Commit da67dca1 authored by Robert Schilling's avatar Robert Schilling

Use grape to validate parameters in the members API

parent a77b40d4
...@@ -79,13 +79,12 @@ module API ...@@ -79,13 +79,12 @@ module API
optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY' optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
end end
put ":id/members/:user_id" do put ":id/members/:user_id" do
source = find_source(source_type, params[:id]) source = find_source(source_type, params.delete(:id))
authorize_admin_source!(source_type, source) authorize_admin_source!(source_type, source)
member = source.members.find_by!(user_id: params[:user_id]) member = source.members.find_by!(user_id: params.delete(:user_id))
attrs = attributes_for_keys [:access_level, :expires_at]
if member.update_attributes(attrs) if member.update_attributes(declared_params(include_missing: false))
present member.user, with: Entities::Member, member: member present member.user, with: Entities::Member, member: member
else else
# This is to ensure back-compatibility but 400 behavior should be used # This is to ensure back-compatibility but 400 behavior should be used
......
...@@ -86,13 +86,12 @@ module API ...@@ -86,13 +86,12 @@ module API
optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY' optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
end end
put ":id/members/:user_id" do put ":id/members/:user_id" do
source = find_source(source_type, params[:id]) source = find_source(source_type, params.delete(:id))
authorize_admin_source!(source_type, source) authorize_admin_source!(source_type, source)
member = source.members.find_by!(user_id: params[:user_id]) member = source.members.find_by!(user_id: params.delete(:user_id))
attrs = attributes_for_keys [:access_level, :expires_at]
if member.update_attributes(attrs) if member.update_attributes(declared_params(include_missing: false))
present member.user, with: ::API::Entities::Member, member: member present member.user, with: ::API::Entities::Member, member: member
else else
# This is to ensure back-compatibility but 400 behavior should be used # This is to ensure back-compatibility but 400 behavior should be used
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment