trying to update a pinned link to an invalid state should be a 400 status response

Author: Oaphi

app/controllers/pinned_links_controller.rb

@@ -49,13 +49,20 @@ def edit; end
 
   def update
     before = @link.attributes_print
-    @link.update pinned_link_params
-    after = @link.attributes_print
-    AuditLog.moderator_audit(event_type: 'pinned_link_update', related: @link, user: current_user,
-                             comment: "from <<PinnedLink #{before}>>\nto <<PinnedLink #{after}>>")
 
-    flash[:success] = 'The pinned link has been updated. Due to caching, it may take some time until it is shown.'
-    redirect_to pinned_links_path
+    if @link.update(pinned_link_params)
+      after = @link.attributes_print
+
+      AuditLog.moderator_audit(event_type: 'pinned_link_update',
+                               related: @link,
+                               user: current_user,
+                               comment: "from <<PinnedLink #{before}>>\nto <<PinnedLink #{after}>>")
+
+      flash[:success] = 'The pinned link has been updated. Due to caching, it may take some time until it is shown.'
+      redirect_to pinned_links_path
+    else
+      render 'pinned_links/edit', status: :bad_request
+    end
   end
 
   private

test/controllers/pinned_links_controller_test.rb

@@ -61,6 +61,13 @@ class PinnedLinksControllerTest < ActionController::TestCase
     assert_equal 'updated label', assigns(:link).label
   end
 
+  test 'update should correctly handle invlid pinned links' do
+    sign_in users(:moderator)
+    try_update_pinned_link(pinned_links(:active_with_label), link: nil)
+    assert_response(:bad_request)
+    assert assigns(:link)&.errors&.any?
+  end
+
   private
 
   def try_create_pinned_link(**opts)