enju_circulation 0.1.0.pre41 → 0.1.0.pre42

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bc28894fa75205e043a65091c988180f9ec16291
-  data.tar.gz: c032ab36c6bb6973ad8c7d333cda148feb0db4c6
+  metadata.gz: 6c9e08e2fc2236be4faa9882cfb283f247d845f1
+  data.tar.gz: f3d16e72a7f830f8b67e1524acb1d793c3ba1c47
 SHA512:
-  metadata.gz: 38f85ed8019ed31ddc51516bed7bf0fd9764445b3ba9d4a3231fa27cdaccb744d7f0723bc211be6002e394c56e7e103ccbef73ba7aa84a62bd20f9537cb34e72
-  data.tar.gz: d35cb074110a6727b25a03fb57d1f38f25132dea4844dd31b1371db40383612b4d6cacfaf2f17269b545cca4adf96fbfeb0071227c73415dc8c84516eee9957c
+  metadata.gz: 91d1606fe101c3c2cc8b2f4d6bd0a2775f1867a293f84d19a6faa6990c2736bb3c7d7d143f793a16c3c47485ac2099f7b10b4512407604f090c1511652265563
+  data.tar.gz: c97fcb04551f6bafb00f15c0c58fc3cd8ae9d54135afcde4b7f8baedd0037cc4a947d2e91c8b7e2bfe6466678842fd780ebc82d7f7d16eee4c536f5991863ec8

data/app/controllers/carrier_type_has_checkout_types_controller.rb

@@ -43,7 +43,7 @@ class CarrierTypeHasCheckoutTypesController < ApplicationController
   # POST /carrier_type_has_checkout_types
   # POST /carrier_type_has_checkout_types.json
   def create
-    @carrier_type_has_checkout_type = CarrierTypeHasCheckoutType.new(params[:carrier_type_has_checkout_type])
+    @carrier_type_has_checkout_type = CarrierTypeHasCheckoutType.new(carrier_type_has_checkout_type_params)
 
     respond_to do |format|
       if @carrier_type_has_checkout_type.save
@@ -62,7 +62,7 @@ class CarrierTypeHasCheckoutTypesController < ApplicationController
   # PUT /carrier_type_has_checkout_types/1.json
   def update
     respond_to do |format|
-      if @carrier_type_has_checkout_type.update_attributes(params[:carrier_type_has_checkout_type])
+      if @carrier_type_has_checkout_type.update_attributes(carrier_type_has_checkout_type_params)
         flash[:notice] = t('controller.successfully_updated', model: t('activerecord.models.carrier_type_has_checkout_type'))
         format.html { redirect_to @carrier_type_has_checkout_type }
         format.json { head :no_content }
@@ -86,8 +86,14 @@ class CarrierTypeHasCheckoutTypesController < ApplicationController
   end
 
   private
+  def carrier_type_has_checkout_type_params
+    params.require(:carrier_type_has_checkout_type).permit(
+      :carrier_type_id, :checkout_type_id, :note
+    )
+  end
+
   def prepare_options
-    @checkout_types = CheckoutType.all
-    @carrier_types = CarrierType.all
+    @checkout_types = CheckoutType.order(:position)
+    @carrier_types = CarrierType.order(:position)
   end
 end

data/app/controllers/checked_items_controller.rb

@@ -87,7 +87,7 @@ class CheckedItemsController < ApplicationController
     end
 
     respond_to do |format|
-      if @checked_item.update_attributes(params[:checked_item])
+      if @checked_item.update_attributes(checked_item_params)
         format.html { redirect_to checked_item_url(@checked_item), notice: t('controller.successfully_updated', model: t('activerecord.models.checked_item')) }
         format.json { head :no_content }
       else
@@ -107,4 +107,11 @@ class CheckedItemsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def checked_item_params
+    params.fetch(:checked_item, {}).permit(
+      :item_identifier, :ignore_restriction, :due_date_string
+    )
+  end
 end

data/app/controllers/checkins_controller.rb

@@ -90,7 +90,7 @@ class CheckinsController < ApplicationController
   # PUT /checkins/1
   # PUT /checkins/1.json
   def update
-    @checkin.assign_attributes(params[:checkin])
+    @checkin.assign_attributes(checkin_params)
     @checkin.librarian = current_user
 
     respond_to do |format|
@@ -115,4 +115,9 @@ class CheckinsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def checkin_params
+    params.require(:checkin).permit(:item_identifier)
+  end
 end

