Turn on mass assignment protection

[rails.git] / app / models / user_block.rb

diff --git a/app/models/user_block.rb b/app/models/user_block.rb
index 23e1bcab6c26de4afd1e85019102ae64adc58b41..7bf8f86b5095dbf4d12697a826d3d6d3a3639203 100644 (file)
--- a/app/models/user_block.rb
+++ b/app/models/user_block.rb
@@ -5,7 +5,7 @@ class UserBlock < ActiveRecord::Base
   belongs_to :creator, :class_name => "User", :foreign_key => :creator_id
   belongs_to :revoker, :class_name => "User", :foreign_key => :revoker_id
   
-  PERIODS = APP_CONFIG['user_block_periods']
+  PERIODS = USER_BLOCK_PERIODS
 
   ##
   # returns true if the block is currently active (i.e: the user can't
@@ -18,9 +18,11 @@ class UserBlock < ActiveRecord::Base
   # revokes the block, allowing the user to use the API again. the argument
   # is the user object who is revoking the ban.
   def revoke!(revoker)
-    update_attributes({ :ends_at => Time.now.getutc(),
-                        :revoker_id => revoker.id,
-                        :needs_view => false })
+    update_attributes({
+      :ends_at => Time.now.getutc(),
+      :revoker_id => revoker.id,
+      :needs_view => false
+    }, :without_protection => true)
   end
 
   private
@@ -29,7 +31,7 @@ class UserBlock < ActiveRecord::Base
   # block. this should be caught and dealt with in the controller,
   # but i've also included it here just in case.
   def moderator_permissions
-    errors.add_to_base(I18n.t('user_block.model.non_moderator_update')) if creator_id_changed? and !creator.moderator?
-    errors.add_to_base(I18n.t('user_block.model.non_moderator_revoke')) unless revoker_id.nil? or revoker.moderator?
+    errors.add(:base, I18n.t('user_block.model.non_moderator_update')) if creator_id_changed? and !creator.moderator?
+    errors.add(:base, I18n.t('user_block.model.non_moderator_revoke')) unless revoker_id.nil? or revoker.moderator?
   end
 end