Files
fizzy/app/controllers/boards_controller.rb
T
Rob Zolkos 23ac76555b Validate and normalize auto-postpone period to days (#2672)
* Validate and normalize auto-postpone period to days

- Add Entropy::AUTO_POSTPONE_PERIODS and validate auto_postpone_period against the allowed set
- Introduce auto_postpone_period_in_days for forms and entropy update endpoints
- Fall back to index 0 in knob partial when current value isn't in options
- Remove entropy_auto_close_options helper in favor of model constant
- Update tests to use allowed period values

* Use auto_postpone_period_in_days for JSON entropy updates

The JSON API was accepting auto_postpone_period (seconds) which
bypassed the days normalization and validation. Switch to
auto_postpone_period_in_days consistently and add explicit
wrap_parameters so flat JSON params are wrapped correctly for
the virtual attribute.

* Default to account or 30-day fallback when knob value is invalid

* Address PR review feedback for entropy validation

- Fall back to first knob option (index 0) when persisted value isn't in
  the allowed set, preventing nil index errors for legacy values
- Use integer division (1.day.to_i) for consistent day calculations

* Default to account entropy period instead of first option for knob fallback

* Test that default auto-postpone period is in the allowed periods

* Return 422 instead of 500 for invalid entropy auto-postpone values

Rescue ActiveRecord::RecordInvalid in entropy controllers so invalid
auto_postpone_period_in_days values return 422 Unprocessable Entity
instead of raising a 500.

* Fix NoMethodError when board entropy falls back to account default

Use container.account.entropy.auto_postpone_period_in_days instead of
container.account.auto_postpone_period_in_days since Account doesn't
delegate that method.

* Test board entropy fallback to account default for invalid periods
2026-03-09 17:37:56 -04:00

106 lines
2.6 KiB
Ruby

class BoardsController < ApplicationController
include FilterScoped
before_action :set_board, except: %i[ index new create ]
before_action :ensure_permission_to_admin_board, only: %i[ update destroy ]
def index
set_page_and_extract_portion_from Current.user.boards.ordered_by_recently_accessed.includes(creator: :identity)
fresh_when etag: @page.records
end
def show
if @filter.used?(ignore_boards: true)
show_filtered_cards
else
show_columns
end
end
def new
@board = Board.new
end
def create
@board = Board.create! board_params.with_defaults(all_access: true)
respond_to do |format|
format.html { redirect_to board_path(@board) }
format.json { render :show, status: :created, location: board_path(@board, format: :json) }
end
end
def edit
selected_user_ids = @board.users.ids
@selected_users, @unselected_users = \
@board.account.users.active.alphabetically.includes(:identity).partition { |user| selected_user_ids.include? user.id }
end
def update
@board.update! board_params
@board.accesses.revise granted: grantees, revoked: revokees if grantees_changed?
respond_to do |format|
format.html do
if @board.accessible_to?(Current.user)
redirect_to edit_board_path(@board), notice: "Saved"
else
redirect_to root_path, notice: "Saved (you were removed from the board)"
end
end
format.json { head :no_content }
end
end
def destroy
@board.destroy
respond_to do |format|
format.html { redirect_to root_path }
format.json { head :no_content }
end
end
private
def set_board
@board = Current.user.boards.find params[:id]
end
def ensure_permission_to_admin_board
unless Current.user.can_administer_board?(@board)
head :forbidden
end
end
def grantees_changed?
params.key?(:user_ids)
end
def show_filtered_cards
@filter.board_ids = [ @board.id ]
set_page_and_extract_portion_from @filter.cards
end
def show_columns
cards = @board.cards.awaiting_triage.latest.with_golden_first.preloaded
set_page_and_extract_portion_from cards
fresh_when etag: [ @board, @page.records, @user_filtering, Current.account ]
end
def board_params
params.expect(board: [ :name, :all_access, :auto_postpone_period_in_days, :public_description ])
end
def grantees
@board.account.users.active.where id: grantee_ids
end
def revokees
@board.users.where.not id: grantee_ids
end
def grantee_ids
params.fetch :user_ids, []
end
end