data/app/controllers/checkout_types_controller.rb

@@ -53,9 +53,9 @@ class CheckoutTypesController < ApplicationController
   # POST /checkout_types.json
   def create
     if @user_group
-      @checkout_type = @user_group.checkout_types.new(params[:checkout_type])
+      @checkout_type = @user_group.checkout_types.new(checkout_type_params)
     else
-      @checkout_type = CheckoutType.new(params[:checkout_type])
+      @checkout_type = CheckoutType.new(checkout_type_params)
     end
 
     respond_to do |format|
@@ -78,7 +78,7 @@ class CheckoutTypesController < ApplicationController
     end
 
     respond_to do |format|
-      if @checkout_type.update_attributes(params[:checkout_type])
+      if @checkout_type.update_attributes(checkout_type_params)
         format.html { redirect_to @checkout_type, notice: t('controller.successfully_updated', model: t('activerecord.models.checkout_type')) }
         format.json { head :no_content }
       else
@@ -101,4 +101,9 @@ class CheckoutTypesController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def checkout_type_params
+    params.require(:checkout_type).permit(:name, :display_name, :note)
+  end
 end

data/app/controllers/checkouts_controller.rb

@@ -35,7 +35,7 @@ class CheckoutsController < ApplicationController
         if current_user.try(:has_role?, 'Librarian')
           search.build do
             with(:username).equal_to user.username
-            with(:checked_in_at).equal_to nil unless user.save_checkout_history
+            with(:checked_in_at).equal_to nil unless user.profile.save_checkout_history
           end
         else
           if current_user == user
@@ -53,8 +53,10 @@ class CheckoutsController < ApplicationController
           end
         end
 
-        search.build do
-          with(:checked_in_at).equal_to nil
+        unless current_user.profile.save_checkout_history?
+          search.build do
+            with(:checked_in_at).equal_to nil
+          end
         end
       end
 
@@ -133,7 +135,7 @@ class CheckoutsController < ApplicationController
   # PUT /checkouts/1
   # PUT /checkouts/1.json
   def update
-    @checkout.assign_attributes(params[:checkout])
+    @checkout.assign_attributes(checkout_params)
     @checkout.due_date = @checkout.due_date.end_of_day
     @checkout.checkout_renewal_count += 1
 
@@ -177,4 +179,9 @@ class CheckoutsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def checkout_params
+    params.fetch(:checkout, {}).permit(:due_date)
+  end
 end

data/app/controllers/circulation_statuses_controller.rb

@@ -39,7 +39,7 @@ class CirculationStatusesController < ApplicationController
   # POST /circulation_statuses
   # POST /circulation_statuses.json
   def create
-    @circulation_status = CirculationStatus.new(params[:circulation_status])
+    @circulation_status = CirculationStatus.new(circulation_status_params)
 
     respond_to do |format|
       if @circulation_status.save
@@ -61,7 +61,7 @@ class CirculationStatusesController < ApplicationController
     end
 
     respond_to do |format|
-      if @circulation_status.update_attributes(params[:circulation_status])
+      if @circulation_status.update_attributes(circulation_status_params)
         format.html { redirect_to @circulation_status, notice: t('controller.successfully_updated', model: t('activerecord.models.circulation_status')) }
         format.json { head :no_content }
       else
@@ -81,4 +81,9 @@ class CirculationStatusesController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def circulation_status_params
+    params.require(:circulation_status).permit(:name, :display_name, :note)
+  end
 end

data/app/controllers/demands_controller.rb

@@ -0,0 +1,85 @@
+class DemandsController < ApplicationController
+  load_and_authorize_resource
+
+  # GET /demands
+  # GET /demands.json
+  def index
+    @demands = Demand.order('id DESC').page(params[:page])
+
+    respond_to do |format|
+      format.html # index.html.erb
+      format.json { render json: @demands }
+    end
+  end
+
+  # GET /demands/1
+  # GET /demands/1.json
+  def show
+    respond_to do |format|
+      format.html # show.html.erb
+      format.json { render json: @demand }
+      format.txt
+    end
+  end
+
+  # GET /demands/new
+  # GET /demands/new.json
+  def new
+    @demand = Demand.new
+
+    respond_to do |format|
+      format.html # new.html.erb
+      format.json { render json: @demand }
+    end
+  end
+
+  # GET /demands/1/edit
+  def edit
+  end
+
+  # POST /demands
+  # POST /demands.json
+  def create
+    @demand = Demand.new(demand_params)
+
+    respond_to do |format|
+      if @demand.save
+        format.html { redirect_to @demand, notice: t('statistic.successfully_created', model: t('activerecord.models.demand')) }
+        format.json { render json: @demand, status: :created, location: @demand }
+      else
+        format.html { render action: "new" }
+        format.json { render json: @demand.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # PUT /demands/1
+  # PUT /demands/1.json
+  def update
+    respond_to do |format|
+      if @demand.update_attributes(demand_params)
+        format.html { redirect_to @demand, notice: t('controller.successfully_updated', model: t('activerecord.models.demand')) }
+        format.json { head :no_content }
+      else
+        format.html { render action: "edit" }
+        format.json { render json: @demand.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /demands/1
+  # DELETE /demands/1.json
+  def destroy
+    @demand.destroy
+
+    respond_to do |format|
+      format.html { redirect_to demands_url }
+      format.json { head :no_content }
+    end
+  end
+
+  private
+  def demand_params
+    params.fetch(:demand, {}).permit()
+  end
+end

