Closed mzagaja closed 6 years ago
@ericyoungberg You can take a look at https://github.com/MAPC/youth-match-v2/blob/develop/spec/controllers/applicants_controller_spec.rb to see the request and format that is used by this controller in the previous iteration. Throw a binding.pry before applicants_controller.rb:37 if you want to examine the raw JSON in a rails console before it gets processed.
I think we can close this issue since we are no longer allowing the ability to update applicant data once the data has been imported from ICIMs.
The applicant update endpoint does not appear to comply with the JSON API specification so needs to be updated so that a JSON API submission can validly update or create an applicant record.
Right now Safe Params are not used in the applicant endpoint as evidenced by applicants_controller.rb:37.
params.require(:applicant).permit!
It should be something more like
ActiveModelSerializers::Deserialization.jsonapi_parse(params, only: [:first_name, :last_name, :email, :icims_id, :interests, :prefers_nearby, :has_transit_pass, :grid_id, :location, :lottery_number, :receive_text_messages, :mobile_phone, :guardian_name, :guardian_phone, :guardian_email, :in_school, :school_type, :bps_student, :bps_school_name, :current_grade_level, :english_first_language, :first_language, :fluent_other_language, :other_languages, :held_successlink_job_before, :previous_job_site, :wants_to_return_to_previous_job, :superteen_participant, :participant_essay, :address, :home_phone, :workflow_id, :user_id, :neighborhood, :id])
But the current incoming JSON is not in the JSON API format (at least as far as I can tell).