members_controller.rb in adherent-0.2.0

- old
+ new

@@ -5,11 +5,11 @@
 module Adherent
   class MembersController < ApplicationController
     # GET /members
     # GET /members.json
     def index
-      @members = @organism.members.all
+      @members = @organism.members
   
       respond_to do |format|
         format.html # index.html.erb
         format.json { render json: @members }
       end
@@ -43,11 +43,11 @@
     end
   
     # POST /members
     # POST /members.json
     def create
-      @member = @organism.members.new(params[:member])
+      @member = @organism.members.new(member_params)
   
       respond_to do |format|
         if @member.save
           format.html { redirect_to new_member_coord_url(@member.id), notice: 'Le membre a été créé avec succès ; Enregistrez maintenant les coordonnées' }
           format.json { render json: @member, status: :created, location: @member }
@@ -62,11 +62,11 @@
     # PUT /members/1.json
     def update
       @member = Member.find(params[:id])
   
       respond_to do |format|
-        if @member.update_attributes(params[:member])
+        if @member.update_attributes(member_params)
           format.html { redirect_to @member, notice: 'Les données ont été mises à jour' }
           format.json { head :no_content }
         else
           format.html { render action: "edit" }
           format.json { render json: @member.errors, status: :unprocessable_entity }
@@ -82,8 +82,15 @@
   
       respond_to do |format|
         format.html { redirect_to members_url }
         format.json { head :no_content }
       end
+    end
+    
+    private 
+    
+     # Never trust parameters from the scary internet, only allow the white list through.
+    def member_params
+      params.require(:member).permit(:birthdate, :forname, :name, :number)
     end
   end
 end