include DbCurrentTime
respond_to :json
+
+ # Although CSRF protection is already enabled by default, this is
+ # still needed to reposition CSRF checks later in callback order.
protect_from_forgery
ERROR_ACTIONS = [:render_error, :render_not_found]
attrs_to_update = resource_attrs.reject { |k,v|
[:kind, :etag, :href].index k
}
- @object.update_attributes! attrs_to_update
+ @object.update! attrs_to_update
show
end
# given class.
sel.map do |column|
sp = column.split(".")
- if sp.length == 2 && sp[0] == model_class.table_name
+ if sp.length == 2 && sp[0] == model_class.table_name && model_class.selectable_attributes.include?(sp[1])
sp[1]
elsif model_class.selectable_attributes.include? column
column
# This is a little hacky but sometimes the fields the user wants
# to selecting on are unrelated to the object being loaded here,
# for example groups#contents, so filter the fields that will be
- # used in find_objects_for_index and then reset it below. In some
- # cases, code that modifies the @select list needs to set
+ # used in find_objects_for_index and then reset afterwards. In
+ # some cases, code that modifies the @select list needs to set
# @preserve_select.
@preserve_select = @select
@select = select_for_klass(@select, self.model_class, false)
:self_link => "",
:offset => @offset,
:limit => @limit,
- :items => @objects.as_api_response(nil, {select: select_for_klass(@select, model_class)})
+ :items => @objects.as_api_response(nil, {select: @select})
}
if @extra_included
- list[:included] = @extra_included.as_api_response(nil, {select: select_for_klass(@select, model_class)})
+ list[:included] = @extra_included.as_api_response(nil, {select: @select})
end
case params[:count]
when nil, '', 'exact'