Class: FormTemplateYamlValidator

Inherits:
ActiveModel::Validator
  • Object
show all
Defined in:
lib/validators/form_template_yaml_validator.rb

Constant Summary collapse

RESERVED_KEYWORDS = 
%w[title body category category_id tags]
ALLOWED_TYPES = 
%w[checkbox dropdown input multi-select textarea upload]
HTML_SANITIZATION_OPTIONS = 
{
  elements: ["a"],
  attributes: {
    "a" => %w[href target],
  },
  protocols: {
    "a" => {
      "href" => %w[http https mailto],
    },
  },
}

Instance Method Summary collapse

Instance Method Details

#check_allowed_types(record, field) ⇒ Object 



39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/validators/form_template_yaml_validator.rb', line 39

def check_allowed_types(record, field)
  if !ALLOWED_TYPES.include?(field["type"])
    record.errors.add(
      :template,
      I18n.t(
        "form_templates.errors.invalid_type",
        type: field["type"],
        valid_types: ALLOWED_TYPES.join(", "),
      ),
    )
  end
end

#check_descriptions_html(record, field) ⇒ Object 



59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/validators/form_template_yaml_validator.rb', line 59

def check_descriptions_html(record, field)
  description = field.dig("attributes", "description")

  return if description.blank?

  sanitized_html = Sanitize.fragment(description, HTML_SANITIZATION_OPTIONS)

  is_safe_html = sanitized_html == Loofah.html5_fragment(description).to_s

  unless is_safe_html
    record.errors.add(:template, I18n.t("form_templates.errors.unsafe_description"))
  end
end

#check_ids(record, field, existing_ids) ⇒ Object 



73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/validators/form_template_yaml_validator.rb', line 73

def check_ids(record, field, existing_ids)
  if RESERVED_KEYWORDS.include?(field["id"])
    record.errors.add(:template, I18n.t("form_templates.errors.reserved_id", id: field["id"]))
  end

  if existing_ids.include?(field["id"])
    record.errors.add(:template, I18n.t("form_templates.errors.duplicate_ids"))
  end

  existing_ids << field["id"] if field["id"].present?
end

#check_missing_fields(record, field) ⇒ Object 



52
53
54
55
56
57
 
# File 'lib/validators/form_template_yaml_validator.rb', line 52

def check_missing_fields(record, field)
  if field["type"].blank?
    record.errors.add(:template, I18n.t("form_templates.errors.missing_type"))
  end
  record.errors.add(:template, I18n.t("form_templates.errors.missing_id")) if field["id"].blank?
end

#validate(record) ⇒ Object 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/validators/form_template_yaml_validator.rb', line 18

def validate(record)
  begin
    yaml = Psych.safe_load(record.template)

    unless yaml.is_a?(Array)
      record.errors.add(:template, I18n.t("form_templates.errors.invalid_yaml"))
      return
    end

    existing_ids = []
    yaml.each do |field|
      check_missing_fields(record, field)
      check_allowed_types(record, field)
      check_ids(record, field, existing_ids)
      check_descriptions_html(record, field)
    end
  rescue Psych::SyntaxError
    record.errors.add(:template, I18n.t("form_templates.errors.invalid_yaml"))
  end
end