refactor templates controller

2 years ago · 077eab7005
parent 715c70d422
commit 077eab7005
10 changed files with 75 additions and 60 deletions
--- a/app/controllers/api/templates_controller.rb
+++ b/app/controllers/api/templates_controller.rb
@ -83,24 +83,10 @@ module Api
    end

    def template_params
-      permit_params = [
-        :name,
-        { schema: [%i[attachment_uuid name]],
-          submitters: [%i[name uuid]],
-          fields: [[:uuid, :submitter_uuid, :name, :type,
-                    :required, :readonly, :default_value,
-                    :title, :description,
-                    { preferences: {},
-                      conditions: [%i[field_uuid value action]],
-                      options: [%i[value uuid]],
-                      validation: %i[message pattern],
-                      areas: [%i[x y w h cell_w attachment_uuid option_uuid page]] }]] }
-      ]
-
      if params.key?(:template)
-        params.require(:template).permit(*permit_params)
+        params.require(:template).permit(:name)
      else
-        params.permit(*permit_params)
+        params.permit(:name)
      end
    end
  end
--- a/app/controllers/api/templates_documents_controller.rb
+++ b/app/controllers/api/templates_documents_controller.rb
@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-module Api
-  class TemplatesDocumentsController < ApiBaseController
-    load_and_authorize_resource :template
-
-    def create
-      return head :unprocessable_entity if params[:blobs].blank? && params[:files].blank?
-
-      documents = Templates::CreateAttachments.call(@template, params)
-
-      schema = documents.map do |doc|
-        { attachment_uuid: doc.uuid, name: doc.filename.base }
-      end
-
-      render json: {
-        schema:,
-        documents: documents.as_json(
-          methods: %i[metadata signed_uuid],
-          include: {
-            preview_images: { methods: %i[url metadata filename] }
-          }
-        )
-      }
-    rescue Templates::CreateAttachments::PdfEncrypted
-      render json: { error: 'PDF encrypted' }, status: :unprocessable_entity
-    end
-  end
-end
--- a/app/controllers/template_documents_controller.rb
+++ b/app/controllers/template_documents_controller.rb
@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class TemplateDocumentsController < ApplicationController
+  load_and_authorize_resource :template
+
+  def create
+    return head :unprocessable_entity if params[:blobs].blank? && params[:files].blank?
+
+    documents = Templates::CreateAttachments.call(@template, params)
+
+    schema = documents.map do |doc|
+      { attachment_uuid: doc.uuid, name: doc.filename.base }
+    end
+
+    render json: {
+      schema:,
+      documents: documents.as_json(
+        methods: %i[metadata signed_uuid],
+        include: {
+          preview_images: { methods: %i[url metadata filename] }
+        }
+      )
+    }
+  rescue Templates::CreateAttachments::PdfEncrypted
+    render json: { error: 'PDF encrypted' }, status: :unprocessable_entity
+  end
+end
--- a/app/controllers/templates_controller.rb
+++ b/app/controllers/templates_controller.rb
@ -67,6 +67,12 @@ class TemplatesController < ApplicationController
    end
  end

+  def update
+    @template.update!(template_params)
+
+    head :ok
+  end
+
  def destroy
    notice =
      if params[:permanently].present?
@ -86,6 +92,22 @@ class TemplatesController < ApplicationController

  private

+  def template_params
+    params.require(:template).permit(
+      :name,
+      { schema: [%i[attachment_uuid name]],
+        submitters: [%i[name uuid]],
+        fields: [[:uuid, :submitter_uuid, :name, :type,
+                  :required, :readonly, :default_value,
+                  :title, :description,
+                  { preferences: {},
+                    conditions: [%i[field_uuid value action]],
+                    options: [%i[value uuid]],
+                    validation: %i[message pattern],
+                    areas: [%i[x y w h cell_w attachment_uuid option_uuid page]] }]] }
+    )
+  end
+
  def authorized_clone_account_id?(account_id)
    true_user.account_id.to_s == account_id.to_s || true_user.account.linked_accounts.exists?(id: account_id)
  end
@ -98,10 +120,6 @@ class TemplatesController < ApplicationController
    end
  end

-  def template_params
-    params.require(:template).permit(:name)
-  end
-
  def load_base_template
    return if params[:base_template_id].blank?

