mzagaja
commented
6 years ago @ericyoungberg You can take a look at https://github.com/MAPC/youth-match-v2/blob/develop/spec/controllers/applicants_controller_spec.rb to see the request and format that is used by this controller in the previous iteration. Throw a binding.pry before applicants_controller.rb:37 if you want to examine the raw JSON in a rails console before it gets processed.
ericyoungberg
The applicant update endpoint does not appear to comply with the JSON API specification so needs to be updated so that a JSON API submission can validly update or create an applicant record.
Right now Safe Params are not used in the applicant endpoint as evidenced by applicants_controller.rb:37.
params.require(:applicant).permit!It should be something more like
ActiveModelSerializers::Deserialization.jsonapi_parse(params, only: [:first_name, :last_name, :email, :icims_id, :interests, :prefers_nearby, :has_transit_pass, :grid_id, :location, :lottery_number, :receive_text_messages, :mobile_phone, :guardian_name, :guardian_phone, :guardian_email, :in_school, :school_type, :bps_student, :bps_school_name, :current_grade_level, :english_first_language, :first_language, :fluent_other_language, :other_languages, :held_successlink_job_before, :previous_job_site, :wants_to_return_to_previous_job, :superteen_participant, :participant_essay, :address, :home_phone, :workflow_id, :user_id, :neighborhood, :id])But the current incoming JSON is not in the JSON API format (at least as far as I can tell).