4 years ago

  • Blocks Refactor #7816: Refactor code now that foreman has strong_params added

#19 Updated by David Davis over 4 years ago

  • Blocks deleted (Refactor #7816: Refactor code now that foreman has strong_params)

#20 Updated by Dominic Cleal over 4 years ago

  • Legacy Backlogs Release (now unused) deleted (21)

#21 Updated by Dominic Cleal almost 4 years ago

  • Status changed from Ready For Testing to New
  • Assignee deleted (Shlomi Zadok)
  • Pull request added
  • Pull request deleted (https://github.com/theforeman/foreman/pull/1819)

#22 Updated by The Foreman Bot almost 4 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2509 added
  • Pull request deleted ()

#23 Updated by Dominic Cleal over 3 years ago

  • Related to Bug #7568: Use attr_accessible for rails 4 upgrade added

#24 Updated by Dominic Cleal over 3 years ago

#25 Updated by Dominic Cleal over 3 years ago

  • Status changed from Ready For Testing to New
  • Pull request deleted (https://github.com/theforeman/foreman/pull/2509)

PR was closed.

#26 Updated by Dominic Cleal almost 3 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal
  • Target version deleted (1.7.2)

#27 Updated by Dominic Cleal almost 3 years ago

#28 Updated by The Foreman Bot almost 3 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3659 added

#29 Updated by David Davis almost 3 years ago

  • Related to Feature #15741: Use parameter_filter instead of attr_accessible added

#30 Updated by Lukas Zapletal almost 3 years ago

  • Related to Refactor #15750: Add strong parameters to Discovery Plugin added

#31 Updated by David Davis almost 3 years ago

#32 Updated by Dominic Cleal almost 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#33 Updated by Dominic Cleal almost 3 years ago

  • Legacy Backlogs Release (now unused) set to 160

#34 Updated by Timo Goebel almost 3 years ago

  • Related to Bug #15951: host's interfaces_attributes compute_attributes not passed to vm added

#35 Updated by Stephen Benjamin almost 3 years ago

  • Related to Bug #15958: Move to using strong parameters added

#36 Updated by Michael Moll almost 3 years ago

  • Related to Bug #16002: move to strong parameters added

#37 Updated by Dominic Cleal almost 3 years ago

  • Related to Bug #16025: Import subnets from proxy returns 500 added

#38 Updated by Ondřej Pražák almost 3 years ago

  • Related to Bug #16096: Remove attr_accessible from models added

#39 Updated by Dominic Cleal almost 3 years ago

  • Related to Bug #16264: Template combinations cannot be created added

#40 Updated by Dominic Cleal over 2 years ago

  • Related to Bug #16376: required flag not set from puppetclass added

#41 Updated by Dominic Cleal over 2 years ago

  • Related to Bug #16578: Resolve templates button throws undefined method `[]' for nil:NilClass on image hosts added

#42 Updated by Dominic Cleal over 2 years ago

  • Related to Bug #17170: NIC page does not reload when Bond is selected added

#43 Updated by Dominic Cleal over 2 years ago

  • Related to Bug #17300: Attached devices not saved when editing bond network interfaces added

#44 Updated by Tomer Brisker about 2 years ago

  • Related to Bug #19417: keep_params throws error if params don't contain top level hash added

#45 Updated by Tomer Brisker over 1 year ago

  • Related to Feature #22285: Present error message when passing integer when array expected for API call added

Also available in: Atom PDF