You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This fixes a problem that was introduced in this commit [1]. The call to
`skip_load_resource only: :create` was removed which meant that the call
to `load_and_authorize_resource` triggered an attempt to instantiate a
`Project` model using the params identified by CanCanCan. This included
the `image_list` param which did not exist as an attribute on a
`Project` and thus resulted in the following exception:
ActiveModel::UnknownAttributeError: unknown attribute 'image_list' for Project.
I did initially look at fixing the problem while maintaining the ability
to pass the `image_list` into `Project::Create#call`. However, the
functionality in `Project::Create#build_project` which loops through the
`image_list` was not previously tested and I can't really see that it
ever worked. Furthermore, @sra405 has pointed out that we're not
currently allowing users to add their own images to a project for
safeguarding reasons and so I thought it made more sense to fix the
problem by removing support for `image_list` from the create project
endpoint for now until we actually need it. /cc @loiswells97
Removing the `image_list` param from the permitted params in
`Api::ProjectsController#base_params` should mean it is never included
in the params supplied to either CanCanCan's
`load_and_authorize_resource` method or to `Project::Create#call`,
although it will mean that a warning will appear in the logs. So ideally
we'd remove it from the params being supplied by the UI.
Note that the images from the projects in the `raspberrypilearning`
GitHub organisation [2] are added to a project using a different
mechanism and so should not be affected by this change.
[1]: 39f45f7
0 commit comments