Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check if course id is provided for series create #4617

Merged
merged 5 commits into from
Jul 28, 2023
Merged

Check if course id is provided for series create #4617

merged 5 commits into from
Jul 28, 2023

Conversation

freyavs
Copy link
Contributor

@freyavs freyavs commented May 5, 2023

This pull requests prevents series create from crashing when no course id is provided.
Closes #4147

@freyavs freyavs added the bug Something isn't working label May 5, 2023
@freyavs freyavs self-assigned this May 5, 2023
@jorg-vr jorg-vr changed the base branch from develop to main June 5, 2023 07:32
@freyavs freyavs marked this pull request as ready for review July 28, 2023 06:29
@freyavs freyavs requested a review from a team as a code owner July 28, 2023 06:29
@freyavs freyavs requested review from jorg-vr and chvp and removed request for a team July 28, 2023 06:29
@bmesuere bmesuere merged commit ae1dac1 into main Jul 28, 2023
@bmesuere bmesuere deleted the fix/series-without-courseid branch July 28, 2023 08:34
@bmesuere bmesuere temporarily deployed to naos July 28, 2023 08:35 — with GitHub Actions Inactive
@bmesuere bmesuere temporarily deployed to production July 28, 2023 08:39 — with GitHub Actions Inactive
niknetniko
niknetniko reviewed Jul 28, 2023
View reviewed changes
app/controllers/series_controller.rb
respond_to do |format|
if @series.save
if @series.course.present? && @series.save
format.html { redirect_to edit_series_path(@series), notice: I18n.t('controllers.created', model: Series.model_name.human) }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not entirely convinced this was the best solution, primarily because:

  • We now do validation directly in the controller: the model itself should validate the presence of the course, not the controller.
  • The check is done twice in the controller: once on line 111 and again on 117. I'm also not sure why 117 is necessary: if there are validation errors (as there are here, since we manually add them on line 114), the save method should not succeed.

Besides those, some more thoughts:

  • This isn't something that this PR did, but why do we authorise here on the Course policy, instead of the create? method of the Series policy (they seem to do the same thing)? Or, the other way around then, why is there a create? method on the Series policy if it isn't used here?
  • If we were to authorise on the Series policy, the crash would have also gone away, but the response would be 403 instead of 422. While maybe not the best response, it is more consistent with how we do it in other controllers (e.g. the evaluation controller) I think.

(The current code does work however, so this isn't very urgent)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right, authorizing on series would make more sense

@bmesuere bmesuere mentioned this pull request Jul 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@niknetniko niknetniko niknetniko left review comments

@bmesuere bmesuere bmesuere approved these changes

@jorg-vr jorg-vr jorg-vr approved these changes

@chvp chvp Awaiting requested review from chvp chvp was automatically assigned from dodona-edu/review

Assignees

@freyavs freyavs

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Series create crashes if no course id is provided
4 participants
@freyavs @bmesuere @niknetniko @jorg-vr