From 98f3f172a958f7e9cac937861381b09d3ce89b04 Mon Sep 17 00:00:00 2001
From: Jakub Kottnauer <jk@jakubkottnauer.com>
Date: Mon, 27 May 2024 16:01:08 +0200
Subject: [PATCH] Validate transaction filtering params (#810)

---
 .../transactions/merchants_controller.rb      |  2 +-
 app/controllers/transactions_controller.rb    |  3 ++-
 app/models/transaction.rb                     | 27 ++++++++++++++-----
 .../search_form/_account_filter.html.erb      |  2 +-
 .../search_form/_category_filter.html.erb     |  2 +-
 .../search_form/_merchant_filter.html.erb     |  2 +-
 6 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/app/controllers/transactions/merchants_controller.rb b/app/controllers/transactions/merchants_controller.rb
index 809a8e91..470953a5 100644
--- a/app/controllers/transactions/merchants_controller.rb
+++ b/app/controllers/transactions/merchants_controller.rb
@@ -4,7 +4,7 @@ class Transactions::MerchantsController < ApplicationController
   before_action :set_merchant, only: %i[ edit update destroy ]
 
   def index
-    @merchants = Current.family.transaction_merchants
+    @merchants = Current.family.transaction_merchants.alphabetically
   end
 
   def new
diff --git a/app/controllers/transactions_controller.rb b/app/controllers/transactions_controller.rb
index 55cc84ce..5208e1e5 100644
--- a/app/controllers/transactions_controller.rb
+++ b/app/controllers/transactions_controller.rb
@@ -13,7 +13,8 @@ class TransactionsController < ApplicationController
       income: result.inflows.sum(&:amount_money).abs,
       expense: result.outflows.sum(&:amount_money).abs
     }
-    @filter_list = Transaction.build_filter_list(search_params, Current.family)
+    @filter_list, valid_params = Transaction.build_filter_list(search_params, Current.family)
+    session[ransack_session_key] = valid_params
 
     respond_to do |format|
       format.html
diff --git a/app/models/transaction.rb b/app/models/transaction.rb
index c9b9508c..75e4f63c 100644
--- a/app/models/transaction.rb
+++ b/app/models/transaction.rb
@@ -65,6 +65,7 @@ class Transaction < ApplicationRecord
 
   def self.build_filter_list(params, family)
     filters = []
+    valid_params = {}
 
     date_filters = { gteq: nil, lteq: nil }
 
@@ -74,23 +75,35 @@ class Transaction < ApplicationRecord
 
         case key
         when "account_id_in"
-          value.each do |account_id|
-            filters << { type: "account", value: family.accounts.find(account_id), original: { key: key, value: account_id } }
+          valid_accounts = value.select do |account_id|
+            account = family.accounts.find_by(id: account_id)
+            filters << { type: "account", value: account, original: { key: key, value: account_id } } if account.present?
+            account.present?
           end
+          valid_params[key] = valid_accounts unless valid_accounts.empty?
         when "category_id_in"
-          value.each do |category_id|
-            filters << { type: "category", value: family.transaction_categories.find(category_id), original: { key: key, value: category_id } }
+          valid_categories = value.select do |category_id|
+            category = family.transaction_categories.find_by(id: category_id)
+            filters << { type: "category", value: category, original: { key: key, value: category_id } } if category.present?
+            category.present?
           end
+          valid_params[key] = valid_categories unless valid_categories.empty?
         when "merchant_id_in"
-          value.each do |merchant_id|
-            filters << { type: "merchant", value: family.transaction_merchants.find(merchant_id), original: { key: key, value: merchant_id } }
+          valid_merchants = value.select do |merchant_id|
+            merchant = family.transaction_merchants.find_by(id: merchant_id)
+            filters << { type: "merchant", value: merchant, original: { key: key, value: merchant_id } } if merchant.present?
+            merchant.present?
           end
+          valid_params[key] = valid_merchants unless valid_merchants.empty?
         when "category_name_or_merchant_name_or_account_name_or_name_cont"
           filters << { type: "search", value: value, original: { key: key, value: nil } }
+          valid_params[key] = value
         when "date_gteq"
           date_filters[:gteq] = value
+          valid_params[key] = value
         when "date_lteq"
           date_filters[:lteq] = value
+          valid_params[key] = value
         end
       end
 
@@ -99,6 +112,6 @@ class Transaction < ApplicationRecord
       end
     end
 
-    filters
+    [ filters, valid_params ]
   end
 end
diff --git a/app/views/transactions/search_form/_account_filter.html.erb b/app/views/transactions/search_form/_account_filter.html.erb
index 38fbe7c1..f4b2a0f5 100644
--- a/app/views/transactions/search_form/_account_filter.html.erb
+++ b/app/views/transactions/search_form/_account_filter.html.erb
@@ -5,7 +5,7 @@
     <%= lucide_icon("search", class: "w-5 h-5 text-gray-500 absolute inset-y-0 left-2 top-1/2 transform -translate-y-1/2") %>
   </div>
   <div class="my-2" id="list" data-list-filter-target="list">
-    <% Current.family.accounts.each do |account| %>
+    <% Current.family.accounts.alphabetically.each do |account| %>
       <div class="filterable-item flex items-center gap-2 p-2" data-filter-name="<%= account.name %>">
         <%= form.check_box :account_id_in, { multiple: true, class: "rounded-sm border-gray-300 text-indigo-600 shadow-xs focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50" }, account.id, nil %>
         <%= form.label :account_id_in, account.name, value: account.id, class: "text-sm text-gray-900" %>
diff --git a/app/views/transactions/search_form/_category_filter.html.erb b/app/views/transactions/search_form/_category_filter.html.erb
index a90abf86..e680d212 100644
--- a/app/views/transactions/search_form/_category_filter.html.erb
+++ b/app/views/transactions/search_form/_category_filter.html.erb
@@ -5,7 +5,7 @@
     <%= lucide_icon("search", class: "w-5 h-5 text-gray-500 absolute inset-y-0 left-2 top-1/2 transform -translate-y-1/2") %>
   </div>
   <div class="my-2" id="list" data-list-filter-target="list">
-    <% Current.family.transaction_categories.each do |transaction_category| %>
+    <% Current.family.transaction_categories.alphabetically.each do |transaction_category| %>
       <div class="filterable-item flex items-center gap-2 p-2" data-filter-name="<%= transaction_category.name %>">
         <%= form.check_box :category_id_in, { "data-auto-submit-form-target": "auto", multiple: true, class: "rounded-sm border-gray-300 text-indigo-600 shadow-xs focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50" }, transaction_category.id, nil %>
         <%= form.label :category_id_in, transaction_category.name, value: transaction_category.id, class: "text-sm text-gray-900 cursor-pointer" do %>
diff --git a/app/views/transactions/search_form/_merchant_filter.html.erb b/app/views/transactions/search_form/_merchant_filter.html.erb
index 37d55d70..2edb4929 100644
--- a/app/views/transactions/search_form/_merchant_filter.html.erb
+++ b/app/views/transactions/search_form/_merchant_filter.html.erb
@@ -5,7 +5,7 @@
     <%= lucide_icon("search", class: "w-5 h-5 text-gray-500 absolute inset-y-0 left-2 top-1/2 transform -translate-y-1/2") %>
   </div>
   <div class="my-2" id="list" data-list-filter-target="list">
-    <% Current.family.transaction_merchants.each do |merchant| %>
+    <% Current.family.transaction_merchants.alphabetically.each do |merchant| %>
       <div class="filterable-item flex items-center gap-2 p-2" data-filter-name="<%= merchant.name %>">
         <%= form.check_box :merchant_id_in, { multiple: true, class: "rounded-sm border-gray-300 text-indigo-600 shadow-xs focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50" }, merchant.id, nil %>
         <%= form.label :merchant_id_in, merchant.name, value: merchant.id, class: "text-sm text-gray-900" %>