Remove unsafe params from antenna old edit page

kmycode · Sep 14, 2023 · 2277427 · 2277427
1 parent 258a29f
commit 2277427
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 197 deletions.
diff --git a/app/controllers/antennas_controller.rb b/app/controllers/antennas_controller.rb
@@ -5,7 +5,6 @@ class AntennasController < ApplicationController
 
   before_action :authenticate_user!
   before_action :set_antenna, only: [:edit, :update, :destroy]
-  before_action :set_lists, only: [:new, :edit]
   before_action :set_body_classes
   before_action :set_cache_headers
 
@@ -54,16 +53,12 @@ def set_antenna
     @antenna = current_account.antennas.find(params[:id])
   end
 
-  def set_lists
-    @lists = current_account.owned_lists
-  end
-
   def resource_params
-    params.require(:antenna).permit(:title, :list, :available, :insert_feeds, :stl, :expires_in, :with_media_only, :ignore_reblog, :keywords_raw, :exclude_keywords_raw, :domains_raw, :exclude_domains_raw, :accounts_raw, :exclude_accounts_raw, :tags_raw, :exclude_tags_raw)
+    params.require(:antenna).permit(:title, :available, :expires_in)
   end
 
   def thin_resource_params
-    params.require(:antenna).permit(:title, :list)
+    params.require(:antenna).permit(:title)
   end
 
   def set_body_classes

diff --git a/app/models/antenna.rb b/app/models/antenna.rb
@@ -92,142 +92,6 @@ def context
     context
   end
 
-  def list=(list_id)
-    list_id = list_id.to_i if list_id.is_a?(String)
-    if list_id.is_a?(Numeric)
-      self[:list_id] = list_id
-    else
-      self[:list] = list_id
-    end
-  end
-
-  def keywords_raw
-    return '' if keywords.blank?
-
-    keywords.join("\n")
-  end
-
-  def keywords_raw=(raw)
-    keywords = raw.split(/\R/).filter { |r| r.present? && r.length >= 2 }.uniq
-    self[:keywords] = keywords
-    self[:any_keywords] = keywords.none?
-  end
-
-  def exclude_keywords_raw
-    return '' if exclude_keywords.blank?
-
-    exclude_keywords.join("\n")
-  end
-
-  def exclude_keywords_raw=(raw)
-    exclude_keywords = raw.split(/\R/).filter(&:present?).uniq
-    self[:exclude_keywords] = exclude_keywords
-  end
-
-  def tags_raw
-    antenna_tags.where(exclude: false).map { |tag| tag.tag.name }.join("\n")
-  end
-
-  def tags_raw=(raw)
-    return if tags_raw == raw
-
-    tag_names = raw.split(/\R/).filter(&:present?).map { |r| r.start_with?('#') ? r[1..] : r }.uniq
-
-    antenna_tags.where(exclude: false).destroy_all
-    Tag.find_or_create_by_names(tag_names).each do |tag|
-      antenna_tags.create!(tag: tag, exclude: false)
-    end
-    self[:any_tags] = tag_names.none?
-  end
-
-  def exclude_tags_raw
-    return '' if exclude_tags.blank?
-
-    Tag.where(id: exclude_tags).map(&:name).join("\n")
-  end
-
-  def exclude_tags_raw=(raw)
-    return if exclude_tags_raw == raw
-
-    tags = []
-    tag_names = raw.split(/\R/).filter(&:present?).map { |r| r.start_with?('#') ? r[1..] : r }.uniq
-    Tag.find_or_create_by_names(tag_names).each do |tag|
-      tags << tag.id
-    end
-    self[:exclude_tags] = tags
-  end
-
-  def domains_raw
-    antenna_domains.where(exclude: false).map(&:name).join("\n")
-  end
-
-  def domains_raw=(raw)
-    return if domains_raw == raw
-
-    domain_names = raw.split(/\R/).filter(&:present?).uniq
-
-    antenna_domains.where(exclude: false).destroy_all
-    domain_names.each do |domain|
-      antenna_domains.create!(name: domain, exclude: false)
-    end
-    self[:any_domains] = domain_names.none?
-  end
-
-  def exclude_domains_raw
-    return '' if exclude_domains.blank?
-
-    exclude_domains.join("\n")
-  end
-
-  def exclude_domains_raw=(raw)
-    return if exclude_domains_raw == raw
-
-    domain_names = raw.split(/\R/).filter(&:present?).uniq
-    self[:exclude_domains] = domain_names
-  end
-
-  def accounts_raw
-    antenna_accounts.where(exclude: false).map(&:account).map { |account| account.domain ? "@#{account.username}@#{account.domain}" : "@#{account.username}" }.join("\n")
-  end
-
-  def accounts_raw=(raw)
-    return if accounts_raw == raw
-
-    account_names = raw.split(/\R/).filter(&:present?).map { |r| r.start_with?('@') ? r[1..] : r }.uniq
-
-    hit = false
-    antenna_accounts.where(exclude: false).destroy_all
-    account_names.each do |name|
-      username, domain = name.split('@')
-      account = Account.find_by(username: username, domain: domain)
-      if account.present?
-        antenna_accounts.create!(account: account, exclude: false)
-        hit = true
-      end
-    end
-    self[:any_accounts] = !hit
-  end
-
-  def exclude_accounts_raw
-    return '' if exclude_accounts.blank?
-
-    Account.where(id: exclude_accounts).map { |account| account.domain ? "@#{account.username}@#{account.domain}" : "@#{account.username}" }.join("\n")
-  end
-
-  def exclude_accounts_raw=(raw)
-    return if exclude_accounts_raw == raw
-
-    account_names = raw.split(/\R/).filter(&:present?).map { |r| r.start_with?('@') ? r[1..] : r }.uniq
-
-    accounts = []
-    account_names.each do |name|
-      username, domain = name.split('@')
-      account = Account.find_by(username: username, domain: domain)
-      accounts << account.id if account.present?
-    end
-    self[:exclude_accounts] = accounts
-  end
-
   private
 
