Added null check, and 404 for bad workshop id in enrollment controller

Andrew Oberhardt · Andrew Oberhardt · commit 429afed3beb3 · 2016-05-18T15:15:10.000-07:00
diff --git a/dashboard/app/controllers/api/v1/pd/workshops_controller.rb b/dashboard/app/controllers/api/v1/pd/workshops_controller.rb
@@ -70,7 +70,7 @@ def adjust_facilitators
 
     new_facilitator_ids.each do |facilitator_id|
       facilitator = User.find_by(id: facilitator_id)
-      next unless facilitator.facilitator?
+      next unless facilitator && facilitator.facilitator?
       @workshop.facilitators << facilitator
     end
   end
diff --git a/dashboard/app/controllers/pd/workshop_enrollment_controller.rb b/dashboard/app/controllers/pd/workshop_enrollment_controller.rb
@@ -5,7 +5,9 @@ def new
     view_options(no_footer: true)
     @workshop = ::Pd::Workshop.find_by_id params[:workshop_id]
 
-    if workshop_closed?
+    if @workshop.nil?
+      render_404
+    elsif workshop_closed?
       render :closed
     elsif workshop_full?
       render :full
@@ -24,6 +26,11 @@ def new
   # POST /pd/workshops/1/enroll
   def create
     @workshop = ::Pd::Workshop.find_by_id params[:workshop_id]
+    if @workshop.nil?
+      render_404
+      return
+    end
+
     enrollment_email = enrollment_params[:email]
     user = User.find_by_email enrollment_email
 
diff --git a/dashboard/test/controllers/pd/workshop_enrollment_controller_test.rb b/dashboard/test/controllers/pd/workshop_enrollment_controller_test.rb
@@ -67,13 +67,9 @@ class Pd::WorkshopEnrollmentControllerTest < ::ActionController::TestCase
     assert_template :full
   end
 
-  test 'enrollments can be created' do
-    assert_creates(Pd::Enrollment) do
-      post :create, workshop_id: @workshop.id, pd_enrollment: enrollment_test_params
-    end
-    enrollment = Pd::Enrollment.last
-    refute_nil enrollment.code
-    assert_redirected_to action: :show, code: enrollment.code
+  test 'unknown workshop id responds with 404' do
+    get :new, workshop_id: 'nonsense'
+    assert_response 404
   end
 
   test 'enroll post route' do
@@ -83,6 +79,15 @@ class Pd::WorkshopEnrollmentControllerTest < ::ActionController::TestCase
     )
   end
 
+  test 'enrollments can be created' do
+    assert_creates(Pd::Enrollment) do
+      post :create, workshop_id: @workshop.id, pd_enrollment: enrollment_test_params
+    end
+    enrollment = Pd::Enrollment.last
+    refute_nil enrollment.code
+    assert_redirected_to action: :show, code: enrollment.code
+  end
+
   test 'creating a duplicate enrollment renders duplicate view' do
     params = enrollment_test_params.merge({
       name: @existing_enrollment.name,
@@ -136,6 +141,11 @@ class Pd::WorkshopEnrollmentControllerTest < ::ActionController::TestCase
     assert_template :new
   end
 
+  test 'creating an enrollment on an unknown workshop id returns 404' do
+    post :create, workshop_id: 'nonsense', pd_enrollment: enrollment_test_params
+    assert_response 404
+  end
+
   test 'show route' do
     assert_routing(
       {path: "/pd/workshop_enrollment/#{@existing_enrollment.code}", method: :get},
