From d1048c76ba8ce6ec3127c1de9cb4c63ba14d7038 Mon Sep 17 00:00:00 2001 From: Adrianna Chang Date: Wed, 19 May 2021 13:22:38 -0400 Subject: [PATCH] Use StrongParameters only for task_params --- .../maintenance_tasks/tasks_controller.rb | 12 ++++++------ app/models/maintenance_tasks/runner.rb | 2 ++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/app/controllers/maintenance_tasks/tasks_controller.rb b/app/controllers/maintenance_tasks/tasks_controller.rb index 65c1e9e43..2ebc02b77 100644 --- a/app/controllers/maintenance_tasks/tasks_controller.rb +++ b/app/controllers/maintenance_tasks/tasks_controller.rb @@ -26,9 +26,9 @@ def show # Runs a given Task and redirects to the Task page. def run task = Runner.run( - name: task_params.fetch(:id), - csv_file: task_params[:csv_file], - params: task_params[:task_params].to_h, + name: params.fetch(:id), + csv_file: params[:csv_file], + params: task_params, ) redirect_to(task_path(task)) rescue ActiveRecord::RecordInvalid => error @@ -40,9 +40,9 @@ def run private def task_params - params_to_exclude = ["_method", "commit", "authenticity_token"] - params.reject { |param| params_to_exclude.include?(param) } - .permit(:id, :csv_file, task_params: {}) + return {} unless params[:task_params].present? + task_attributes = Task.named(params[:id]).attribute_names + params.require(:task_params).permit(*task_attributes).to_h end def set_refresh diff --git a/app/models/maintenance_tasks/runner.rb b/app/models/maintenance_tasks/runner.rb index b60a3be29..94e2444e2 100644 --- a/app/models/maintenance_tasks/runner.rb +++ b/app/models/maintenance_tasks/runner.rb @@ -37,6 +37,8 @@ def initialize(run) # for the Task to iterate over when running, in the form of an attachable # (see https://edgeapi.rubyonrails.org/classes/ActiveStorage/Attached/One.html#method-i-attach). # Value is nil if the Task does not use CSV iteration. + # @param params [Hash] the parameters to make accessible to the Task and to + # persist to the Run. # # @return [Task] the Task that was run. #