From ba82dcea23e45df337372910db9c0827b8994ab3 Mon Sep 17 00:00:00 2001
From: baarkerlounger <db@slothlife.xyz>
Date: Tue, 2 Aug 2022 14:56:02 +0100
Subject: [PATCH] Return not found for schemes when... not found

---
 app/controllers/schemes_controller.rb    | 9 +++++++--
 spec/requests/schemes_controller_spec.rb | 7 +++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/app/controllers/schemes_controller.rb b/app/controllers/schemes_controller.rb
index 2bae8ae94..1fa33f230 100644
--- a/app/controllers/schemes_controller.rb
+++ b/app/controllers/schemes_controller.rb
@@ -18,6 +18,7 @@ class SchemesController < ApplicationController
 
   def show
     @scheme = Scheme.find_by(id: params[:id])
+    render_not_found_json("Scheme", params[:id]) unless @scheme
   end
 
   def new
@@ -193,11 +194,15 @@ private
   end
 
   def arrangement_type_set_to_same_org?(required_params)
+    return unless @scheme
+
     arrangement_type_value(required_params[:arrangement_type]) == "D" || (required_params[:arrangement_type].blank? && @scheme.present? && @scheme.arrangement_type_same?)
   end
 
   def arrangement_type_changed_to_different_org?(required_params)
-    @scheme.present? && @scheme.arrangement_type_same? && arrangement_type_value(required_params[:arrangement_type]) != "D" && required_params[:managing_organisation_id].blank?
+    return unless @scheme
+
+    @scheme.arrangement_type_same? && arrangement_type_value(required_params[:arrangement_type]) != "D" && required_params[:managing_organisation_id].blank?
   end
 
   def arrangement_type_value(key)
@@ -215,7 +220,7 @@ private
   def authenticate_scope!
     head :unauthorized and return unless current_user.data_coordinator? || current_user.support?
 
-    if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name].include?(action_name) && !((current_user.organisation == @scheme.owning_organisation) || current_user.support?)
+    if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name].include?(action_name) && !((current_user.organisation == @scheme&.owning_organisation) || current_user.support?)
       render_not_found and return
     end
   end
diff --git a/spec/requests/schemes_controller_spec.rb b/spec/requests/schemes_controller_spec.rb
index 47ba637e3..dacb2e5eb 100644
--- a/spec/requests/schemes_controller_spec.rb
+++ b/spec/requests/schemes_controller_spec.rb
@@ -250,6 +250,13 @@ RSpec.describe SchemesController, type: :request do
           expect(response).to have_http_status(:not_found)
         end
       end
+
+      context "when the requested scheme does not exist" do
+        it "returns not found" do
+          get "/schemes/#{Scheme.maximum(:id) + 1}"
+          expect(response).to have_http_status(:not_found)
+        end
+      end
     end
 
     context "when signed in as a support user" do