From aa4e5fa903e54f510e9cffcbedf8f701a7164bfe Mon Sep 17 00:00:00 2001
From: Mariam A <tomariam@gmail.com>
Date: Tue, 13 Aug 2024 15:13:40 -0400
Subject: [PATCH] LTI-403: Prevent form submission with empty shared_code
 (#342)

Co-authored-by: Jesus Federico <jesus@123it.ca>
---
 app/controllers/rooms_controller.rb |  7 +------
 app/javascript/packs/edit.js        | 24 ++++++++++++------------
 app/models/room.rb                  | 12 +++++++++++-
 app/views/rooms/_form.html.erb      | 14 ++++----------
 app/views/shared/_room.html.erb     | 11 +++++------
 5 files changed, 33 insertions(+), 35 deletions(-)

diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb
index ca4f800c..b7fc87c6 100644
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@@ -103,16 +103,11 @@ def create
   # PATCH/PUT /rooms/1.json
   def update
     respond_to do |format|
-      # block update if shared_code doesn't exist
-      shared_code = room_params[:shared_code]
-      code_found =  shared_code.blank? ? true : Room.where(code: shared_code, tenant: @room.tenant).exists?
-
-      if code_found && @room.update(room_params)
+      if @room.update(room_params)
         format.html { redirect_to(room_path(@room, launch_nonce: params[:launch_nonce]), notice: t('default.room.updated')) }
         format.json { render(:show, status: :ok, location: @room) }
       else
         # If the room wasn't updated because a code was not found then show an error message
-        flash.now[:alert] = code_found ? nil : t('error.room.codenotfound.message')
         format.html { render(:edit) }
         format.json { render(json: @error, status: :unprocessable_entity) }
       end
diff --git a/app/javascript/packs/edit.js b/app/javascript/packs/edit.js
index 900e81a8..cb8abbd6 100644
--- a/app/javascript/packs/edit.js
+++ b/app/javascript/packs/edit.js
@@ -135,17 +135,17 @@ $(document).on('turbolinks:load', function () {
     checkSharedCodeCheckboxStatus();
 
 
-		// Show loading indicator when 'Update' or 'Cancel' buttons are pressed
-		const updateButton = $('#form-update-btn');
-		updateButton.on('click', (event) => {
-			event.preventDefault();
-			updateButton.attr('value', 'Loading...');
-			$('#edit-form').trigger('submit');
-		})
-
-		const cancelButton = $(this.getElementsByName('cancel'));
-		cancelButton.on('click', (event) => {
-			cancelButton.text('Loading...');
-		})
+    // Show loading indicator when 'Update' or 'Cancel' buttons are pressed
+    const updateButton = $('#form-update-btn');
+    updateButton.on('click', (event) => {
+        event.preventDefault();
+        updateButton.attr('value', 'Loading...');
+        $('#edit-form').trigger('submit');
+    })
+
+    const cancelButton = $(this.getElementsByName('cancel'));
+    cancelButton.on('click', (event) => {
+        cancelButton.text('Loading...');
+    })
 
 });
diff --git a/app/models/room.rb b/app/models/room.rb
index bfb8ed64..f9678c8b 100644
--- a/app/models/room.rb
+++ b/app/models/room.rb
@@ -16,6 +16,8 @@
 #  You should have received a copy of the GNU Lesser General Public License along
 #  with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 class Room < ApplicationRecord
+  include BrokerHelper
+
   before_save :default_values
 
   store_accessor :settings, %i[lockSettingsDisableCam lockSettingsDisableMic lockSettingsDisablePrivateChat lockSettingsDisablePublicChat lockSettingsDisableNote]
@@ -27,7 +29,7 @@ class Room < ApplicationRecord
 
   attr_accessor :can_grade
 
-  include BrokerHelper
+  validate :shared_code_presence, if: -> { use_shared_code }
 