data/app/controllers/item_has_use_restrictions_controller.rb

@@ -45,8 +45,7 @@ class ItemHasUseRestrictionsController < ApplicationController
   # POST /item_has_use_restrictions
   # POST /item_has_use_restrictions.json
   def create
-    @item_has_use_restriction = ItemHasUseRestriction.new(params[:item_has_use_restriction])
-    @item_has_use_restriction.assign_attributes(params[:item_has_use_restriction])
+    @item_has_use_restriction = ItemHasUseRestriction.new(item_has_use_restriction_params)
 
     respond_to do |format|
       if @item_has_use_restriction.save
@@ -63,7 +62,7 @@ class ItemHasUseRestrictionsController < ApplicationController
   # PUT /item_has_use_restrictions/1
   # PUT /item_has_use_restrictions/1.json
   def update
-    @item_has_use_restriction.assign_attributes(params[:item_has_use_restriction])
+    @item_has_use_restriction.assign_attributes(item_has_use_restriction_params)
     respond_to do |format|
       if @item_has_use_restriction.save
         format.html { redirect_to @item_has_use_restriction, notice: t('controller.successfully_updated', model: t('activerecord.models.item_has_use_restriction')) }
@@ -86,4 +85,11 @@ class ItemHasUseRestrictionsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def item_has_use_restriction_params
+    params.require(:item_has_use_restriction).permit(
+      :item_id, :use_restriction_id, :use_restriction
+    )
+  end
 end

data/app/controllers/lending_policies_controller.rb

@@ -55,7 +55,7 @@ class LendingPoliciesController < ApplicationController
   # PUT /lending_policies/1.json
   def update
     respond_to do |format|
-      if @lending_policy.update_attributes(params[:lending_policy])
+      if @lending_policy.update_attributes(lending_policy_params)
         format.html { redirect_to @lending_policy, notice: t('controller.successfully_updated', model: t('activerecord.models.lending_policy')) }
         format.json { head :no_content }
       else
@@ -78,6 +78,13 @@ class LendingPoliciesController < ApplicationController
   end
 
   private
+  def lending_policy_params
+    params.require(:lending_policy).permit(
+      :item_id, :user_group_id, :loan_period, :fixed_due_date,
+      :renewal, :fine, :note, :position
+    )
+  end
+
   def prepare_options
     @user_groups = UserGroup.order(:position)
   end

data/app/controllers/manifestation_checkout_stats_controller.rb

@@ -60,6 +60,8 @@ class ManifestationCheckoutStatsController < ApplicationController
   # GET /manifestation_checkout_stats/new.json
   def new
     @manifestation_checkout_stat = ManifestationCheckoutStat.new
+    @manifestation_checkout_stat.start_date = Time.zone.now.beginning_of_day
+    @manifestation_checkout_stat.end_date = Time.zone.now.beginning_of_day
 
     respond_to do |format|
       format.html # new.html.erb
@@ -74,7 +76,7 @@ class ManifestationCheckoutStatsController < ApplicationController
   # POST /manifestation_checkout_stats
   # POST /manifestation_checkout_stats.json
   def create
-    @manifestation_checkout_stat = ManifestationCheckoutStat.new(params[:manifestation_checkout_stat])
+    @manifestation_checkout_stat = ManifestationCheckoutStat.new(manifestation_checkout_stat_params)
     @manifestation_checkout_stat.user = current_user
 
