From 3d2046f227ce06f16accd6876f4bab0febcbf2e8 Mon Sep 17 00:00:00 2001
From: Oleksandr Turchyn <Lexfox777@gmail.com>
Date: Tue, 22 Oct 2024 22:26:08 +0300
Subject: [PATCH] add validation for submitters count

---
 app/controllers/api/submissions_controller.rb |  3 ++-
 lib/submissions/create_from_submitters.rb     |  8 ++++++
 spec/requests/submissions_spec.rb             | 26 ++++++++++++++-----
 3 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/app/controllers/api/submissions_controller.rb b/app/controllers/api/submissions_controller.rb
index 908a04b4..1ae634e6 100644
--- a/app/controllers/api/submissions_controller.rb
+++ b/app/controllers/api/submissions_controller.rb
@@ -80,7 +80,8 @@ module Api
       end
 
       render json: build_create_json(submissions)
-    rescue Submitters::NormalizeValues::BaseError, DownloadUtils::UnableToDownload => e
+    rescue Submitters::NormalizeValues::BaseError, Submissions::CreateFromSubmitters::BaseError,
+           DownloadUtils::UnableToDownload => e
       Rollbar.warning(e) if defined?(Rollbar)
 
       render json: { error: e.message }, status: :unprocessable_entity
diff --git a/lib/submissions/create_from_submitters.rb b/lib/submissions/create_from_submitters.rb
index 5e0ab509..d0af550c 100644
--- a/lib/submissions/create_from_submitters.rb
+++ b/lib/submissions/create_from_submitters.rb
@@ -2,8 +2,11 @@
 
 module Submissions
   module CreateFromSubmitters
+    BaseError = Class.new(StandardError)
+
     module_function
 
+    # rubocop:disable Metrics/BlockLength
     def call(template:, user:, submissions_attrs:, source:, submitters_order:, params: {})
       preferences = Submitters.normalize_preferences(user.account, user, params)
 
@@ -37,6 +40,10 @@ module Submissions
                           preferences: preferences.merge(submission_preferences))
         end
 
+        if submission.submitters.size > template.submitters.size
+          raise BaseError, 'Defined more signing parties than in template'
+        end
+
         next if submission.submitters.blank?
 
         maybe_add_invite_submitters(submission, template)
@@ -44,6 +51,7 @@ module Submissions
         submission.tap(&:save!)
       end
     end
+    # rubocop:enable Metrics/BlockLength
 
     def maybe_add_invite_submitters(submission, template)
       template.submitters.each do |item|
diff --git a/spec/requests/submissions_spec.rb b/spec/requests/submissions_spec.rb
index 3a9590d8..fe31dff8 100644
--- a/spec/requests/submissions_spec.rb
+++ b/spec/requests/submissions_spec.rb
@@ -48,7 +48,7 @@ describe 'Submission API', type: :request do
       post '/api/submissions', headers: { 'x-auth-token': author.access_token.token }, params: {
         template_id: templates[0].id,
         send_email: true,
-        submitters: [{ role: 'First Role', email: 'john.doe@example.com' }]
+        submitters: [{ role: 'First Party', email: 'john.doe@example.com' }]
       }.to_json
 
       expect(response).to have_http_status(:ok)
@@ -63,7 +63,7 @@ describe 'Submission API', type: :request do
         template_id: multiple_submitters_template.id,
         send_email: true,
         submitters: [
-          { role: 'First Role', email: 'john.doe@example.com' },
+          { role: 'First Party', email: 'john.doe@example.com' },
           { email: 'jane.doe@example.com' },
           { email: 'mike.doe@example.com' }
         ]
@@ -88,7 +88,7 @@ describe 'Submission API', type: :request do
         template_id: templates[0].id,
         send_email: true,
         submitters: [
-          { role: 'First Role', email: 'john@example' }
+          { role: 'First Party', email: 'john@example' }
         ]
       }.to_json
 
@@ -103,7 +103,7 @@ describe 'Submission API', type: :request do
       post '/api/submissions', headers: { 'x-auth-token': author.access_token.token }, params: {
         template_id: templates[0].id,
         send_email: true,
-        submitters: [{ role: 'First Role', email: 'john.doe@example.com' }]
+        submitters: [{ role: 'First Party', email: 'john.doe@example.com' }]
       }.to_json
 
       expect(response).to have_http_status(:unprocessable_entity)
@@ -115,14 +115,28 @@ describe 'Submission API', type: :request do
         template_id: multiple_submitters_template.id,
         send_email: true,
         submitters: [
-          { role: 'First Role', email: 'john.doe@example.com' },
-          { role: 'First Role', email: 'jane.doe@example.com' }
+          { role: 'First Party', email: 'john.doe@example.com' },
+          { role: 'First Party', email: 'jane.doe@example.com' }
         ]
       }.to_json
 
       expect(response).to have_http_status(:unprocessable_entity)
       expect(response.parsed_body).to eq({ 'error' => 'role must be unique in `submitters`.' })
     end
+
+    it 'returns an error if number of submitters more than in the template' do
+      post '/api/submissions', headers: { 'x-auth-token': author.access_token.token }, params: {
+        template_id: templates[0].id,
+        send_email: true,
+        submitters: [
+          { email: 'jane.doe@example.com' },
+          { role: 'First Party', email: 'john.doe@example.com' }
+        ]
+      }.to_json
+
+      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response.parsed_body).to eq({ 'error' => 'Defined more signing parties than in template' })
+    end
   end
 
   describe 'POST /api/submissions/emails' do