From 9c8ec08e7371776ccce05d5548827386e3743ad3 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Tue, 28 May 2024 13:15:45 -0300
Subject: [PATCH] fix: brakeman

---
 app/controllers/posts_controller.rb | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index bf030ee7..f38ccff3 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -126,7 +126,7 @@ class PostsController < ApplicationController
         @uuid = @post.uuid.value
         @name = params.require(:name)
 
-        render "posts/#{params.require(:attribute)}_value", layout: false
+        render render_path_from_attribute, layout: false
       else
         headers['HX-Retarget'] = "##{params.require(:form)}"
         headers['HX-Reswap'] = 'outerHTML'
@@ -240,4 +240,13 @@ class PostsController < ApplicationController
 
     headers['HX-Trigger'] = triggers.to_json if triggers.present?
   end
+
+  # @return [String]
+  def render_path_from_attribute
+    case params.require(:attribute)
+    when 'new_has_many' then 'posts/new_has_many_value'
+    when 'new_belongs_to' then 'posts/new_belongs_to_value'
+    else 'nothing'
+    end
+  end
 end