From 077eab70054daad9bd7fd7860543156529018a14 Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete.matsy@gmail.com>
Date: Sat, 23 Mar 2024 23:16:40 +0200
Subject: [PATCH] refactor templates controller

---
 app/controllers/api/templates_controller.rb   | 18 ++----------
 .../api/templates_documents_controller.rb     | 29 -------------------
 .../template_documents_controller.rb          | 27 +++++++++++++++++
 app/controllers/templates_controller.rb       | 26 ++++++++++++++---
 app/javascript/application.js                 |  1 +
 app/javascript/form.js                        |  1 +
 app/javascript/submission_form/form.vue       |  8 +++--
 app/javascript/template_builder/builder.vue   | 13 +++++++--
 app/javascript/template_builder/upload.vue    |  8 ++---
 config/routes.rb                              |  4 +--
 10 files changed, 75 insertions(+), 60 deletions(-)
 delete mode 100644 app/controllers/api/templates_documents_controller.rb
 create mode 100644 app/controllers/template_documents_controller.rb

diff --git a/app/controllers/api/templates_controller.rb b/app/controllers/api/templates_controller.rb
index 8e35e1ae..2bd06649 100644
--- a/app/controllers/api/templates_controller.rb
+++ b/app/controllers/api/templates_controller.rb
@@ -83,24 +83,10 @@ module Api
     end
 
     def template_params
-      permit_params = [
-        :name,
-        { schema: [%i[attachment_uuid name]],
-          submitters: [%i[name uuid]],
-          fields: [[:uuid, :submitter_uuid, :name, :type,
-                    :required, :readonly, :default_value,
-                    :title, :description,
-                    { preferences: {},
-                      conditions: [%i[field_uuid value action]],
-                      options: [%i[value uuid]],
-                      validation: %i[message pattern],
-                      areas: [%i[x y w h cell_w attachment_uuid option_uuid page]] }]] }
-      ]
-
       if params.key?(:template)
-        params.require(:template).permit(*permit_params)
+        params.require(:template).permit(:name)
       else
-        params.permit(*permit_params)
+        params.permit(:name)
       end
     end
   end
diff --git a/app/controllers/api/templates_documents_controller.rb b/app/controllers/api/templates_documents_controller.rb
deleted file mode 100644
index f44249da..00000000
--- a/app/controllers/api/templates_documents_controller.rb
+++ /dev/null
@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-module Api
-  class TemplatesDocumentsController < ApiBaseController
-    load_and_authorize_resource :template
-
-    def create
-      return head :unprocessable_entity if params[:blobs].blank? && params[:files].blank?
-
-      documents = Templates::CreateAttachments.call(@template, params)
-
-      schema = documents.map do |doc|
-        { attachment_uuid: doc.uuid, name: doc.filename.base }
-      end
-
-      render json: {
-        schema:,
-        documents: documents.as_json(
-          methods: %i[metadata signed_uuid],
-          include: {
-            preview_images: { methods: %i[url metadata filename] }
-          }
-        )
-      }
-    rescue Templates::CreateAttachments::PdfEncrypted
-      render json: { error: 'PDF encrypted' }, status: :unprocessable_entity
-    end
-  end
-end
diff --git a/app/controllers/template_documents_controller.rb b/app/controllers/template_documents_controller.rb
new file mode 100644
index 00000000..d18c064f
--- /dev/null
+++ b/app/controllers/template_documents_controller.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class TemplateDocumentsController < ApplicationController
+  load_and_authorize_resource :template
+
+  def create
+    return head :unprocessable_entity if params[:blobs].blank? && params[:files].blank?
+
+    documents = Templates::CreateAttachments.call(@template, params)
+
+    schema = documents.map do |doc|
+      { attachment_uuid: doc.uuid, name: doc.filename.base }
+    end
+
+    render json: {
+      schema:,
+      documents: documents.as_json(
+        methods: %i[metadata signed_uuid],
+        include: {
+          preview_images: { methods: %i[url metadata filename] }
+        }
+      )
+    }
+  rescue Templates::CreateAttachments::PdfEncrypted
+    render json: { error: 'PDF encrypted' }, status: :unprocessable_entity
+  end
+end
diff --git a/app/controllers/templates_controller.rb b/app/controllers/templates_controller.rb
index 032ee4e1..2f6e0c51 100644
--- a/app/controllers/templates_controller.rb
+++ b/app/controllers/templates_controller.rb
@@ -67,6 +67,12 @@ class TemplatesController < ApplicationController
     end
   end
 
