validate the uniqueness of submitter roles

1 year ago · 6f90147a11
parent 3ebaacbb7a
commit 6f90147a11
3 changed files with 37 additions and 0 deletions
--- a/lib/params/base_validator.rb
+++ b/lib/params/base_validator.rb
@ -65,6 +65,15 @@ module Params
      raise_error(message || "#{key} must follow the #{regexp.source} format")
    end

+    def unique(params, key, message: nil)
+      return unless params.is_a?(Array)
+      return if params.none?
+      return if params.all? { |p| p[key].blank? }
+      return if params.pluck(key).uniq.size == params.pluck(key).size
+
+      raise_error(message || "#{key} must be unique")
+    end
+
    def in_path(params, path = [])
      old_path = @current_path

--- a/lib/params/submission_create_validator.rb
+++ b/lib/params/submission_create_validator.rb
@ -60,6 +60,7 @@ module Params
      if params[:submitters].present?
        in_path(params, :submitters) do |submitters_params|
          type(submitters_params, 0, Hash)
+          unique(submitters_params, :role)
        end
      end

--- a/spec/requests/submissions_spec.rb
+++ b/spec/requests/submissions_spec.rb
@ -56,6 +56,33 @@ describe 'Submission API', type: :request do

      expect(response.parsed_body).to eq(JSON.parse(create_submission_body(submission).to_json))
    end
+
+    it 'returns an error if the template fields are missing' do
+      templates[0].update(fields: [])
+
+      post '/api/submissions', headers: { 'x-auth-token': author.access_token.token }, params: {
+        template_id: templates[0].id,
+        send_email: true,
+        submitters: [{ role: 'First Role', email: 'john.doe@example.com' }]
+      }.to_json
+
+      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response.parsed_body).to eq({ 'error' => 'Template does not contain fields' })
+    end
+
+    it 'returns an error if submitter roles are not unique' do
+      post '/api/submissions', headers: { 'x-auth-token': author.access_token.token }, params: {
+        template_id: templates[0].id,
+        send_email: true,
+        submitters: [
+          { role: 'First Role', email: 'john.doe@example.com' },
+          { role: 'First Role', email: 'jane.doe@example.com' }
+        ]
+      }.to_json
+
+      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response.parsed_body).to eq({ 'error' => 'role must be unique in `submitters`.' })
+    end
  end

  describe 'POST /api/submissions/emails' do