fix: prevent changing anonymous questionnaires to non-anonymous

traPtitech · Nov 10, 2024 · 005db48 · 005db48
1 parent 10a2f2e
commit 005db48
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 71 deletions.
diff --git a/controller/questionnaire.go b/controller/questionnaire.go
@@ -296,12 +296,23 @@ func (q Questionnaire) GetQuestionnaire(ctx echo.Context, questionnaireID int) (
 }
 
 func (q Questionnaire) EditQuestionnaire(c echo.Context, questionnaireID int, params openapi.EditQuestionnaireJSONRequestBody) error {
+	// unable to change the questionnaire from anoymous to non-anonymous
+	isAnonymous, err := q.GetResponseIsAnonymousByQuestionnaireID(c.Request().Context(), questionnaireID)
+	if err != nil {
+		c.Logger().Errorf("failed to get anonymous info: %+v", err)
+		return echo.NewHTTPError(http.StatusInternalServerError, "failed to get anonymous info")
+	}
+	if isAnonymous && !params.IsAnonymous {
+		c.Logger().Info("unable to change the questionnaire from anoymous to non-anonymous")
+		return echo.NewHTTPError(http.StatusMethodNotAllowed, "unable to change the questionnaire from anoymous to non-anonymous")
+	}
+
 	responseDueDateTime := null.Time{}
 	if params.ResponseDueDateTime != nil {
 		responseDueDateTime.Valid = true
 		responseDueDateTime.Time = *params.ResponseDueDateTime
 	}
-	err := q.ITransaction.Do(c.Request().Context(), nil, func(ctx context.Context) error {
+	err = q.ITransaction.Do(c.Request().Context(), nil, func(ctx context.Context) error {
 		err := q.UpdateQuestionnaire(ctx, params.Title, params.Description, responseDueDateTime, string(params.ResponseViewableBy), questionnaireID, params.IsPublished, params.IsAnonymous)
 		if err != nil && !errors.Is(err, model.ErrNoRecordUpdated) {
 			c.Logger().Errorf("failed to update questionnaire: %+v", err)

diff --git a/docs/swagger/swagger.yaml b/docs/swagger/swagger.yaml
@@ -91,7 +91,7 @@ paths: # TODO 変数の命名を確認する
       operationId: editQuestionnaire
       tags:
         - questionnaire
-      description: アンケートの情報を変更します。
+      description: アンケートの情報を変更します。匿名のアンケートを非匿名アンケートに変更することができません。
       parameters:
         - $ref: "#/components/parameters/questionnaireIDInPath"
       requestBody:
@@ -105,6 +105,8 @@ paths: # TODO 変数の命名を確認する
           description: 正常にアンケートを変更できました。
         "400":
           description: アンケートのIDが無効です
+        "405":
+          description: 匿名のアンケートを非匿名アンケートに変更することができません
         "500":
           description: 正常にアンケートを変更できませんでした
     delete:

diff --git a/handler/questionnaire.go b/handler/questionnaire.go
@@ -93,7 +93,7 @@ func (h Handler) EditQuestionnaire(ctx echo.Context, questionnaireID openapi.Que
 	err := q.EditQuestionnaire(ctx, questionnaireID, params)
 	if err != nil {
 		ctx.Logger().Errorf("failed to edit questionnaire: %+v", err)
-		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Errorf("failed to edit questionnaire: %w", err))
+		return err
 	}
 
 	return ctx.NoContent(200)

diff --git a/openapi/spec.go b/openapi/spec.go