Merge pull request #2741 from riking/badges_create_checks

FIX: Apply contract checks when first creating a badge

app/controllers/admin/badges_controller.rb

@@ -48,33 +48,22 @@ class Admin::BadgesController < Admin::AdminController
 
   def create
     badge = Badge.new
-    update_badge_from_params(badge)
-    badge.id = nil
-    badge.save!
-    render_serialized(badge, BadgeSerializer, root: "badge")
+    errors = update_badge_from_params(badge, new: true)
+
+    if errors.present?
+      render_json_error errors
+    else
+      render_serialized(badge, BadgeSerializer, root: "badge")
+    end
   end
 
   def update
     badge = find_badge
 
-    error = nil
-    Badge.transaction do
-      update_badge_from_params(badge)
+    errors = update_badge_from_params(badge)
 
-      # Perform checks to prevent bad queries
-      begin
-        BadgeGranter.contract_checks!(badge.query, { target_posts: badge.target_posts, trigger: badge.trigger })
-      rescue => e
-        # noinspection RubyUnusedLocalVariable
-        error = e.message
-        raise ActiveRecord::Rollback
-      end
-
-      badge.save!
-    end
-
-    if error
-      render_json_error error
+    if errors.present?
+      render_json_error errors
     else
       render_serialized(badge, BadgeSerializer, root: "badge")
     end
@@ -91,16 +80,36 @@ class Admin::BadgesController < Admin::AdminController
       Badge.find(params[:id])
     end
 
-    def update_badge_from_params(badge)
-      allowed = Badge.column_names.map(&:to_sym)
-      allowed -= [:id, :created_at, :updated_at, :grant_count]
-      allowed -= Badge.protected_system_fields if badge.system?
-      params.permit(*allowed)
+    # Options:
+    #   :new - reset the badge id to nil before saving
+    def update_badge_from_params(badge, opts={})
+      errors = []
+      Badge.transaction do
+        allowed = Badge.column_names.map(&:to_sym)
+        allowed -= [:id, :created_at, :updated_at, :grant_count]
+        allowed -= Badge.protected_system_fields if badge.system?
+        params.permit(*allowed)
 
-      allowed.each do |key|
-        badge.send("#{key}=" , params[key]) if params[key]
+        allowed.each do |key|
+          badge.send("#{key}=" , params[key]) if params[key]
+        end
+
+        # Badge query contract checks
+        begin
+          BadgeGranter.contract_checks!(badge.query, { target_posts: badge.target_posts, trigger: badge.trigger })
+        rescue => e
+          errors << [e.message]
+          raise ActiveRecord::Rollback
+        end
+
+        badge.id = nil if opts[:new]
+        badge.save!
       end
 
-      badge
+      if badge.errors
+        errors.push(*badge.errors.full_messages)
+      end
+
+      errors
     end
 end