Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions spec/lib/submissions/create_from_submitters_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -92,4 +92,34 @@ def call(template:, submitters_order:)
expect(submitter_uuids).not_to include(template.submitters[1]['uuid'])
end
end

describe 'external_id' do
let(:attrs_with_external_id) do
template.submitters.map.with_index do |s, index|
{ 'uuid' => s['uuid'], 'email' => Faker::Internet.email,
'external_id' => "ats-user-#{index + 1}" }.with_indifferent_access
Comment on lines +98 to +100

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Part of me wonders if we should encrypt the payload somehow so that we're not transmitting plain IDs, but I won't block this PR over that, just something to think about 🤔

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 The user IDs are already exposed in ATS URLs/views (they're database PKs), the external_id is never browser-visible (matching is server-side via slug lookup), and we're already transmitting plain task-assignment-#{id} in the same payload unencrypted. I'm not sure this is worth it at this point.

end
end

it 'persists external_id provided on each submitter' do
submissions = described_class.call(
template:,
user:,
submissions_attrs: [{ 'submitters' => attrs_with_external_id }.with_indifferent_access],
source: :api,
submitters_order: 'simultaneous'
)

persisted = submissions.first.submitters.sort_by do |s|
template.submitters.index { |ts| ts['uuid'] == s.uuid }
end
expect(persisted.map(&:external_id)).to eq(%w[ats-user-1 ats-user-2])
end

it 'leaves external_id blank when not provided' do
submissions = call(template:, submitters_order: 'simultaneous')

expect(submissions.first.submitters.map(&:external_id)).to all(be_nil)
end
end
end
11 changes: 11 additions & 0 deletions spec/requests/submissions_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,17 @@
expect(response.parsed_body[1]['email']).to eq('jane.doe@example.com')
end

it 'persists external_id passed on each submitter' do
post '/api/submissions', headers: { 'x-auth-token': author.access_token.token }, params: {
template_id: templates[0].id,
send_email: true,
submitters: [{ role: 'Employee', email: 'john.doe@example.com', external_id: 'ats-user-42' }]
}.to_json

expect(response).to have_http_status(:ok)
expect(Submission.last.submitters.first.external_id).to eq('ats-user-42')
end

it 'returns an error if the submitter email is invalid' do
post '/api/submissions', headers: { 'x-auth-token': author.access_token.token }, params: {
template_id: templates[0].id,
Expand Down
Loading