validate account config keys

2 years ago · c743cc689d
parent 8432bec3d6
commit c743cc689d
4 changed files with 32 additions and 9 deletions
--- a/app/controllers/account_configs_controller.rb
+++ b/app/controllers/account_configs_controller.rb
@ -11,6 +11,8 @@ class AccountConfigsController < ApplicationController
    AccountConfig::ESIGNING_PREFERENCE_KEY
  ].freeze
  InvalidKey = Class.new(StandardError)
  def create
    @account_config.update!(account_config_params)
@ -20,7 +22,7 @@ class AccountConfigsController < ApplicationController
  private
  def load_account_config
-    return head :not_found unless ALLOWED_KEYS.include?(account_config_params[:key])
+    raise InvalidKey unless ALLOWED_KEYS.include?(account_config_params[:key])
    @account_config =
      AccountConfig.find_or_initialize_by(account: current_account, key: account_config_params[:key])
--- a/app/controllers/personalization_settings_controller.rb
+++ b/app/controllers/personalization_settings_controller.rb
@ -1,23 +1,42 @@
 # frozen_string_literal: true
 class PersonalizationSettingsController < ApplicationController
  ALLOWED_KEYS = [
    AccountConfig::FORM_COMPLETED_BUTTON_KEY,
    AccountConfig::SUBMITTER_INVITATION_EMAIL_KEY,
    AccountConfig::SUBMITTER_DOCUMENTS_COPY_EMAIL_KEY,
    AccountConfig::SUBMITTER_COMPLETED_EMAIL_KEY
  ].freeze
  InvalidKey = Class.new(StandardError)
  before_action :load_and_authorize_account_config, only: :create
  def show
    authorize!(:read, AccountConfig)
  end
  def create
-    account_config =
+    @account_config.save!
      current_account.account_configs.find_or_initialize_by(key: account_config_params[:key])
    authorize!(:create, account_config)
    account_config.update!(account_config_params)
    redirect_back(fallback_location: settings_personalization_path, notice: 'Settings have been saved.')
  end
  private
  def load_and_authorize_account_config
    @account_config =
      current_account.account_configs.find_or_initialize_by(key: account_config_params[:key])
    @account_config.assign_attributes(account_config_params)
    authorize!(:create, @account_config)
    raise InvalidKey unless ALLOWED_KEYS.include?(@account_config.key)
    @account_config
  end
  def account_config_params
    attrs = params.require(:account_config).permit!
--- a/app/controllers/user_configs_controller.rb
+++ b/app/controllers/user_configs_controller.rb
@ -8,6 +8,8 @@ class UserConfigsController < ApplicationController
    UserConfig::RECEIVE_COMPLETED_EMAIL
  ].freeze
  InvalidKey = Class.new(StandardError)
  def create
    @user_config.update!(user_config_params)
@ -17,7 +19,7 @@ class UserConfigsController < ApplicationController
  private
  def load_user_config
-    return head :not_found unless ALLOWED_KEYS.include?(user_config_params[:key])
+    raise InvalidKey unless ALLOWED_KEYS.include?(user_config_params[:key])
    @user_config =
      UserConfig.find_or_initialize_by(user: current_user, key: user_config_params[:key])
--- a/lib/replace_email_variables.rb
+++ b/lib/replace_email_variables.rb
@ -38,7 +38,7 @@ module ReplaceEmailVariables
    text = text.gsub(DOCUMENTS_LINKS, build_documents_links_text(submitter, sig))
    text = text.gsub(DOCUMENTS_LINK, build_documents_links_text(submitter, sig))
-    text = text.gsub(ACCOUNT_NAME, submitter.template.account.name) if submitter.template
+    text = text.gsub(ACCOUNT_NAME, submitter.account.name) if submitter.account
    text
  end