+  def update
+    @template.update!(template_params)
+
+    head :ok
+  end
+
   def destroy
     notice =
       if params[:permanently].present?
@@ -86,6 +92,22 @@ class TemplatesController < ApplicationController
 
   private
 
+  def template_params
+    params.require(:template).permit(
+      :name,
+      { schema: [%i[attachment_uuid name]],
+        submitters: [%i[name uuid]],
+        fields: [[:uuid, :submitter_uuid, :name, :type,
+                  :required, :readonly, :default_value,
+                  :title, :description,
+                  { preferences: {},
+                    conditions: [%i[field_uuid value action]],
+                    options: [%i[value uuid]],
+                    validation: %i[message pattern],
+                    areas: [%i[x y w h cell_w attachment_uuid option_uuid page]] }]] }
+    )
+  end
+
   def authorized_clone_account_id?(account_id)
     true_user.account_id.to_s == account_id.to_s || true_user.account.linked_accounts.exists?(id: account_id)
   end
@@ -98,10 +120,6 @@ class TemplatesController < ApplicationController
     end
   end
 
-  def template_params
-    params.require(:template).permit(:name)
-  end
-
   def load_base_template
     return if params[:base_template_id].blank?
 
diff --git a/app/javascript/application.js b/app/javascript/application.js
index 0a9629fa..1a377eab 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -91,6 +91,7 @@ window.customElements.define('template-builder', class extends HTMLElement {
       withPhone: this.dataset.withPhone === 'true',
       withLogo: this.dataset.withLogo !== 'false',
       editable: this.dataset.editable !== 'false',
+      authenticityToken: document.querySelector('meta[name="csrf-token"]')?.content,
       withPayment: this.dataset.withPayment === 'true',
       withFormula: this.dataset.withFormula === 'true',
       withConditions: this.dataset.withConditions === 'true',
diff --git a/app/javascript/form.js b/app/javascript/form.js
index 662f47c4..ca899374 100644
--- a/app/javascript/form.js
+++ b/app/javascript/form.js
@@ -17,6 +17,7 @@ window.customElements.define('submission-form', class extends HTMLElement {
       attribution: this.dataset.attribution !== 'false',
       withConfetti: this.dataset.withConfetti !== 'false',
       withTypedSignature: this.dataset.withTypedSignature !== 'false',
+      authenticityToken: document.querySelector('meta[name="csrf-token"]')?.content,
       values: reactive(JSON.parse(this.dataset.values)),
       completedButton: JSON.parse(this.dataset.completedButton),
       completedRedirectUrl: this.dataset.completedRedirectUrl,
diff --git a/app/javascript/submission_form/form.vue b/app/javascript/submission_form/form.vue
index a8c5ecf9..3f51a928 100644
--- a/app/javascript/submission_form/form.vue
+++ b/app/javascript/submission_form/form.vue
@@ -611,6 +611,11 @@ export default {
       required: false,
       default: () => ({})
     },
+    authenticityToken: {
+      type: String,
+      required: false,
+      default: ''
+    },
     i18n: {
       type: Object,
       required: false,
@@ -658,9 +663,6 @@ export default {
     queryParams () {
       return new URLSearchParams(window.location.search)
     },
-    authenticityToken () {
-      return document.querySelector('meta[name="csrf-token"]')?.content
-    },
     submitterSlug () {
       return this.submitter.slug
     },
diff --git a/app/javascript/template_builder/builder.vue b/app/javascript/template_builder/builder.vue
index d4e98f67..661bc612 100644
--- a/app/javascript/template_builder/builder.vue
+++ b/app/javascript/template_builder/builder.vue
@@ -444,6 +444,11 @@ export default {
       required: false,
       default: true
     },
+    authenticityToken: {
+      type: String,
+      required: false,
+      default: ''
+    },
     withDocumentsList: {
       type: Boolean,
       required: false,
@@ -1023,7 +1028,11 @@ export default {
     baseFetch (path, options = {}) {
       return fetch(this.baseUrl + path, {
         ...options,
-        headers: { ...this.fetchOptions.headers, ...options.headers }
+        headers: {
+          'X-CSRF-Token': this.authenticityToken,
+          ...this.fetchOptions.headers,
+          ...options.headers
+        }
       })
     },
     save ({ force } = { force: false }) {
@@ -1039,7 +1048,7 @@ export default {
 