--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@ -91,6 +91,7 @@ window.customElements.define('template-builder', class extends HTMLElement {
      withPhone: this.dataset.withPhone === 'true',
      withLogo: this.dataset.withLogo !== 'false',
      editable: this.dataset.editable !== 'false',
+      authenticityToken: document.querySelector('meta[name="csrf-token"]')?.content,
      withPayment: this.dataset.withPayment === 'true',
      withFormula: this.dataset.withFormula === 'true',
      withConditions: this.dataset.withConditions === 'true',
--- a/app/javascript/form.js
+++ b/app/javascript/form.js
@ -17,6 +17,7 @@ window.customElements.define('submission-form', class extends HTMLElement {
      attribution: this.dataset.attribution !== 'false',
      withConfetti: this.dataset.withConfetti !== 'false',
      withTypedSignature: this.dataset.withTypedSignature !== 'false',
+      authenticityToken: document.querySelector('meta[name="csrf-token"]')?.content,
      values: reactive(JSON.parse(this.dataset.values)),
      completedButton: JSON.parse(this.dataset.completedButton),
      completedRedirectUrl: this.dataset.completedRedirectUrl,
--- a/app/javascript/submission_form/form.vue
+++ b/app/javascript/submission_form/form.vue
@ -611,6 +611,11 @@ export default {
      required: false,
      default: () => ({})
    },
+    authenticityToken: {
+      type: String,
+      required: false,
+      default: ''
+    },
    i18n: {
      type: Object,
      required: false,
@ -658,9 +663,6 @@ export default {
    queryParams () {
      return new URLSearchParams(window.location.search)
    },
-    authenticityToken () {
-      return document.querySelector('meta[name="csrf-token"]')?.content
-    },
    submitterSlug () {
      return this.submitter.slug
    },
--- a/app/javascript/template_builder/builder.vue
+++ b/app/javascript/template_builder/builder.vue
@ -444,6 +444,11 @@ export default {
      required: false,
      default: true
    },
+    authenticityToken: {
+      type: String,
+      required: false,
+      default: ''
+    },
    withDocumentsList: {
      type: Boolean,
      required: false,
@ -1023,7 +1028,11 @@ export default {
    baseFetch (path, options = {}) {
      return fetch(this.baseUrl + path, {
        ...options,
-        headers: { ...this.fetchOptions.headers, ...options.headers }
+        headers: {
+          'X-CSRF-Token': this.authenticityToken,
+          ...this.fetchOptions.headers,
+          ...options.headers
+        }
      })
    },
    save ({ force } = { force: false }) {
@ -1039,7 +1048,7 @@ export default {

      this.pushUndo()

-      return this.baseFetch(`/api/templates/${this.template.id}`, {
+      return this.baseFetch(`/templates/${this.template.id}`, {
        method: 'PUT',
        body: JSON.stringify({
          template: {
--- a/app/javascript/template_builder/upload.vue
+++ b/app/javascript/template_builder/upload.vue
@ -119,7 +119,7 @@ export default {

        this.isProcessing = true

-        this.baseFetch(`/api/templates/${this.templateId}/documents`, {
+        this.baseFetch(`/templates/${this.templateId}/documents`, {
          method: 'POST',
          body: JSON.stringify({ blobs }),
          headers: { 'Content-Type': 'application/json' }
@ -132,7 +132,7 @@ export default {
          } else if (resp.status === 422) {
            resp.json().then((data) => {
              if (data.error === 'PDF encrypted') {
-                this.baseFetch(`/api/templates/${this.templateId}/documents`, {
+                this.baseFetch(`/templates/${this.templateId}/documents`, {
                  method: 'POST',
                  body: JSON.stringify({ blobs, password: prompt('Enter PDF password') }),
                  headers: { 'Content-Type': 'application/json' }
@ -151,7 +151,7 @@ export default {
          this.isProcessing = false
        })
      } else {
-        this.baseFetch(`/api/templates/${this.templateId}/documents`, {
+        this.baseFetch(`/templates/${this.templateId}/documents`, {
          method: 'POST',
          body: new FormData(this.$refs.form)
        }).then((resp) => {
@ -167,7 +167,7 @@ export default {

                formData.append('password', prompt('Enter PDF password'))

-                this.baseFetch(`/api/templates/${this.templateId}/documents`, {
+                this.baseFetch(`/templates/${this.templateId}/documents`, {
                  method: 'POST',
                  body: formData
                }).then(async (resp) => {
--- a/config/routes.rb
+++ b/config/routes.rb
@ -37,7 +37,6 @@ Rails.application.routes.draw do
    resources :templates, only: %i[update show index destroy] do
      resources :clone, only: %i[create], controller: 'templates_clone'
      resources :submissions, only: %i[index create]
-      resources :documents, only: %i[create], controller: 'templates_documents'
    end
  end

@ -65,7 +64,8 @@ Rails.application.routes.draw do
  resources :templates_archived, only: %i[index], path: 'archived'
  resources :folders, only: %i[show edit update destroy], controller: 'template_folders'
  resources :template_sharings_testing, only: %i[create]
-  resources :templates, only: %i[new create edit show destroy] do
+  resources :templates, only: %i[new create edit update show destroy] do
+    resources :documents, only: %i[create], controller: 'template_documents'
    resources :restore, only: %i[create], controller: 'templates_restore'
    resources :archived, only: %i[index], controller: 'templates_archived_submissions'
    resources :submissions, only: %i[new create]