From 48ed74c4ce06f90ddaf77f577e6a8d4c8802aefd Mon Sep 17 00:00:00 2001 From: Angus McLeod Date: Thu, 2 Nov 2017 15:41:14 +0800 Subject: [PATCH] Properly pass and permit submission data --- controllers/steps.rb | 7 +++++-- lib/builder.rb | 19 +++++++++---------- lib/wizard.rb | 21 ++++++++++++++++++--- 3 files changed, 32 insertions(+), 15 deletions(-) diff --git a/controllers/steps.rb b/controllers/steps.rb index e795abf6..3abd274f 100644 --- a/controllers/steps.rb +++ b/controllers/steps.rb @@ -2,8 +2,11 @@ class CustomWizard::StepsController < ApplicationController before_action :ensure_logged_in def update - wizard = CustomWizard::Builder.new(current_user, params[:wizard_id].underscore).build - updater = wizard.create_updater(params[:step_id], params[:fields]) + field_ids = CustomWizard::Wizard.field_ids(params[:wizard_id], params[:step_id]) + permitted = params.permit(:step_id, :wizard_id, fields: field_ids.map(&:to_sym)) if field_ids.present? + + wizard = CustomWizard::Builder.new(current_user, permitted[:wizard_id].underscore).build + updater = wizard.create_updater(permitted[:step_id], permitted[:fields]) updater.update if updater.success? diff --git a/lib/builder.rb b/lib/builder.rb index aa0e99d9..e6e6d1fd 100644 --- a/lib/builder.rb +++ b/lib/builder.rb @@ -100,14 +100,11 @@ class CustomWizard::Builder step.on_update do |updater| @updater = updater - submission = @submissions.last || {} - step_input = updater.fields || {} user = @wizard.user - final_step = updater.step.next.nil? if s['fields'] && s['fields'].length s['fields'].each do |f| - value = step_input[f['id']] + value = updater.fields[f['id']] min_length = f['min_length'] if min_length && value.is_a?(String) && value.length < min_length.to_i label = f['label'] || I18n.t("#{f['key']}.label") @@ -126,13 +123,14 @@ class CustomWizard::Builder next if updater.errors.any? - if @wizard.save_submissions - data = submission - else - data = step_input + step_input = updater.fields.to_h + data = step_input + final_step = updater.step.next.nil? - # Allow redirect to be passed to wizard that doesn't save submissions. - data['redirect_to'] = submission['redirect_to'] if submission['redirect_to'] + ## if the wizard has data from the previous steps make that accessible to the actions. + if @submissions && @submissions.last && !@submissions.last.key?("submitted_at") + submission = @submissions.last + data = submission.merge(data) end if s['actions'] && s['actions'].length @@ -221,6 +219,7 @@ class CustomWizard::Builder a['profile_updates'].each do |pu| attributes[pu['value'].to_sym] = data[pu['key']] end + puts "UPDATING WITH: #{attributes}" user_updater.update(attributes) if attributes.present? end end diff --git a/lib/wizard.rb b/lib/wizard.rb index f58b37b1..af682762 100644 --- a/lib/wizard.rb +++ b/lib/wizard.rb @@ -115,9 +115,24 @@ class CustomWizard::Wizard end end + def self.steps(wizard_id) + wizard = PluginStore.get('custom_wizard', wizard_id) + wizard ? wizard['steps'] : nil + end + def self.step_ids(wizard_id) - data = PluginStore.get('custom_wizard', wizard_id) - steps = data['steps'] || [] - steps.map { |s| s['id'] }.flatten.uniq + steps = self.steps(wizard_id) + steps.map { |s| s['id'] }.flatten.uniq if steps + end + + def self.field_ids(wizard_id, step_id) + steps = self.steps(wizard_id) + return nil if !steps + step = steps.select { |s| s['id'] === step_id }.first + if step && fields = step['fields'] + fields.map { |f| f['id'] } + else + nil + end end end