     respond_to do |format|
@@ -95,7 +97,7 @@ class ManifestationCheckoutStatsController < ApplicationController
   # PUT /manifestation_checkout_stats/1.json
   def update
     respond_to do |format|
-      if @manifestation_checkout_stat.update_attributes(params[:manifestation_checkout_stat])
+      if @manifestation_checkout_stat.update_attributes(manifestation_checkout_stat_params)
         if @manifestation_checkout_stat.mode == 'import'
           Resque.enqueue(ManifestationCheckoutStatQueue, @manifestation_checkout_stat.id)
         end
@@ -118,4 +120,11 @@ class ManifestationCheckoutStatsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def manifestation_checkout_stat_params
+    params.require(:manifestation_checkout_stat).permit(
+      :start_date, :end_date, :note, :mode
+    )
+  end
 end

data/app/controllers/manifestation_reserve_stats_controller.rb

@@ -48,7 +48,7 @@ class ManifestationReserveStatsController < ApplicationController
   # POST /manifestation_reserve_stats
   # POST /manifestation_reserve_stats.json
   def create
-    @manifestation_reserve_stat = ManifestationReserveStat.new(params[:manifestation_reserve_stat])
+    @manifestation_reserve_stat = ManifestationReserveStat.new(manifestation_reserve_stat_params)
     @manifestation_reserve_stat.user = current_user
 
     respond_to do |format|
@@ -67,7 +67,7 @@ class ManifestationReserveStatsController < ApplicationController
   # PUT /manifestation_reserve_stats/1.json
   def update
     respond_to do |format|
-      if @manifestation_reserve_stat.update_attributes(params[:manifestation_reserve_stat])
+      if @manifestation_reserve_stat.update_attributes(manifestation_reserve_stat_params)
         if @manifestation_reserve_stat.mode == 'import'
           Resque.enqueue(ManifestationReserveStatQueue, @manifestation_reserve_stat.id)
         end
@@ -90,4 +90,11 @@ class ManifestationReserveStatsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def manifestation_reserve_stat_params
+    params.require(:manifestation_reserve_stat).permit(
+      :start_date, :end_date, :note, :mode
+    )
+  end
 end

data/app/controllers/reserves_controller.rb

@@ -158,11 +158,7 @@ class ReservesController < ApplicationController
   # POST /reserves
   # POST /reserves.json
   def create
-    if current_user.has_role?('Librarian')
-      @reserve = Reserve.new(params[:reserve], as: :admin)
-    else
-      @reserve = Reserve.new(params[:reserve])
-    end
+    @reserve = Reserve.new(reserve_params)
     @reserve.set_user
 
     if current_user.has_role?('Librarian')
@@ -194,14 +190,12 @@ class ReservesController < ApplicationController
   # PUT /reserves/1
   # PUT /reserves/1.json
   def update
-    if current_user.has_role?('Librarian')
-      @reserve.assign_attributes(params[:reserve], as: :admin)
-    else
+    unless current_user.has_role?('Librarian')
       if @reserve.user != current_user
         access_denied; return
       end
-      @reserve.assign_attributes(params[:reserve], as: :user_update)
     end
+    @reserve.assign_attributes(reserve_update_params)
 
     if @reserve.valid?
       if params[:mode] == 'cancel'
@@ -256,6 +250,40 @@ class ReservesController < ApplicationController
   end
 
   private
+  def reserve_params
+    if current_user.try(:has_role?, 'Librarian')
+      params.fetch(:reserve, {}).permit(
+        :manifestation_id, :user_number, :expired_at,
+        :pickup_location_id, :expired_at,
+        :manifestation_id, :item_identifier, :user_number,
+        :request_status_type, :canceled_at, :checked_out_at,
+        :expiration_notice_to_patron, :expiration_notice_to_library, :item_id,
+        :retained_at, :postponed_at, :force_retaining
+      )
+    elsif current_user.try(:has_role?, 'User')
+      params.fetch(:reserve, {}).permit(
+        :user_number, :manifestation_id, :expired_at, :pickup_location_id
+      )
+    end
+  end
+
+  def reserve_update_params
+    if current_user.try(:has_role?, 'Librarian')
+      params.fetch(:reserve, {}).permit(
+        :manifestation_id, :user_number, :expired_at,
+        :pickup_location_id, :expired_at,
+        :manifestation_id, :item_identifier, :user_number,
+        :request_status_type, :canceled_at, :checked_out_at,
+        :expiration_notice_to_patron, :expiration_notice_to_library, :item_id,
+        :retained_at, :postponed_at, :force_retaining
+      )
+    elsif current_user.try(:has_role?, 'User')
+      params.fetch(:reserve, {}).permit(
+        :expired_at, :pickup_location_id
+      )
+    end
+  end
+
   def prepare_options
     @libraries = Library.real.order(:position)
   end

