From: Tom Hughes <tom@compton.nu>
Date: Tue, 6 Aug 2013 23:22:50 +0000 (+0100)
Subject: Avoid mass assignment in the dev server rails setup script
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/635cbad67f035d591cf5442e3c230c2ef8c1bf26

Avoid mass assignment in the dev server rails setup script
---

diff --git a/cookbooks/dev/templates/default/rails.setup.rb.erb b/cookbooks/dev/templates/default/rails.setup.rb.erb
index 269ac4355..b49dbff4b 100644
--- a/cookbooks/dev/templates/default/rails.setup.rb.erb
+++ b/cookbooks/dev/templates/default/rails.setup.rb.erb
@@ -1,39 +1,39 @@
 unless Object.const_defined?(:Rake) or Object.const_defined?(:POTLATCH2_KEY)
   OpenStreetMap::Application.config.after_initialize do
     unless webmaster = User.find_by_email("webmaster@openstreetmap.org")
-      webmaster = User.create({
-        :display_name => "OpenStreetMap Webmaster",
-        :email => "webmaster@openstreetmap.org",
-        :pass_crypt => SecureRandom.hex,
-        :status => "active"
-      }, :without_protection => true)
+      webmaster = User.new
+      webmaster.display_name = "OpenStreetMap Webmaster"
+      webmaster.email = "webmaster@openstreetmap.org"
+      webmaster.pass_crypt = SecureRandom.hex
+      webmaster.status = "active"
+      webmaster.save!
     end
 
     permissions = Hash[ClientApplication.all_permissions.map { |p| [ p, true ] }]
 
     unless id = webmaster.client_applications.find_by_name("iD")
-      id = ClientApplication.create(permissions.merge({
-        :name => "iD",
-        :url => "http://<%= @site %>/",
-      }), :without_protection => true)
+      id = ClientApplication.new
+      id.name = "iD"
+      id.url = "http://<%= @site %>/"
+      id.save!
     end
 
     ID_KEY = id.key
 
     unless potlatch = webmaster.client_applications.find_by_name("Potlatch 2")
-      potlatch = ClientApplication.create(permissions.merge({
-        :name => "Potlatch 2",
-        :url => "http://<%= @site %>/",
-      }), :without_protection => true)
+      potlatch = ClientApplication.new
+      potlatch.name = "Potlatch 2"
+      potlatch.url = "http://<%= @site %>/"
+      potlatch.save!
     end
 
     POTLATCH2_KEY = potlatch.key
 
     unless website = webmaster.client_applications.find_by_name("Web Site")
-      website = ClientApplication.create(permissions.merge({
-        :name => "Web Site",
-        :url => "http://<%= @site %>/",
-      }), :without_protection => true)
+      website = ClientApplication.new
+      website.name = "Web Site"
+      website.url = "http://<%= @site %>/"
+      website.save!
     end
 
     OAUTH_KEY = website.key