       this.pushUndo()
 
-      return this.baseFetch(`/api/templates/${this.template.id}`, {
+      return this.baseFetch(`/templates/${this.template.id}`, {
         method: 'PUT',
         body: JSON.stringify({
           template: {
diff --git a/app/javascript/template_builder/upload.vue b/app/javascript/template_builder/upload.vue
index 49da7762..da96ed71 100644
--- a/app/javascript/template_builder/upload.vue
+++ b/app/javascript/template_builder/upload.vue
@@ -119,7 +119,7 @@ export default {
 
         this.isProcessing = true
 
-        this.baseFetch(`/api/templates/${this.templateId}/documents`, {
+        this.baseFetch(`/templates/${this.templateId}/documents`, {
           method: 'POST',
           body: JSON.stringify({ blobs }),
           headers: { 'Content-Type': 'application/json' }
@@ -132,7 +132,7 @@ export default {
           } else if (resp.status === 422) {
             resp.json().then((data) => {
               if (data.error === 'PDF encrypted') {
-                this.baseFetch(`/api/templates/${this.templateId}/documents`, {
+                this.baseFetch(`/templates/${this.templateId}/documents`, {
                   method: 'POST',
                   body: JSON.stringify({ blobs, password: prompt('Enter PDF password') }),
                   headers: { 'Content-Type': 'application/json' }
@@ -151,7 +151,7 @@ export default {
           this.isProcessing = false
         })
       } else {
-        this.baseFetch(`/api/templates/${this.templateId}/documents`, {
+        this.baseFetch(`/templates/${this.templateId}/documents`, {
           method: 'POST',
           body: new FormData(this.$refs.form)
         }).then((resp) => {
@@ -167,7 +167,7 @@ export default {
 
                 formData.append('password', prompt('Enter PDF password'))
 
-                this.baseFetch(`/api/templates/${this.templateId}/documents`, {
+                this.baseFetch(`/templates/${this.templateId}/documents`, {
                   method: 'POST',
                   body: formData
                 }).then(async (resp) => {
diff --git a/config/routes.rb b/config/routes.rb
index 673bb83d..508ff7ba 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -37,7 +37,6 @@ Rails.application.routes.draw do
     resources :templates, only: %i[update show index destroy] do
       resources :clone, only: %i[create], controller: 'templates_clone'
       resources :submissions, only: %i[index create]
-      resources :documents, only: %i[create], controller: 'templates_documents'
     end
   end
 
@@ -65,7 +64,8 @@ Rails.application.routes.draw do
   resources :templates_archived, only: %i[index], path: 'archived'
   resources :folders, only: %i[show edit update destroy], controller: 'template_folders'
   resources :template_sharings_testing, only: %i[create]
-  resources :templates, only: %i[new create edit show destroy] do
+  resources :templates, only: %i[new create edit update show destroy] do
+    resources :documents, only: %i[create], controller: 'template_documents'
     resources :restore, only: %i[create], controller: 'templates_restore'
     resources :archived, only: %i[index], controller: 'templates_archived_submissions'
     resources :submissions, only: %i[new create]