data/app/controllers/use_restrictions_controller.rb

@@ -39,7 +39,7 @@ class UseRestrictionsController < ApplicationController
   # POST /use_restrictions
   # POST /use_restrictions.json
   def create
-    @use_restriction = UseRestriction.new(params[:use_restriction])
+    @use_restriction = UseRestriction.new(use_restriction_params)
 
     respond_to do |format|
       if @use_restriction.save
@@ -61,7 +61,7 @@ class UseRestrictionsController < ApplicationController
     end
 
     respond_to do |format|
-      if @use_restriction.update_attributes(params[:use_restriction])
+      if @use_restriction.update_attributes(use_restriction_params)
         format.html { redirect_to @use_restriction, notice: t('controller.successfully_updated', model: t('activerecord.models.use_restriction')) }
         format.json { head :no_content }
       else
@@ -81,4 +81,9 @@ class UseRestrictionsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def use_restriction_params
+    params.require(:use_restriction).permit(:name, :display_name, :note)
+  end
 end

data/app/controllers/user_checkout_stats_controller.rb

@@ -48,7 +48,7 @@ class UserCheckoutStatsController < ApplicationController
   # POST /user_checkout_stats
   # POST /user_checkout_stats.json
   def create
-    @user_checkout_stat = UserCheckoutStat.new(params[:user_checkout_stat])
+    @user_checkout_stat = UserCheckoutStat.new(user_checkout_stat_params)
     @user_checkout_stat.user = current_user
 
     respond_to do |format|
@@ -67,7 +67,7 @@ class UserCheckoutStatsController < ApplicationController
   # PUT /user_checkout_stats/1.json
   def update
     respond_to do |format|
-      if @user_checkout_stat.update_attributes(params[:user_checkout_stat])
+      if @user_checkout_stat.update_attributes(user_checkout_stat_params)
         if @user_checkout_stat.mode == 'import'
           Resque.enqueue(UserCheckoutStatQueue, @user_checkout_stat.id)
         end
@@ -90,4 +90,11 @@ class UserCheckoutStatsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def user_checkout_stat_params
+    params.require(:user_checkout_stat).permit(
+      :start_date, :end_date, :note, :mode
+    )
+  end
 end

data/app/controllers/user_group_has_checkout_types_controller.rb

@@ -44,7 +44,7 @@ class UserGroupHasCheckoutTypesController < ApplicationController
   # POST /user_group_has_checkout_types
   # POST /user_group_has_checkout_types.json
   def create
-    @user_group_has_checkout_type = UserGroupHasCheckoutType.new(params[:user_group_has_checkout_type])
+    @user_group_has_checkout_type = UserGroupHasCheckoutType.new(user_group_has_checkout_type_params)
 
     respond_to do |format|
       if @user_group_has_checkout_type.save
@@ -62,7 +62,7 @@ class UserGroupHasCheckoutTypesController < ApplicationController
   # PUT /user_group_has_checkout_types/1.json
   def update
     respond_to do |format|
-      if @user_group_has_checkout_type.update_attributes(params[:user_group_has_checkout_type])
+      if @user_group_has_checkout_type.update_attributes(user_group_has_checkout_type_params)
         format.html { redirect_to @user_group_has_checkout_type, notice: t('controller.successfully_updated', model: t('activerecord.models.user_group_has_checkout_type')) }
         format.json { head :no_content }
       else
@@ -85,6 +85,16 @@ class UserGroupHasCheckoutTypesController < ApplicationController
   end
 
   private
+  def user_group_has_checkout_type_params
+    params.require(:user_group_has_checkout_type).permit(
+      :user_group_id, :checkout_type_id,
+      :checkout_limit, :checkout_period, :checkout_renewal_limit,
+      :reservation_limit, :reservation_expired_period,
+      :set_due_date_before_closing_day, :fixed_due_date, :note, :position,
+      :user_group, :checkout_type
+    )
+  end
+
   def prepare_options
     @checkout_types = CheckoutType.all
     @user_groups = UserGroup.all

data/app/controllers/user_reserve_stats_controller.rb

@@ -48,7 +48,7 @@ class UserReserveStatsController < ApplicationController
   # POST /user_reserve_stats
   # POST /user_reserve_stats.json
   def create
-    @user_reserve_stat = UserReserveStat.new(params[:user_reserve_stat])
+    @user_reserve_stat = UserReserveStat.new(user_reserve_stat_params)
     @user_reserve_stat.user = current_user
 
