app/controllers/simple_admin/resources_controller.rb in simpleadmin-1.3.0 vs app/controllers/simple_admin/resources_controller.rb in simpleadmin-1.4.0
- old
+ new
@@ -1,7 +1,9 @@
module SimpleAdmin
class ResourcesController < BaseController
+ before_action :load_models!
+
def index
resource_service = ResourceService.new(model_klass, model_fields)
render json: resource_service.index_action(params[:per_page], params[:page], params[:sort],
params[:query], params[:model_attributes], params[:reflection_tables], params[:reflection_columns])
@@ -49,11 +51,23 @@
resource.destroy
end
private
+ def load_models!
+ Rails.application.load_models!
+ end
+
def model_klass
- params[:model_klass_name].constantize
+ model = params[:model_klass_name].safe_constantize
+
+ if ApplicationRecord.descendants.include?(model)
+ model
+ elsif model.nil?
+ raise ArgumentError
+ else
+ raise SecurityError
+ end
end
def model_fields
params[:model_fields].map { |model_field| model_field['field_name'] }
end