Personalized forms checks type before insert a field

Author: clbustos

controllers/reviews/fields.rb

@@ -30,7 +30,12 @@
 
   @campo_previo=@review.fields.where(:name=>name)
   if @campo_previo.empty?
-    SrField.insert(:systematic_review_id=>rs_id, :order=>params['order'],:name=>name, :description=>params['description'], :type=>params['type'].chomp,:options=>params['options'])
+
+    type=params['type'].chomp
+
+    halt 500, "Not valid type #{type}" unless SrField.is_valid_type?(type)
+
+    SrField.insert(:systematic_review_id=>rs_id, :order=>params['order'],:name=>name, :description=>params['description'], :type=>type,:options=>params['options'])
     add_message(t('sr_new_sr_edit_field.doesnt_existfield.success', name:params['name']))
 
   else

model/rs_campo.rb

@@ -28,7 +28,9 @@
 
 class SrField < Sequel::Model
   AVAILABLE_TYPES=[:text,:textarea,:select,:multiple]
-
+  def self.is_valid_type?(type)
+    AVAILABLE_TYPES.include? type.to_s.chomp.to_sym
+  end
   def self.types_a_sequel(campo)
     if campo[:type] == 'text'
       [campo[:name].to_sym, String, null: true]

spec/personalized_form_spec.rb

@@ -10,9 +10,14 @@
   def create_field_1
     post '/review/1/new_field', name:'field_1', order:1, description:'First question', type:'text' ,options:''
   end
+
   def create_field_2
     post '/review/1/new_field', name:'field_2', order:2, description:'Second question', type:'text' ,options:''
   end
+  def bad_field_3
+    post '/review/1/new_field', name:'field_3', order:3, description:'First question', type:'no_type' ,options:''
+  end
+
   def delete_all_fields
 
   end
@@ -34,6 +39,21 @@ def delete_all_fields
       expect(SrField.where(:systematic_review_id=>1,:name=>'field_1').count).to eq(1)
     end
   end
+  context "when we add a new text field with wrong type" do
+    before(:context) do
+      bad_field_3
+    end
+    it "should not be redirect" do
+      expect(last_response).to_not be_redirect
+    end
+    it "should be status 500" do
+      expect(last_response.status).to eq(500)
+    end
+
+    it "should not add a new field on database" do
+      expect(SrField.where(:systematic_review_id=>1,:name=>'field_3').count).to eq(0)
+    end
+  end
 
   context "when we update the text field" do
     before(:context) do