diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2018-03-01 02:47:59 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-01 02:47:59 +0100 |
commit | fce8464077dfca64c3bc9a52b7bcde50c9ac555e (patch) | |
tree | e99eedf4a8e23ae1415ac51e833751510e6ec2b4 /app/controllers/api/base_controller.rb | |
parent | 47bdb9b33b021c92bdfc6698914776eda13f6f77 (diff) |
Ensure that boolean params in the API are parsed for truthiness (#6575)
Use Rails smart boolean cast to account for values such as "f", "0", "false", etc. Previously, if a param was present in the request, it would count as true.
Diffstat (limited to 'app/controllers/api/base_controller.rb')
-rw-r--r-- | app/controllers/api/base_controller.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 52e68ab35..7b5168b31 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -51,6 +51,10 @@ class Api::BaseController < ApplicationController [params[:limit].to_i.abs, default_limit * 2].min end + def truthy_param?(key) + ActiveModel::Type::Boolean.new.cast(params[key]) + end + def current_resource_owner @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token end |