From 697f8d934e30bfbcfeb77fdbd87447dbdc8f1c45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Gaya?= <sebastien.gaya@gmail.com>
Date: Fri, 8 Dec 2023 14:04:57 +0100
Subject: [PATCH] clean

---
 app/services/polymorphic_object_finder.rb | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/app/services/polymorphic_object_finder.rb b/app/services/polymorphic_object_finder.rb
index 214cc5522..4e44c6458 100644
--- a/app/services/polymorphic_object_finder.rb
+++ b/app/services/polymorphic_object_finder.rb
@@ -10,10 +10,22 @@ class PolymorphicObjectFinder
   def self.find(params, key:, university:, only: [])
     key_id = "#{key}_id".to_sym
     key_type = "#{key}_type".to_sym
-    model_name = only.any? ? only.detect { |item| item == params[key_type] } : params[key_type]
+    model_name = self.find_model_name(params, key_type, only)
     return if model_name.nil?
+
     model = model_name.constantize
     id = params[key_id]
     model.where(university: university).find(id)
   end
+
+  private
+
+  def self.find_model_name(params, key_type, only)
+    if only.any?
+      # Whitelist user input
+      only.detect { |item| item == params[key_type] }
+    else
+      params[key_type]
+    end
+  end
 end
\ No newline at end of file
-- 
GitLab