From 9e9c69c1357882d4221d1c511c3c7f6b36c094cc Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 21 Nov 2016 11:52:39 +0100 Subject: bugfix: handle missing params for ticket gracefully This used to trigger a 500. Fixes #8395 --- engines/support/app/controllers/tickets_controller.rb | 8 +++++++- engines/support/test/functional/tickets_controller_test.rb | 10 ++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) (limited to 'engines') diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb index 8cccc2f..c20ef6a 100644 --- a/engines/support/app/controllers/tickets_controller.rb +++ b/engines/support/app/controllers/tickets_controller.rb @@ -19,7 +19,7 @@ class TicketsController < ApplicationController end def create - @ticket = Ticket.new(params[:ticket]) + @ticket = Ticket.new ticket_params #protecting posted_by isn't working, so this should protect it: @ticket.comments.last.posted_by = current_user.id @@ -89,6 +89,12 @@ class TicketsController < ApplicationController @title = t("layouts.title.tickets") end + def ticket_params + # make sure we have everything we need... + params.require(:ticket).require(:comments_attributes).require('0') + params.require(:ticket) + end + private # diff --git a/engines/support/test/functional/tickets_controller_test.rb b/engines/support/test/functional/tickets_controller_test.rb index 5c2b346..2f1e661 100644 --- a/engines/support/test/functional/tickets_controller_test.rb +++ b/engines/support/test/functional/tickets_controller_test.rb @@ -78,6 +78,16 @@ class TicketsControllerTest < ActionController::TestCase assert_nil assigns(:tickets).detect{|t| t.created_by != @user} end + + test "should rerender form on missing info" do + params = { :subject => "unauth ticket test subject", + :comments_attributes => {"0" => {}} + } + assert_raises ActionController::ParameterMissing do + post :create, :ticket => params + end + end + test "should create unauthenticated ticket" do params = {:subject => "unauth ticket test subject", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} -- cgit v1.2.3