From a9aab612b6590c268fdb21e4b0d0eabcfbace24f Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Thu, 18 Aug 2022 21:26:48 +0200 Subject: [PATCH] Extract updating the user role from params --- app/controllers/internal_users_controller.rb | 9 ++++++++- spec/controllers/internal_users_controller_spec.rb | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/app/controllers/internal_users_controller.rb b/app/controllers/internal_users_controller.rb index 27bcf79d..94e556dc 100644 --- a/app/controllers/internal_users_controller.rb +++ b/app/controllers/internal_users_controller.rb @@ -32,6 +32,7 @@ class InternalUsersController < ApplicationController def create @user = InternalUser.new(internal_user_params) + @user.role = role_param if current_user.admin? authorize! @user.send(:setup_activation) create_and_respond(object: @user) do @@ -72,10 +73,15 @@ class InternalUsersController < ApplicationController end def internal_user_params - params[:internal_user].permit(:consumer_id, :email, :name, :role) if params[:internal_user].present? + params.require(:internal_user).permit(:consumer_id, :email, :name) end private :internal_user_params + def role_param + params.require(:internal_user).permit(:role)[:role] + end + private :role_param + def new @user = InternalUser.new authorize! @@ -133,6 +139,7 @@ class InternalUsersController < ApplicationController # the form by another user. Otherwise, the update might fail if an # activation_token or password_reset_token is present @user.validate_password = current_user == @user + @user.role = role_param if current_user.admin? update_and_respond(object: @user, params: internal_user_params) end diff --git a/spec/controllers/internal_users_controller_spec.rb b/spec/controllers/internal_users_controller_spec.rb index cde7e530..27122894 100644 --- a/spec/controllers/internal_users_controller_spec.rb +++ b/spec/controllers/internal_users_controller_spec.rb @@ -135,7 +135,7 @@ describe InternalUsersController do end context 'with an invalid internal user' do - before { post :create, params: {internal_user: {}} } + before { post :create, params: {internal_user: {invalid_attribute: 'a string'}} } expect_assigns(user: InternalUser) expect_http_status(:ok)