diff --git a/app/controllers/api/exchange_products_controller.rb b/app/controllers/api/exchange_products_controller.rb index 5b2e0f154d..e1821b36b3 100644 --- a/app/controllers/api/exchange_products_controller.rb +++ b/app/controllers/api/exchange_products_controller.rb @@ -18,7 +18,7 @@ module Api # In this case parameters are: enterprise_id, order_cycle_id and incoming # (order_cycle_id is not necessary for incoming exchanges) def index - if params[:exchange_id].present? + if exchange_params[:exchange_id].present? load_data_from_exchange else load_data_from_other_params @@ -59,7 +59,7 @@ module Api end def load_data_from_exchange - exchange = Exchange.find_by(id: params[:exchange_id]) + exchange = Exchange.find_by(id: exchange_params[:exchange_id]) @order_cycle = exchange.order_cycle @incoming = exchange.incoming @@ -67,14 +67,16 @@ module Api end def load_data_from_other_params - @enterprise = Enterprise.find_by(id: params[:enterprise_id]) + @enterprise = Enterprise.find_by(id: exchange_params[:enterprise_id]) - if params[:order_cycle_id] - @order_cycle = OrderCycle.find_by(id: params[:order_cycle_id]) - elsif !params[:incoming] + # This will be a string (eg "true") when it arrives via params, but we want a boolean + @incoming = ActiveModel::Type::Boolean.new.cast exchange_params[:incoming] + + if exchange_params[:order_cycle_id] + @order_cycle = OrderCycle.find_by(id: exchange_params[:order_cycle_id]) + elsif !@incoming raise "order_cycle_id is required to list products for new outgoing exchange" end - @incoming = params[:incoming] end def render_paginated_products(paginated_products) @@ -89,5 +91,10 @@ module Api pagination: pagination_data(paginated_products) } end + + def exchange_params + params.permit(:enterprise_id, :exchange_id, :order_cycle_id, :incoming). + to_h.with_indifferent_access + end end end