Skip to content

Commit 865cf14

Browse files
Ensure a finalized audit can not be edited
While the validation added prevented a finalized audit to have its status changed, QA showed that it was possible to edit and audit that has already been finalized. With this change, we prevent any edits from being made to a finalized audit and display a message for the user to make the experience better. It also refactors the check to a before_action block to be reused on any other actions for a finalized audit and to keep the controller DRY.
1 parent 1405fe0 commit 865cf14

2 files changed

Lines changed: 20 additions & 5 deletions

File tree

app/controllers/audits_controller.rb

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
class AuditsController < ApplicationController
33
before_action :authorize_admin
44
before_action :set_audit, only: %i(show edit update destroy finalize)
5+
before_action :ensure_audit_is_editable, only: %i(finalize update)
56

67
def index
78
@selected_location = filter_params[:at_location]
@@ -36,11 +37,6 @@ def finalize
3637
end
3738

3839
def update
39-
if @audit.reload.finalized?
40-
redirect_to audit_path(@audit), error: "This audit has been finalized and cannot be edited."
41-
return
42-
end
43-
4440
@audit.line_items.destroy_all
4541
if @audit.update(audit_params)
4642
save_audit_status_and_redirect(params)
@@ -85,6 +81,12 @@ def destroy
8581

8682
private
8783

84+
def ensure_audit_is_editable
85+
if @audit.reload.finalized?
86+
redirect_to audit_path(@audit), error: "This audit has been finalized and cannot be edited."
87+
end
88+
end
89+
8890
def handle_audit_errors
8991
error_message = @audit.errors.uniq(&:attribute).map do |error|
9092
attr = (error.attribute.to_s == 'base') ? '' : error.attribute.capitalize

spec/requests/audits_requests_spec.rb

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -203,6 +203,19 @@
203203
expect(audit.reload).to be_finalized
204204
expect(AuditEvent.count).to eq(1)
205205
end
206+
207+
context "when the audit has already been finalized" do
208+
it "does not create a new AuditEvent and redirects to the finalized audit" do
209+
finalized_audit = create(:audit, organization: organization, status: :finalized)
210+
211+
expect do
212+
post audit_finalize_path(audit_id: finalized_audit.to_param)
213+
end.not_to change(AuditEvent, :count)
214+
215+
expect(response).to redirect_to(audit_path(finalized_audit))
216+
expect(flash[:error]).to include("This audit has been finalized and cannot be edited.")
217+
end
218+
end
206219
end
207220

208221
describe "DELETE #destroy" do

0 commit comments

Comments
 (0)