diff --git a/app/controllers/polling/poll_choices_controller.rb b/app/controllers/polling/poll_choices_controller.rb index b07f17831c0..a2cf88fa94f 100644 --- a/app/controllers/polling/poll_choices_controller.rb +++ b/app/controllers/polling/poll_choices_controller.rb @@ -115,7 +115,7 @@ module Polling # } # def create - poll_choice_params = params[:poll_choices][0] + poll_choice_params = get_poll_choice_params @poll_choice = @poll.poll_choices.new(poll_choice_params) @poll_choice.is_correct = false if poll_choice_params && poll_choice_params[:is_correct].blank? @@ -148,7 +148,7 @@ module Polling # } # def update - poll_choice_params = params[:poll_choices][0] + poll_choice_params = get_poll_choice_params @poll_choice = @poll.poll_choices.find(params[:id]) if poll_choice_params && poll_choice_params[:is_correct].blank? @@ -204,5 +204,9 @@ module Polling }).as_json end + def get_poll_choice_params + strong_params.require(:poll_choices)[0].permit(:text, :is_correct, :position) + end + end end diff --git a/app/controllers/polling/poll_sessions_controller.rb b/app/controllers/polling/poll_sessions_controller.rb index 2502071c053..f6e4067c84b 100644 --- a/app/controllers/polling/poll_sessions_controller.rb +++ b/app/controllers/polling/poll_sessions_controller.rb @@ -136,7 +136,7 @@ module Polling # } # def create - poll_session_params = params[:poll_sessions][0] + poll_session_params = get_poll_session_params if course_id = poll_session_params.delete(:course_id) @course = Course.find(course_id) @@ -183,9 +183,8 @@ module Polling # def update @poll_session = @poll.poll_sessions.find(params[:id]) - poll_session_params = params[:poll_sessions][0] if authorized_action(@poll, @current_user, :update) - if @poll_session.update_attributes(poll_session_params) + if @poll_session.update_attributes(get_poll_session_params) render json: serialize_jsonapi(@poll_session) else render json: @poll_session.errors, status: :bad_request @@ -300,5 +299,8 @@ module Polling }).as_json end + def get_poll_session_params + strong_params.require(:poll_sessions)[0].permit(:course_id, :course_section_id, :has_public_results) + end end end diff --git a/app/controllers/polling/polls_controller.rb b/app/controllers/polling/polls_controller.rb index 7bf885d8ba1..362fef828c9 100644 --- a/app/controllers/polling/polls_controller.rb +++ b/app/controllers/polling/polls_controller.rb @@ -116,8 +116,7 @@ module Polling # } # def create - poll_params = params[:polls][0] - @poll = @current_user.polls.new(poll_params) + @poll = @current_user.polls.new(get_poll_params) if authorized_action(@poll, @current_user, :create) if @poll.save render json: serialize_jsonapi(@poll) @@ -145,7 +144,7 @@ module Polling # def update @poll = Polling::Poll.find(params[:id]) - poll_params = params[:polls][0] + poll_params = get_poll_params if authorized_action(@poll, @current_user, :update) poll_params.delete(:is_correct) if poll_params && poll_params[:is_correct].blank? @@ -197,5 +196,8 @@ module Polling }).as_json end + def get_poll_params + strong_params.require(:polls)[0].permit(:question, :description) + end end end diff --git a/app/models/discussion_topic/materialized_view.rb b/app/models/discussion_topic/materialized_view.rb index ab3ecb21a9b..ae7116a5e2f 100644 --- a/app/models/discussion_topic/materialized_view.rb +++ b/app/models/discussion_topic/materialized_view.rb @@ -24,7 +24,7 @@ class DiscussionTopic::MaterializedView < ActiveRecord::Base