Skip to content

Commit 7a1bedf

Browse files
robzolkosrobzolkos
committed
Scope tag_ids assignment to the card account
1 parent 16c56dc commit 7a1bedf

3 files changed

Lines changed: 53 additions & 0 deletions

File tree

app/models/card/taggable.rb

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,13 @@ module Card::Taggable
88
scope :tagged_with, ->(tags) { joins(:taggings).where(taggings: { tag: tags }) }
99
end
1010

11+
def tag_ids=(ids)
12+
ids = Array(ids).compact_blank
13+
account_scope = account || board&.account || Current.account
14+
15+
self.tags = ids.present? ? account_scope.tags.find(ids) : []
16+
end
17+
1118
def toggle_tag_with(title)
1219
tag = account.tags.find_or_create_by!(title: title)
1320

test/controllers/cards_controller_test.rb

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -222,6 +222,28 @@ class CardsControllerTest < ActionDispatch::IntegrationTest
222222
assert_equal [ tag.title ], @response.parsed_body["tags"]
223223
end
224224

225+
test "create as JSON with nonexistent tag_ids returns not found" do
226+
assert_no_difference -> { Card.count } do
227+
post board_cards_path(boards(:writebook)),
228+
params: { card: { title: "Tagged card", tag_ids: [ "does-not-exist" ] } },
229+
as: :json
230+
end
231+
232+
assert_response :not_found
233+
end
234+
235+
test "create as JSON with foreign-account tag_ids returns not found" do
236+
foreign_tag = accounts(:initech).tags.create!(title: "foreign")
237+
238+
assert_no_difference -> { Card.count } do
239+
post board_cards_path(boards(:writebook)),
240+
params: { card: { title: "Tagged card", tag_ids: [ foreign_tag.id ] } },
241+
as: :json
242+
end
243+
244+
assert_response :not_found
245+
end
246+
225247
test "create as JSON with custom created_at" do
226248
custom_time = Time.utc(2024, 1, 15, 10, 30, 0)
227249

@@ -319,6 +341,16 @@ class CardsControllerTest < ActionDispatch::IntegrationTest
319341
assert_equal [ tag.title ], @response.parsed_body["tags"]
320342
end
321343

344+
test "update as JSON with foreign-account tag_ids returns not found" do
345+
card = cards(:logo)
346+
foreign_tag = accounts(:initech).tags.create!(title: "foreign")
347+
348+
put card_path(card, format: :json), params: { card: { tag_ids: [ foreign_tag.id ] } }
349+
350+
assert_response :not_found
351+
assert_equal [ tags(:web) ], card.reload.tags
352+
end
353+
322354
test "update as JSON with description and tag_ids busts the card cache key" do
323355
card = cards(:logo)
324356
original_cache_key = card.cache_key_with_version

test/models/card/taggable_test.rb

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,4 +38,18 @@ class Card::TaggableTest < ActiveSupport::TestCase
3838
assert @card.reload.updated_at > card_updated_at
3939
assert board.reload.updated_at > board_updated_at
4040
end
41+
42+
test "updating tag_ids raises when a tag does not exist" do
43+
assert_raises(ActiveRecord::RecordNotFound) do
44+
@card.update!(tag_ids: [ "does-not-exist" ])
45+
end
46+
end
47+
48+
test "updating tag_ids raises when the tag belongs to another account" do
49+
foreign_tag = accounts(:initech).tags.create!(title: "foreign")
50+
51+
assert_raises(ActiveRecord::RecordNotFound) do
52+
@card.update!(tag_ids: [ foreign_tag.id ])
53+
end
54+
end
4155
end

0 commit comments

Comments
 (0)