Resolve StrongParams rubocop TODOs for some admin controllers
Many admin controllers use params directly without using Rails' StrongParameters helper. This causes
Rubocop exceptions, which were ignored when the rubocop was introduced in
!155661 (merged)
Let's try to remove a bunch of admin controllers from .rubocop_todo/rails/strong_params.yml
app/controllers/admin/background_migrations_controller.rbapp/controllers/admin/batched_jobs_controller.rbapp/controllers/admin/broadcast_messages_controller.rbapp/controllers/admin/deploy_keys_controller.rbapp/controllers/admin/groups_controller.rbapp/controllers/admin/hook_logs_controller.rbapp/controllers/admin/hooks_controller.rbapp/controllers/admin/identities_controller.rbapp/controllers/admin/impersonation_tokens_controller.rbapp/controllers/admin/labels_controller.rbapp/controllers/admin/runner_projects_controller.rbapp/controllers/admin/sessions_controller.rbapp/controllers/admin/slacks_controller.rbapp/controllers/admin/spam_logs_controller.rbapp/controllers/admin/topics/avatars_controller.rbapp/controllers/admin/topics_controller.rb
The following were excluded from this effort for being, at a quick glance, too complicated or high risk for a "quick win" / easy MR review:
-
'app/controllers/admin/abuse_reports_controller.rb'- being addressed in Resolves AbuseController StrongParam rubocop ex... (!161856 - merged) -
app/controllers/admin/application_settings_controller.rb- lots of params being both overridden and potentially passed toApplicationSettings::UpdateService -
app/controllers/admin/applications_controller.rb- highish risk and a weird override ofparams[:owner]that I don't quickly understand -
app/controllers/admin/projects_controller.rb- there are a number of parameters that go toProjectsFinder; could be its own MR -
app/controllers/admin/runners_controller.rbthere is some relatively complex use ofparamsinTagsFinderandGitRefsFinder -
app/controllers/admin/users_controller.rbThe logic inupdateis pretty straightforward, but probably still enough to warrant its own simple MR -
app/controllers/admin/keys_controller.rbmodifying this file led to undercoverage failure, so it needs an MR that includes new specs-
#show#destroy#userand#key_paramshad no hits: https://gitlab.com/gitlab-org/gitlab/-/jobs/7533592435 - There are no specs for the controller in
spec/controllers/adminorspec/requests/admin
-
Edited by Nick Malcolm