include Rails.application.routes.url_helpers def use_placeholder_host?; true; end - attr_accessible :discussion_topic + strong_params serialize :participants_array, Array serialize :entry_ids_array, Array diff --git a/app/models/live_assessments/assessment.rb b/app/models/live_assessments/assessment.rb index ce6d2d6ee60..76b9f2b0e58 100644 --- a/app/models/live_assessments/assessment.rb +++ b/app/models/live_assessments/assessment.rb @@ -18,7 +18,7 @@ module LiveAssessments class Assessment < ActiveRecord::Base - attr_accessible :context, :key, :title + strong_params belongs_to :context, polymorphic: [:course] has_many :submissions, class_name: 'LiveAssessments::Submission' diff --git a/app/models/live_assessments/result.rb b/app/models/live_assessments/result.rb index 90f2cfb1be7..2558a3df795 100644 --- a/app/models/live_assessments/result.rb +++ b/app/models/live_assessments/result.rb @@ -18,7 +18,7 @@ module LiveAssessments class Result < ActiveRecord::Base - attr_accessible :user, :assessor, :passed, :assessed_at + strong_params belongs_to :assessor, class_name: 'User' belongs_to :user diff --git a/app/models/live_assessments/submission.rb b/app/models/live_assessments/submission.rb index 9bbfa3c7e55..dc66ffde06c 100644 --- a/app/models/live_assessments/submission.rb +++ b/app/models/live_assessments/submission.rb @@ -18,7 +18,7 @@ module LiveAssessments class Submission < ActiveRecord::Base - attr_accessible :user, :assessment, :possible, :score, :assessed_at + strong_params belongs_to :user belongs_to :assessment, class_name: 'LiveAssessments::Assessment' diff --git a/app/models/lti/message_handler.rb b/app/models/lti/message_handler.rb index eae2317745a..58eafd7074f 100644 --- a/app/models/lti/message_handler.rb +++ b/app/models/lti/message_handler.rb @@ -22,7 +22,7 @@ module Lti BASIC_LTI_LAUNCH_REQUEST = 'basic-lti-launch-request'.freeze TOOL_PROXY_REREGISTRATION_REQUEST = 'ToolProxyRegistrationRequest'.freeze - attr_accessible :message_type, :placements, :launch_path, :capabilities, :parameters, :resource_handler, :links + strong_params attr_readonly :created_at belongs_to :resource_handler, class_name: "Lti::ResourceHandler", :foreign_key => :resource_handler_id diff --git a/app/models/lti/product_family.rb b/app/models/lti/product_family.rb index f3923b11ccc..c37f693f885 100644 --- a/app/models/lti/product_family.rb +++ b/app/models/lti/product_family.rb @@ -19,7 +19,7 @@ module Lti class ProductFamily < ActiveRecord::Base - attr_accessible :vendor_code, :product_code, :vendor_name, :vendor_description, :website, :vendor_email, :root_account + strong_params belongs_to :root_account, class_name: 'Account' has_many :tool_proxies, class_name: "Lti::ToolProxy", dependent: :destroy diff --git a/app/models/lti/resource_handler.rb b/app/models/lti/resource_handler.rb index 9b12aa38a4e..d6b313abc00 100644 --- a/app/models/lti/resource_handler.rb +++ b/app/models/lti/resource_handler.rb @@ -19,7 +19,7 @@ module Lti class ResourceHandler < ActiveRecord::Base - attr_accessible :resource_type_code, :name, :description, :icon_info, :tool_proxy + strong_params attr_readonly :created_at belongs_to :tool_proxy, class_name: 'Lti::ToolProxy' diff --git a/app/models/lti/resource_placement.rb b/app/models/lti/resource_placement.rb index 38274c9ed0d..c7652008cab 100644 --- a/app/models/lti/resource_placement.rb +++ b/app/models/lti/resource_placement.rb @@ -62,7 +62,7 @@ module Lti 