X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/eb0f9ff63d5ad5d91ea941420e094dd2980df094..532d1085369e8bed5eb7bd2fc9cb1d81b63027ac:/app/controllers/oauth_clients_controller.rb

diff --git a/app/controllers/oauth_clients_controller.rb b/app/controllers/oauth_clients_controller.rb
index f90302894..32fbbdd62 100644
--- a/app/controllers/oauth_clients_controller.rb
+++ b/app/controllers/oauth_clients_controller.rb
@@ -7,7 +7,7 @@ class OauthClientsController < ApplicationController
 
   def index
     @client_applications = @user.client_applications
-    @tokens = @user.oauth_tokens.find :all, :conditions => 'oauth_tokens.invalidated_at is null and oauth_tokens.authorized_at is not null'
+    @tokens = @user.oauth_tokens.authorized
   end
 
   def new
@@ -15,7 +15,7 @@ class OauthClientsController < ApplicationController
   end
 
   def create
-    @client_application = @user.client_applications.build(params[:client_application])
+    @client_application = @user.client_applications.build(application_params)
     if @client_application.save
       flash[:notice] = t'oauth_clients.create.flash'
       redirect_to :action => "show", :id => @client_application.id
@@ -37,7 +37,7 @@ class OauthClientsController < ApplicationController
 
   def update
     @client_application = @user.client_applications.find(params[:id])
-    if @client_application.update_attributes(params[:client_application])
+    if @client_application.update_attributes(application_params)
       flash[:notice] = t'oauth_clients.update.flash'
       redirect_to :action => "show", :id => @client_application.id
     else
@@ -51,4 +51,8 @@ class OauthClientsController < ApplicationController
     flash[:notice] = t'oauth_clients.destroy.flash'
     redirect_to :action => "index"
   end
+private
+  def application_params
+    params.require(:client_application).permit(:name, :url, :callback_url, :support_url, ClientApplication.all_permissions)
+  end
 end