     respond_to do |format|
@@ -67,7 +67,7 @@ class UserReserveStatsController < ApplicationController
   # PUT /user_reserve_stats/1.json
   def update
     respond_to do |format|
-      if @user_reserve_stat.update_attributes(params[:user_reserve_stat])
+      if @user_reserve_stat.update_attributes(user_reserve_stat_params)
         if @user_reserve_stat.mode == 'import'
           Resque.enqueue(UserReserveStatQueue, @user_reserve_stat.id)
         end
@@ -90,4 +90,11 @@ class UserReserveStatsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+  def user_reserve_stat_params
+    params.require(:user_reserve_stat).permit(
+      :start_date, :end_date, :note, :mode
+    )
+  end
 end

data/app/helpers/items_helper.rb

@@ -0,0 +1,17 @@
+module ItemsHelper
+  def circulation_status_facet(facet)
+    string = ''
+    circulation_status = CirculationStatus.where(name: facet.value).select([:name, :display_name]).first
+    if circulation_status
+      string << form_icon(circulation_status)
+      current = true if params[:circulation_status] == circulation_status.name
+      if current
+        content_tag :strong do
+          link_to("#{circulation_status.display_name.localize} (" + facet.count.to_s + ")", url_for(params.merge(circulation_status: circulation_status.name, page: nil, view: nil, only_path: true)))
+        end
+      else
+        link_to("#{circulation_status.display_name.localize} (" + facet.count.to_s + ")", url_for(params.merge(circulation_status: circulation_status.name, page: nil, view: nil, only_path: true)))
+      end
+    end
+  end
+end

data/app/models/carrier_type_has_checkout_type.rb

@@ -1,5 +1,4 @@
 class CarrierTypeHasCheckoutType < ActiveRecord::Base
-  attr_accessible :carrier_type_id, :checkout_type_id, :note
   scope :available_for_carrier_type, lambda {|carrier_type| includes(:carrier_type).where('carrier_types.name = ?', carrier_type.name)}
   scope :available_for_user_group, lambda {|user_group| includes(checkout_type: :user_groups).where('user_groups.name = ?', user_group.name)}
 

data/app/models/checked_item.rb

@@ -1,5 +1,4 @@
 class CheckedItem < ActiveRecord::Base
-  attr_accessible :item_identifier, :ignore_restriction, :due_date_string
   belongs_to :item #, validate: true
   belongs_to :basket #, validate: true
   belongs_to :librarian, class_name: 'User' #, validate: true
@@ -15,7 +14,7 @@ class CheckedItem < ActiveRecord::Base
   before_validation :set_due_date, on: :create
   normalize_attributes :item_identifier
 
-  attr_protected :user_id
+  #attr_protected :user_id
   attr_accessor :item_identifier, :ignore_restriction, :due_date_string
 
   def available_for_checkout?

data/app/models/checkin.rb

@@ -1,5 +1,4 @@
 class Checkin < ActiveRecord::Base
-  attr_accessible :item_identifier
   default_scope { order('checkins.id DESC') }
   scope :on, lambda {|date| where('created_at >= ? AND created_at < ?', date.beginning_of_day, date.tomorrow.beginning_of_day)}
   has_one :checkout

data/app/models/checkout.rb

@@ -1,5 +1,4 @@
 class Checkout < ActiveRecord::Base
-  attr_accessible :due_date
   scope :not_returned, -> { where(checkin_id: nil) }
   scope :returned, -> { where('checkin_id IS NOT NULL') }
   scope :overdue, lambda {|date| where('checkin_id IS NULL AND due_date < ?', date)}

data/app/models/checkout_stat_has_manifestation.rb

@@ -1,6 +1,6 @@
 class CheckoutStatHasManifestation < ActiveRecord::Base
-  attr_accessible :manifestation_checkout_stat_id, :manifestation_id,
-    as: :admin
+  #attr_accessible :manifestation_checkout_stat_id, :manifestation_id,
+  #  as: :admin
   belongs_to :manifestation_checkout_stat
   belongs_to :manifestation
 

data/app/models/checkout_stat_has_user.rb

@@ -1,6 +1,6 @@
 class CheckoutStatHasUser < ActiveRecord::Base
-  attr_accessible :user_checkout_stat_id, :user_id,
-    as: :admin
+  #attr_accessible :user_checkout_stat_id, :user_id,
+  #  as: :admin
   belongs_to :user_checkout_stat
   belongs_to :user