diff --git a/app/controllers/answers_controller.rb b/app/controllers/answers_controller.rb index 550c56f..f97d910 100644 --- a/app/controllers/answers_controller.rb +++ b/app/controllers/answers_controller.rb @@ -6,7 +6,6 @@ # PUT/PATCH /[:locale]/answer/[:id] def update # create a new answer based off the passed params - ans_params = params[:answer] plan_id = ans_params[:plan_id] phase_id = ans_params[:phase_id] @@ -21,8 +20,9 @@ # This is the first answer for the question if @answer.nil? - @answer = Answer.new(params[:answer]) + @answer = Answer.new(permitted_params) @answer.text = params["answer-text-#{@answer.question_id}".to_sym] + authorize @answer @answer.save @@ -46,7 +46,7 @@ @answer.text = params["answer-text-#{@answer.question_id}".to_sym] authorize @answer - @answer.update(params[:answer]) + @answer.update(permitted_params) # The save was successful so get the lock version and nil the # old answer @@ -101,4 +101,7 @@ end end + def permitted_params + params.require(:answer).permit(:id, :plan_id, :user_id, :question_id, :lock_version, :question_option_ids) + end end diff --git a/app/views/phases/_answer_form.html.erb b/app/views/phases/_answer_form.html.erb index 7a1ab93..6c4eabf 100644 --- a/app/views/phases/_answer_form.html.erb +++ b/app/views/phases/_answer_form.html.erb @@ -66,9 +66,9 @@ <% options.each do |op| %>
  • <% if answer.question_option_ids[0] == op.id then%> - <%= f.radio_button :option_ids, op.id, checked: true, id: "answer_option_ids_#{op.id}"%> + <%= f.radio_button :question_option_ids, op.id, checked: true, id: "answer_option_ids_#{op.id}"%> <%else%> - <%= f.radio_button :option_ids, op.id, checked: false, id: "answer_option_ids_#{op.id}"%> + <%= f.radio_button :question_option_ids, op.id, checked: false, id: "answer_option_ids_#{op.id}"%> <% end %> <%= raw op.text %>
    • <% end %>