From 08d2ae59a5f5ecc446f5df3d6153800ab9ad3daf Mon Sep 17 00:00:00 2001
From: Thor77 <thor77@thor77.org>
Date: Tue, 16 Apr 2019 13:22:16 +0200
Subject: [PATCH] Check teams array before calling create method

---
 app/controllers/tournaments_controller.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb
index 94e98c0..55143ab 100644
--- a/app/controllers/tournaments_controller.rb
+++ b/app/controllers/tournaments_controller.rb
@@ -4,6 +4,7 @@ class TournamentsController < ApplicationController
   before_action :set_tournament, only: %i[show update destroy]
   before_action :authenticate_user!, only: %i[create update destroy]
   before_action -> { require_owner! @tournament.owner }, only: %i[update destroy]
+  before_action :validate_create_params, only: %i[create]
   rescue_from ActiveRecord::RecordNotFound, with: :render_not_found_error
 
   # GET /tournaments
@@ -71,4 +72,11 @@ class TournamentsController < ApplicationController
   def tournament_params
     params.slice(:name, :description, :public, :teams).permit!
   end
+
+  def validate_create_params
+    teams = params['teams']
+    return if teams.is_a?(Array) && teams.reject { |t| t.is_a? ActionController::Parameters }.count.zero?
+
+    render json: { error: 'Invalid teams array' }, status: :unprocessable_entity
+  end
 end