   RECORDING_SETTINGS = [:record, :autoStartRecording, :allowStartStopRecording].freeze
   ROOM_SETTINGS = [:guestPolicy, :allModerators].freeze
@@ -148,3 +150,11 @@ def generate_unique_code
     end
   end
 end
+
+def shared_code_presence
+  errors.add(:shared_code, "The shared code can't be blank when 'Use Shared Code' is enabled") && return if shared_code.blank?
+
+  return if Room.where(code: shared_code, tenant: tenant).exists?
+
+  errors.add(:shared_code, 'A room with this code could not be found')
+end
diff --git a/app/views/rooms/_form.html.erb b/app/views/rooms/_form.html.erb
index 1408b079..11e58fa9 100644
--- a/app/views/rooms/_form.html.erb
+++ b/app/views/rooms/_form.html.erb
@@ -16,13 +16,7 @@
 <%= form_with(model: room, local: true, class: "form fill", :url => room_path(@room, :launch_nonce => @launch_nonce), name: 'edit-form', id: 'edit-form' ) do |form| %>
   <% if room.errors.any? %>
     <div id="error_explanation">
-      <h2><%= pluralize(room.errors.count, "error") %> prohibited this room from being saved:</h2>
-
-      <ul>
-      <% room.errors.full_messages.each do |message| %>
-        <li><%= message %></li>
-      <% end %>
-      </ul>
+      <h2><%= pluralize(room.errors.count, "error") %> prohibited this room from being saved.</h2>
     </div>
   <% end %>
 
@@ -152,9 +146,9 @@
       </div>
 		</div>
 
-		<% unless flash[:alert] == nil %>
-			<div class="ml-3 text-sm font-medium text-red-500">
-				<%= flash.alert %>
+		<% if @room.errors[:shared_code].any? %>
+			<div class="text-sm font-medium text-red-500">
+				<%= @room.errors[:shared_code].first %>
 			</div>
 		<% end %>
 		<div class="field form-group input-group">
diff --git a/app/views/shared/_room.html.erb b/app/views/shared/_room.html.erb
index 6dec6082..1fe29c63 100644
--- a/app/views/shared/_room.html.erb
+++ b/app/views/shared/_room.html.erb
@@ -13,7 +13,6 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 %>
 
-	<% room = @room.use_shared_code ? @shared_room : @room %>
 	<div id="chosenRoomId" ></div>
 
   <div id="access-alert" style="background-color: #fffacd;" class="mb-4 p-4 rounded-lg hidden">
@@ -115,8 +114,8 @@
   <div class="">
     <div class="flex justify-between items-center pt-2">
       <div class="flex justify-start items-center">
-        <% unless room.hide_name %>
-          <p class="text-4xl font-sans inline-block font-light"><%= room.name %></p>  
+        <% unless @chosen_room.hide_name %>
+          <p class="text-4xl font-sans inline-block font-light"><%= @chosen_room.name %></p>  
         <% end %>
       </div>
 
@@ -139,7 +138,7 @@
                 class: "font-sans text-center text-red-600 border ml-2 border-red-600 px-4 py-2 w-50 mb-0 bg-white rounded hover:text-white hover:bg-red-600", 
                 id: 'end-meeting-btn', 
                 style: visible,
-                data: {url: meeting_end_path(room, :launch_nonce => @launch_nonce), room: room.id} %>
+                data: {url: meeting_end_path(@chosen_room, :launch_nonce => @launch_nonce), room: @chosen_room.id} %>
           <% end %> 
         </div>
       </div>     
@@ -148,8 +147,8 @@
 
   <!-- Row 3: Room description -->
   <div class="pt-3 pb-5">
-    <% unless room.hide_description %>
-      <p class= "leading-loose text-md w-1/2"><%= room.description %></p>
+    <% unless @chosen_room.hide_description %>
+      <p class= "leading-loose text-md w-1/2"><%= @chosen_room.description %></p>
     <% end %>
   </div>