discourse/app/controllers/admin/site_settings_controller.rb
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00

16 lines
362 B
Ruby

class Admin::SiteSettingsController < Admin::AdminController
def index
site_settings = SiteSetting.all_settings
info = {site_settings: site_settings, diags: SiteSetting.diags }
render_json_dump(info.as_json)
end
def update
params.require(:value)
SiteSetting.send("#{params[:id]}=", params[:value])
render nothing: true
end
end