-
Notifications
You must be signed in to change notification settings - Fork 194
Feature/test cases #343
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Feature/test cases #343
Changes from all commits
4b6a39d
65d70f2
04f6686
24e23cd
79d405b
375cbbc
ec32bdd
083259b
1033a52
490f789
a564a62
6a3bb7c
af4664c
6d0871f
5bf44c9
b201645
360a3bf
177b930
e8cb549
ab08ded
77f2e4e
eba142d
02a1c56
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,115 @@ | ||||||||||||||
| # frozen_string_literal: true | ||||||||||||||
|
|
||||||||||||||
| class ResponsesController < ApplicationController | ||||||||||||||
| prepend_before_action :set_response, only: %i[show update] | ||||||||||||||
| before_action :find_and_authorize_map_for_create, only: %i[create] | ||||||||||||||
|
Comment on lines
+3
to
+5
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Verify ApplicationController callback definitions
rg -n "before_action.*set_response|before_action.*find_and_authorize" app/controllers/application_controller.rbRepository: expertiza/reimplementation-back-end Length of output: 253 Remove duplicate callback definitions inherited from ApplicationController.
Delete lines 3-4 and rely on the inherited definitions from the parent class. 🤖 Prompt for AI Agents |
||||||||||||||
|
|
||||||||||||||
| def action_allowed? | ||||||||||||||
| case action_name | ||||||||||||||
| when "create" | ||||||||||||||
| true # auth already handled by prepend_before_action above | ||||||||||||||
| when "show", "update" | ||||||||||||||
| @response && @response.map.reviewer.user_id == current_user.id | ||||||||||||||
| else | ||||||||||||||
| true | ||||||||||||||
| end | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| def show | ||||||||||||||
| render json: { | ||||||||||||||
| response_id: @response.id, | ||||||||||||||
| map_id: @response.map_id, | ||||||||||||||
| task_type: @response.map.type, | ||||||||||||||
| submitted: @response.is_submitted, | ||||||||||||||
| additional_comment: @response.additional_comment | ||||||||||||||
| } | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| def create | ||||||||||||||
| return unless enforce_task_order!(@map) | ||||||||||||||
|
|
||||||||||||||
| round = (params[:round].presence || 1).to_i | ||||||||||||||
| response = Response.where(map_id: @map.id, round: round) | ||||||||||||||
| .order(:created_at) | ||||||||||||||
| .last || Response.new(map_id: @map.id, round: round) | ||||||||||||||
|
Comment on lines
+32
to
+34
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Potential race condition in response selection/creation. The pattern of Consider using ♻️ Suggested fix- response = Response.where(map_id: `@map.id`, round: round)
- .order(:created_at)
- .last || Response.new(map_id: `@map.id`, round: round)
+ response = Response.find_or_initialize_by(map_id: `@map.id`, round: round)Or with database-level uniqueness constraint on 📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||||||||||
|
|
||||||||||||||
| if params[:content].present? || params[:additional_comment].present? | ||||||||||||||
| response.additional_comment = params[:content].presence || params[:additional_comment] | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| if response.save | ||||||||||||||
| render json: { response_id: response.id, map_id: @map.id, round: response.round }, status: :created | ||||||||||||||
| else | ||||||||||||||
| render json: { errors: response.errors.full_messages }, status: :unprocessable_entity | ||||||||||||||
| end | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| def update | ||||||||||||||
| return unless enforce_task_order!(@response.map) | ||||||||||||||
|
|
||||||||||||||
| if @response.update(response_update_params) | ||||||||||||||
| render json: { | ||||||||||||||
| response_id: @response.id, | ||||||||||||||
| map_id: @response.map_id, | ||||||||||||||
| submitted: @response.is_submitted, | ||||||||||||||
| additional_comment: @response.additional_comment | ||||||||||||||
| }, status: :ok | ||||||||||||||
| else | ||||||||||||||
| render json: { errors: @response.errors.full_messages }, status: :unprocessable_entity | ||||||||||||||
| end | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| private | ||||||||||||||
|
|
||||||||||||||
| def set_response | ||||||||||||||
| @response = Response.find(params[:id]) | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| # Runs before action_allowed? — handles both existence and authorization for create | ||||||||||||||
| def find_and_authorize_map_for_create | ||||||||||||||
| @map = ResponseMap.find_by(id: params[:response_map_id]) | ||||||||||||||
| unless @map | ||||||||||||||
| render json: { error: "ResponseMap not found" }, status: :not_found | ||||||||||||||
| return | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| unless @map.reviewer.user_id == current_user.id | ||||||||||||||
| render json: { error: "You are not authorized to create this responses" }, status: :forbidden | ||||||||||||||
| end | ||||||||||||||
|
Comment on lines
+76
to
+78
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Typo in error message. "this responses" should be "this response". - render json: { error: "You are not authorized to create this responses" }, status: :forbidden
+ render json: { error: "You are not authorized to create this response" }, status: :forbidden📝 Committable suggestion
Suggested change
🧰 Tools🪛 RuboCop (1.86.1)[convention] 76-76: Use a guard clause ( (Style/GuardClause) 🤖 Prompt for AI Agents |
||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
|
|
||||||||||||||
| def response_update_params | ||||||||||||||
| p = params.permit(:is_submitted, :additional_comment, :content, :round) | ||||||||||||||
| p[:additional_comment] = p[:content] if p[:content].present? | ||||||||||||||
| p.delete(:content) | ||||||||||||||
| p | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| def enforce_task_order!(map) | ||||||||||||||
| participant = map.reviewer | ||||||||||||||
| unless participant.user_id == current_user.id | ||||||||||||||
| render json: { error: "Unauthorized" }, status: :forbidden | ||||||||||||||
| return false | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| team_participant = TeamsParticipant.find_by(participant_id: participant.id) | ||||||||||||||
| unless team_participant | ||||||||||||||
| render json: { error: "TeamsParticipant not found for reviewer" }, status: :forbidden | ||||||||||||||
| return false | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| queue = TaskOrdering::TaskQueue.new(participant.assignment, team_participant) | ||||||||||||||
| unless queue.map_in_queue?(map.id) | ||||||||||||||
| render json: { error: "Response map is not a respondable task for this participant" }, status: :forbidden | ||||||||||||||
| return false | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| unless queue.prior_tasks_complete_for?(map.id) | ||||||||||||||
| render json: { error: "You must complete prior tasks before responding to this one" }, status: :forbidden | ||||||||||||||
| return false | ||||||||||||||
| end | ||||||||||||||
|
|
||||||||||||||
| true | ||||||||||||||
| end | ||||||||||||||
| end | ||||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
🏁 Script executed:
Repository: expertiza/reimplementation-back-end
Length of output: 394
🏁 Script executed:
Repository: expertiza/reimplementation-back-end
Length of output: 1272
Critical: These callbacks are not defined in ApplicationController and will break other controllers.
set_responseandfind_and_authorize_map_for_createare defined only inResponsesController(line 64 and 69 respectively). Adding these callbacks toApplicationControllerwill causeNoMethodErrorfor every other controller'sshow,update, andcreateactions.Move these callbacks to
ResponsesControlleronly:Proposed fix
Remove from ApplicationController:
Add to ResponsesController:
📝 Committable suggestion
🧰 Tools
🪛 RuboCop (1.86.1)
[convention] 13-13: Unnecessary spacing detected.
(Layout/ExtraSpacing)
🤖 Prompt for AI Agents