'Canvas.placements.assignmentConfiguration' => ASSIGNMENT_CONFIGURATION, }.freeze - attr_accessible :placement, :message_handler, :resource_handler + strong_params belongs_to :message_handler, class_name: 'Lti::MessageHandler' belongs_to :resource_handler, class_name: 'Lti::ResourceHandler' diff --git a/app/models/lti/tool_proxy.rb b/app/models/lti/tool_proxy.rb index 516207805aa..3b176f3d190 100644 --- a/app/models/lti/tool_proxy.rb +++ b/app/models/lti/tool_proxy.rb @@ -19,7 +19,7 @@ module Lti class ToolProxy < ActiveRecord::Base - attr_accessible :shared_secret, :guid, :product_version, :lti_version, :product_family, :workflow_state, :raw_data, :context, :name, :description + strong_params has_many :bindings, class_name: 'Lti::ToolProxyBinding', dependent: :destroy has_many :resources, class_name: 'Lti::ResourceHandler', dependent: :destroy diff --git a/app/models/lti/tool_proxy_binding.rb b/app/models/lti/tool_proxy_binding.rb index 01d766b3226..16c807efef1 100644 --- a/app/models/lti/tool_proxy_binding.rb +++ b/app/models/lti/tool_proxy_binding.rb @@ -18,7 +18,7 @@ module Lti class ToolProxyBinding < ActiveRecord::Base - attr_accessible :context, :tool_proxy, :enabled + strong_params belongs_to :tool_proxy, class_name: 'Lti::ToolProxy' diff --git a/app/models/lti/tool_setting.rb b/app/models/lti/tool_setting.rb index 515e8c2674b..393ccfb6a3e 100644 --- a/app/models/lti/tool_setting.rb +++ b/app/models/lti/tool_setting.rb @@ -17,7 +17,7 @@ module Lti class ToolSetting < ActiveRecord::Base - attr_accessible :tool_proxy, :context, :resource_link_id, :custom + strong_params belongs_to :tool_proxy belongs_to :context, polymorphic: [:course, :account] diff --git a/app/models/moderated_grading/provisional_grade.rb b/app/models/moderated_grading/provisional_grade.rb index a95720c0df4..082ecfee0e9 100644 --- a/app/models/moderated_grading/provisional_grade.rb +++ b/app/models/moderated_grading/provisional_grade.rb @@ -1,7 +1,7 @@ class ModeratedGrading::ProvisionalGrade < ActiveRecord::Base include Canvas::GradeValidations - attr_accessible :grade, :score, :final, :graded_anonymously + strong_params attr_writer :force_save belongs_to :submission, inverse_of: :provisional_grades diff --git a/app/models/moderated_grading/selection.rb b/app/models/moderated_grading/selection.rb index 9e38b195033..855bf998d76 100644 --- a/app/models/moderated_grading/selection.rb +++ b/app/models/moderated_grading/selection.rb @@ -7,5 +7,5 @@ class ModeratedGrading::Selection < ActiveRecord::Base validates :student_id, uniqueness: { scope: :assignment_id } - attr_accessible :student + strong_params end diff --git a/app/models/polling/poll.rb b/app/models/polling/poll.rb index ade17cc9e26..baba46cf5cd 100644 --- a/app/models/polling/poll.rb +++ b/app/models/polling/poll.rb @@ -18,7 +18,7 @@ module Polling class Poll < ActiveRecord::Base - attr_accessible :user, :question, :description + strong_params belongs_to :user has_many :poll_choices, -> { order(:position) }, class_name: 'Polling::PollChoice', dependent: :destroy diff --git a/app/models/polling/poll_choice.rb b/app/models/polling/poll_choice.rb index 8b9fb8f97ab..5e24a55b127 100644 --- a/app/models/polling/poll_choice.rb +++ b/app/models/polling/poll_choice.rb @@ -20,7 +20,7 @@ module Polling class PollChoice < ActiveRecord::Base self.table_name = 'polling_poll_choices' - attr_accessible :text, :poll, :is_correct, :position + strong_params belongs_to :poll, class_name: 'Polling::Poll' has_many :poll_submissions, class_name: 'Polling::PollSubmission', dependent: :destroy diff --git a/app/models/polling/poll_session.rb b/app/models/polling/poll_session.rb index 6bb1f16c546..afc3f741a9e 100644 --- a/app/models/polling/poll_session.rb +++ b/app/models/polling/poll_session.rb @@ -18,7 +18,7 @@ module Polling class PollSession < ActiveRecord::Base - attr_accessible :poll, :course, :course_section, :course_id, :course_section_id, :has_public_results + strong_params belongs_to :course belongs_to :course_section diff --git a/app/models/polling/poll_submission.rb b/app/models/polling/poll_submission.rb index a8082da5876..8a7e5087597 100644 --- a/app/models/polling/poll_submission.rb +++ b/app/models/polling/poll_submission.rb @@ -18,7 +18,7 @@ module Polling class PollSubmission < ActiveRecord::Base - attr_accessible :poll, :poll_choice, :poll_session, :user + strong_params belongs_to :poll, class_name: 'Polling::Poll' belongs_to :poll_choice, class_name: 'Polling::PollChoice' diff --git a/gems/plugins/simply_versioned/lib/simply_versioned/version.rb b/gems/plugins/simply_versioned/lib/simply_versioned/version.rb index e09c15a72b9..b1cf7ed69d8 100644 --- a/gems/plugins/simply_versioned/lib/simply_versioned/version.rb +++ b/gems/plugins/simply_versioned/lib/simply_versioned/version.rb @@ -18,7 +18,7 @@ class Version < ActiveRecord::Base #:nodoc: validates_presence_of :versionable_id, :versionable_type before_create :initialize_number - + # Return an instance of the versioned ActiveRecord model with the attribute # values of this version. def model diff --git a/spec/apis/lti/ims/tool_proxy_api_spec.rb b/spec/apis/lti/ims/tool_proxy_api_spec.rb index b9915ba28a0..c9cb95880c9 100644 --- a/spec/apis/lti/ims/tool_proxy_api_spec.rb +++ b/spec/apis/lti/ims/tool_proxy_api_spec.rb @@ -33,7 +33,6 @@ module Lti guid: SecureRandom.uuid, shared_secret: 'abc', product_family: product_family, - root_account: account, product_version: '1', workflow_state: 'disabled', raw_data: {'proxy' => 'value'}, diff --git a/spec/apis/lti/ims/tool_setting_api_spec.rb b/spec/apis/lti/ims/tool_setting_api_spec.rb index bde5acd11bb..befe7e3508c 100644 --- a/spec/apis/lti/ims/tool_setting_api_spec.rb +++ b/spec/apis/lti/ims/tool_setting_api_spec.rb @@ -31,7 +31,6 @@ module Lti guid: SecureRandom.uuid, shared_secret: 'abc', product_family: product_family, - root_account: account, product_version: '1', workflow_state: 'disabled', raw_data: {'proxy' => 'value'}, diff --git a/spec/models/assignment_spec.rb b/spec/models/assignment_spec.rb index ac20012b302..4157e3e355b 100644 --- a/spec/models/assignment_spec.rb +++ b/spec/models/assignment_spec.rb @@ -115,7 +115,6 @@ describe Assignment do guid: SecureRandom.uuid, shared_secret: 'abc', product_family: product_family, - root_account: account, product_version: '1', workflow_state: 'disabled', raw_data: {'proxy' => 'value'}, diff --git a/spec/models/lti/app_collator_spec.rb b/spec/models/lti/app_collator_spec.rb index 538ae36429f..308e74e478b 100644 --- a/spec/models/lti/app_collator_spec.rb +++ b/spec/models/lti/app_collator_spec.rb @@ -28,7 +28,7 @@ module Lti context 'pagination' do it 'paginates correctly' do 3.times do |_| - tp = create_tool_proxy(account: account, name: 'aaa') + tp = create_tool_proxy(context: account, name: 'aaa') tp.bindings.create(context: account) end 3.times { |_| new_valid_external_tool(account) }