diff --git a/app/services/types_de_champ_service.rb b/app/services/types_de_champ_service.rb index efb546009..93314fbf7 100644 --- a/app/services/types_de_champ_service.rb +++ b/app/services/types_de_champ_service.rb @@ -33,7 +33,9 @@ class TypesDeChampService private def self.order_champs(params, attributes) - tdcas = params[:procedure][attributes].to_a + # It's OK to use an unsafe hash here because the params will then go through + # require / permit methods in the method before this one + tdcas = params[:procedure][attributes].to_unsafe_hash.to_a .map { |_hash_index, tdca| tdca } tdcas diff --git a/spec/controllers/new_gestionnaire/procedures_controller_spec.rb b/spec/controllers/new_gestionnaire/procedures_controller_spec.rb index 3f79fd866..aca6bec8b 100644 --- a/spec/controllers/new_gestionnaire/procedures_controller_spec.rb +++ b/spec/controllers/new_gestionnaire/procedures_controller_spec.rb @@ -16,7 +16,7 @@ describe NewGestionnaire::ProceduresController, type: :controller do let(:gestionnaire) { create(:gestionnaire) } before do - @controller.params[:procedure_id] = asked_procedure.id + @controller.params = @controller.params.merge(procedure_id: asked_procedure.id) expect(@controller).to receive(:current_gestionnaire).and_return(gestionnaire) allow(@controller).to receive(:redirect_to) diff --git a/spec/controllers/new_user/dossiers_controller_spec.rb b/spec/controllers/new_user/dossiers_controller_spec.rb index 360a7548f..e3807bcb8 100644 --- a/spec/controllers/new_user/dossiers_controller_spec.rb +++ b/spec/controllers/new_user/dossiers_controller_spec.rb @@ -18,7 +18,7 @@ describe NewUser::DossiersController, type: :controller do let(:user) { create(:user) } before do - @controller.params[:dossier_id] = asked_dossier.id + @controller.params = @controller.params.merge(dossier_id: asked_dossier.id) expect(@controller).to receive(:current_user).and_return(user) allow(@controller).to receive(:redirect_to)