From b091b2b4e1748486ab55862fd8650552b08c9795 Mon Sep 17 00:00:00 2001 From: Iain McNulty Date: Thu, 30 May 2024 12:11:03 +0100 Subject: [PATCH] Validate course subject params before assigning course attributes It's easier to separate the parameter validation from the course validation in the Subjects controller. This commit covers all subject types including physics, modern languages, primary, secondary and further education --- .../publish/courses/subjects_controller.rb | 69 ++++++++++--------- 1 file changed, 35 insertions(+), 34 deletions(-) diff --git a/app/controllers/publish/courses/subjects_controller.rb b/app/controllers/publish/courses/subjects_controller.rb index da2535af18..915db6e3a6 100644 --- a/app/controllers/publish/courses/subjects_controller.rb +++ b/app/controllers/publish/courses/subjects_controller.rb @@ -18,43 +18,44 @@ def continue def update authorize(provider) - - if params[:course][:master_subject_id] == SecondarySubject.physics.id.to_s - course.update(master_subject_id: params[:course][:master_subject_id]) - redirect_to( - engineers_teach_physics_publish_provider_recruitment_cycle_course_path( - @course.provider_code, - @course.recruitment_cycle_year, - @course.course_code, - course: { master_subject_id: SecondarySubject.physics.id.to_s, subjects_ids: selected_subject_ids } + if validate_subject_ids + if params[:course][:master_subject_id] == SecondarySubject.physics.id.to_s + course.update(master_subject_id: params[:course][:master_subject_id]) + redirect_to( + engineers_teach_physics_publish_provider_recruitment_cycle_course_path( + @course.provider_code, + @course.recruitment_cycle_year, + @course.course_code, + course: { master_subject_id: SecondarySubject.physics.id.to_s, subjects_ids: selected_subject_ids } + ) ) - ) - - elsif selected_subject_ids.include?(modern_languages_subject_id.to_s) && validate_subject_ids - course.update(master_subject_id: params[:course][:master_subject_id]) - redirect_to( - modern_languages_publish_provider_recruitment_cycle_course_path( - @course.provider_code, - @course.recruitment_cycle_year, - @course.course_code, - course: { subjects_ids: selected_subject_ids } + + elsif selected_subject_ids.include?(modern_languages_subject_id.to_s) + course.update(master_subject_id: params[:course][:master_subject_id]) + redirect_to( + modern_languages_publish_provider_recruitment_cycle_course_path( + @course.provider_code, + @course.recruitment_cycle_year, + @course.course_code, + course: { subjects_ids: selected_subject_ids } + ) ) - ) - - elsif course.errors.none? && course_subjects_form.save! - course_updated_message(section_key) - # TODO: move this to the form? - course.update(master_subject_id: params[:course][:master_subject_id]) - course.update(name: course.generate_name) - course.update(campaign_name: nil) unless course.master_subject_id == SecondarySubject.physics.id - - redirect_to( - details_publish_provider_recruitment_cycle_course_path( - @course.provider_code, - @course.recruitment_cycle_year, - @course.course_code + + elsif course.errors.none? && course_subjects_form.save! + course_updated_message(section_key) + # TODO: move this to the form? + course.update(master_subject_id: params[:course][:master_subject_id]) + course.update(name: course.generate_name) + course.update(campaign_name: nil) unless course.master_subject_id == SecondarySubject.physics.id + + redirect_to( + details_publish_provider_recruitment_cycle_course_path( + @course.provider_code, + @course.recruitment_cycle_year, + @course.course_code + ) ) - ) + end else @errors = @course.errors.messages course.master_subject_id = selected_master