   def validate_limit

diff --git a/app/views/antennas/_antenna_fields.html.haml b/app/views/antennas/_antenna_fields.html.haml
@@ -8,57 +8,4 @@
     = f.input :expires_in, wrapper: :with_label, collection: [30.minutes, 1.hour, 6.hours, 12.hours, 1.day, 1.week].map(&:to_i), label_method: lambda { |i| I18n.t("invites.expires_in.#{i}") }, include_blank: I18n.t('invites.expires_in_prompt')
 
 .fields-row
-  .fields-group.fields-row__column.fields-row__column-6
-    = f.input :list, collection: lists, wrapper: :with_label, label_method: lambda { |list| list.title }, label: t('antennas.edit.list'), selected: f.object.list&.id, hint: false, include_blank: '[Insert to Home]'
-  .fields-group.fields-row__column.fields-row__column-6
-    = f.input :available, wrapper: :with_label, label: t('antennas.edit.available'), hint: false
-
-.fields-row
-  = f.input :insert_feeds, wrapper: :with_label, label: t('antennas.edit.insert_feeds')
-.fields-row
-  = f.input :stl, wrapper: :with_label, label: t('antennas.edit.stl'), hint: t('antennas.edit.stl_hint')
-
-%hr.spacer/
-%p.hint= t 'antennas.edit.hint'
-%hr.spacer/
-
-%h4= t('antennas.contexts.domain')
-%p.hint= t 'antennas.edit.domains_hint'
-
-.fields-row
-  .fields-row__column.fields-row__column-6.fields-group
-    = f.input :domains_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.domains_raw')
-  .fields-row__column.fields-row__column-6.fields-group
-    = f.input :exclude_domains_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.exclude_domains_raw')
-
-%h4= t('antennas.contexts.account')
-%p.hint= t 'antennas.edit.accounts_hint'
-
-.fields-row
-  .fields-row__column.fields-row__column-6.fields-group
-    = f.input :accounts_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.accounts_raw')
-  .fields-row__column.fields-row__column-6.fields-group
-    = f.input :exclude_accounts_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.exclude_accounts_raw')
-
-%h4= t('antennas.contexts.tag')
-
-.fields-row
-  .fields-row__column.fields-row__column-6.fields-group
-    = f.input :tags_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.tags_raw')
-  .fields-row__column.fields-row__column-6.fields-group
-    = f.input :exclude_tags_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.exclude_tags_raw')
-
-%h4= t('antennas.contexts.keyword')
-%p.hint= t 'antennas.edit.keywords_hint'
-
-.fields-row
-  .fields-row__column.fields-row__column-6.fields-group
-    = f.input :keywords_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.keywords_raw')
-  .fields-row__column.fields-row__column-6.fields-group
-    = f.input :exclude_keywords_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.exclude_keywords_raw')
-
-%hr.spacer/
-.fields-group
-  = f.input :with_media_only, wrapper: :with_label, label: t('antennas.edit.with_media_only'), hint: false
-.fields-group
-  = f.input :ignore_reblog, wrapper: :with_label, label: t('antennas.edit.ignore_reblog'), hint: false
+  = f.input :available, wrapper: :with_label, label: t('antennas.edit.available'), hint: false