Module: Ibrain::PermittedAttributes

Defined in:: lib/ibrain/permitted_attributes.rb

Overview

Ibrain::PermittedAttributes contains the attributes permitted through strong params in various controllers in the frontend. Extensions and stores that need additional params to be accepted can mutate these arrays to add them.

Constant Summary collapse

ATTRIBUTES =

[
  :address_attributes,
  :user_attributes
]

@@address_attributes =

[
  :id, :name, :address1, :address2, :city, :country_id, :state_id,
  :zipcode, :phone, :state_name, :province_id, :ward_id, :district_id
]

@@user_attributes = Intentionally leaving off email here to prevent privilege escalation by changing a user with higher priveleges’ email to one a lower-priveleged admin owns. Creating a user with an email is handled separate at the controller level.

[:name, :email, :provider, :uid, :first_name, :last_name, :password, :password_confirmation]