From ba82dcea23e45df337372910db9c0827b8994ab3 Mon Sep 17 00:00:00 2001 From: baarkerlounger Date: Tue, 2 Aug 2022 14:56:02 +0100 Subject: [PATCH] Return not found for schemes when... not found --- app/controllers/schemes_controller.rb | 9 +++++++-- spec/requests/schemes_controller_spec.rb | 7 +++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/app/controllers/schemes_controller.rb b/app/controllers/schemes_controller.rb index 2bae8ae94..1fa33f230 100644 --- a/app/controllers/schemes_controller.rb +++ b/app/controllers/schemes_controller.rb @@ -18,6 +18,7 @@ class SchemesController < ApplicationController def show @scheme = Scheme.find_by(id: params[:id]) + render_not_found_json("Scheme", params[:id]) unless @scheme end def new @@ -193,11 +194,15 @@ private end def arrangement_type_set_to_same_org?(required_params) + return unless @scheme + arrangement_type_value(required_params[:arrangement_type]) == "D" || (required_params[:arrangement_type].blank? && @scheme.present? && @scheme.arrangement_type_same?) end def arrangement_type_changed_to_different_org?(required_params) - @scheme.present? && @scheme.arrangement_type_same? && arrangement_type_value(required_params[:arrangement_type]) != "D" && required_params[:managing_organisation_id].blank? + return unless @scheme + + @scheme.arrangement_type_same? && arrangement_type_value(required_params[:arrangement_type]) != "D" && required_params[:managing_organisation_id].blank? end def arrangement_type_value(key) @@ -215,7 +220,7 @@ private def authenticate_scope! head :unauthorized and return unless current_user.data_coordinator? || current_user.support? - if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name].include?(action_name) && !((current_user.organisation == @scheme.owning_organisation) || current_user.support?) + if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name].include?(action_name) && !((current_user.organisation == @scheme&.owning_organisation) || current_user.support?) render_not_found and return end end diff --git a/spec/requests/schemes_controller_spec.rb b/spec/requests/schemes_controller_spec.rb index 47ba637e3..dacb2e5eb 100644 --- a/spec/requests/schemes_controller_spec.rb +++ b/spec/requests/schemes_controller_spec.rb @@ -250,6 +250,13 @@ RSpec.describe SchemesController, type: :request do expect(response).to have_http_status(:not_found) end end + + context "when the requested scheme does not exist" do + it "returns not found" do + get "/schemes/#{Scheme.maximum(:id) + 1}" + expect(response).to have_http_status(:not_found) + end + end end context "when signed in as a support user" do