Removed redundant gem && code improvements (#97)

Co-authored-by: Nik Il <root@exzec.ru>

Author: reshetov

Gemfile

@@ -8,4 +8,3 @@ group :test, :development do
   gem 'byebug'
   gem 'capybara-screenshot'
 end
-

app/controllers/keys_controller.rb

@@ -10,7 +10,6 @@ class KeysController < ApplicationController
   helper ContextMenusHelper
 
   def index
-
     unless Setting.plugin_vault['use_redmine_encryption'] ||
       Setting.plugin_vault['use_null_encryption']
       if not Setting.plugin_vault['encryption_key'] or Setting.plugin_vault['encryption_key'].empty?
@@ -37,9 +36,10 @@ def index
     end
 
     @keys = @keys.order(sort_clause) unless @keys.nil?
-    @keys = @keys.select { |key| key.whitelisted?(User, @project) } unless @keys.nil?
-    @keys = [] if @keys.nil? # hack for decryption
 
+    @keys = @keys.select { |key| key.whitelisted?(User.current, @project) } unless @keys.nil?
+    @keys = [] if @keys.nil? #hack for decryption
+    
     @limit = per_page_option
     @key_count = @keys.count
     @key_pages = Paginator.new @key_count, @limit, params[:page]
@@ -95,8 +95,9 @@ def all
     end
 
     @keys = @keys.order(sort_clause) unless @keys.nil?
-    @keys = @keys.select { |key| key.whitelisted?(User, key.project) } unless @keys.nil?
-    @keys = [] if @keys.nil? # hack for decryption
+
+    @keys = @keys.select { |key| key.whitelisted?(User.current, key.project) } unless @keys.nil?
+    @keys = [] if @keys.nil? #hack for decryption
 
     @limit = per_page_option
     @key_count = @keys.count
@@ -129,10 +130,10 @@ def copy
 
   def create
     save_file if key_params[:file]
-    @key = Vault::Key.new(key_params)
-
+    @key = Vault::Key.new
+    @key.safe_attributes = key_params.except(:tags)
     @key.project = @project
-
+    
     self.update_wishlist
 
     respond_to do |format|
@@ -148,6 +149,7 @@ def update
     save_file if key_params[:file]
     respond_to do |format|
       self.update_wishlist
+      @key.safe_attributes = key_params.except(:tags)
 
       if @key.update(key_params)
         @key.tags = key_params[:tags]
@@ -169,7 +171,7 @@ def update_wishlist
   end
 
   def edit
-    if !@key.whitelisted?(User, @project)
+    if !@key.whitelisted?(User.current, @project)
       render_error t("error.key.not_whitelisted")
       return
     else
@@ -181,7 +183,7 @@ def edit
   end
 
   def show
-    if !@key.whitelisted?(User, @project)
+    if !@key.whitelisted?(User.current, @project)
       render_error t("error.key.not_whitelisted")
       return
     else

app/controllers/tags_controller.rb

@@ -8,7 +8,9 @@ def index
   end
 
   def create
-    @tag = @key.tags.build(tag_params)
+    @tag = @key.tags.build
+    @tag.safe_attributes = tag_params
+
     if @tag.save
       redirect_to project_key_tags_path(@project, @key), notice: 'Tag was successfully created.'
     else
@@ -17,7 +19,8 @@ def create
   end
 
   def update
-    if @tag.update(tag_params)
+    @tag.safe_attributes = tag_params
+    if @tag.save
       redirect_to project_key_tags_path(@project, @key), notice: 'Tag was successfully updated.'
     else
       render :index
@@ -46,4 +49,4 @@ def find_tag
   def tag_params
     params.require(:tag).permit(:name, :color)
   end
-end
+end

app/models/vault/key.rb

@@ -3,9 +3,13 @@ module Vault
   require 'iconv'
 
   class Vault::Key < ActiveRecord::Base
+    include Redmine::SafeAttributes
+
     belongs_to :project
     has_and_belongs_to_many :tags, join_table: 'keys_vault_tags'
 
+    safe_attributes 'project_id', 'name', 'body', 'login', 'type', 'file', 'url', 'comment', 'whitelist'
+
     def tags=(tags_string)
       tag_objects = Vault::Tag.create_from_string(tags_string)
       self.tags.clear
@@ -42,7 +46,6 @@ def self.import(file)
               whitelist: rhash['comment']
             ).update_column(:id, rhash['id'])
           rescue
-
           end
         else
           begin
@@ -66,16 +69,19 @@ def self.import(file)
     end
 
     def whitelisted?(user, project)
-      return true if user.current.admin or !user.current.allowed_to?(:whitelist_keys, project)
-      self.whitelist.split(",").each do |id|
-        return true if User.in_group(id).where(:id => user.current.id).count == 1
+      return true if user.admin || !user.allowed_to?(:whitelist_keys, project)
+
+      whitelist_ids = self.whitelist.split(',')
+      return true if whitelist_ids.include?(user.id.to_s)
+
+      whitelist_ids.each do |id|
+        return true if User.in_group(id).where(id: user.id).any?
       end
-      return self.whitelist.split(",").include?(user.current.id.to_s)
-    end
 
+      false
+    end
   end
 
   class Vault::KeysVaultTags < ActiveRecord::Base
   end
-
 end

app/models/vault/key_file.rb

@@ -2,7 +2,6 @@ module Vault
   class KeyFile < Key
     before_update :update_file, if: :file_changed?
     before_destroy :delete_file
-
     private
 
     def update_file

app/models/vault/tag.rb

@@ -1,7 +1,11 @@
 module Vault
   class Tag < ActiveRecord::Base
+    include Redmine::SafeAttributes
+
     self.table_name = 'vault_tags'
-    has_and_belongs_to_many :keys, join_table: 'keys_vault_tags'
+    has_and_belongs_to_many :keys
+
+    safe_attributes 'name', 'color'
 
     validates :name, presence: true, uniqueness: true
     validates :color, presence: true

assets/javascripts/vault.js

@@ -30,4 +30,4 @@ $(function () {
 		hiddenLabel.toggle();
 		hiddenLabel.prev().toggle();
 	}
-});
+});

config/locales/ru.yml

@@ -11,7 +11,7 @@ ru:
 
   activerecord:
     models:
-      password: "Ключь"
+      password: "Ключ"
       sftp: "SFTP"
 
   backups: