Return 404 for invalid or cross-family tag deletions

[cleanjunc]

What

Tag::DeletionsController used find_by to look up both the tag and its replacement. A missing id or a tag from another family left @tag as nil, so create called replace_and_destroy! on nil and raised NoMethodError, returning an HTTP 500. The same flaw let an invalid replacement_tag_id silently pass nil into the deletion.

This switches the lookups to find, matching the existing Category::DeletionsController, so out-of-scope ids now return a clean 404.

Changes

• Look up the tag with find so missing or cross-family ids raise RecordNotFound (404).
• Guard the optional replacement lookup with present? and find, keeping the "no replacement" case valid while rejecting invalid ids.
• Add controller tests covering an invalid or cross-family tag_id and an invalid replacement_tag_id.

Why

The behavior now mirrors Category::DeletionsController, keeping tag and category deletion consistent and ensuring family scoping returns 404 rather than leaking a server error.

Testing

bin/rails test test/controllers/tag/deletions_controller_test.rb

Fixes #2469

Summary by CodeRabbit

• Bug Fixes
  • Improved error handling for tag deletion operations. The system now properly rejects requests with invalid or non-existent tags and replacement tags, returning appropriate error responses and ensuring data integrity is protected from incomplete operations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8b9f868b-7e80-4d35-a1da-a7d5899346d0

📥 Commits

Reviewing files that changed from the base of the PR and between fdcd0c7 and 65c4ce6.

📒 Files selected for processing (2)

• app/controllers/tag/deletions_controller.rb
• test/controllers/tag/deletions_controller_test.rb

---

📝 Walkthrough

Walkthrough

Tag::DeletionsController#set_tag switches from find_by to find, raising ActiveRecord::RecordNotFound for missing or cross-family tags. set_replacement_tag now queries only when params[:replacement_tag_id] is present. Two integration tests cover both invalid-input cases.

Changes

Tag deletion 404 fix

Layer / File(s)	Summary
set_tag and set_replacement_tag lookup hardening app/controllers/tag/deletions_controller.rb	set_tag uses find instead of find_by, raising RecordNotFound for missing or cross-family tags. set_replacement_tag conditionally queries only when the parameter is present, preventing a silent nil from reaching replace_and_destroy!.
Integration tests for invalid inputs test/controllers/tag/deletions_controller_test.rb	Two new tests assert that a cross-family tag_id and a nonexistent replacement_tag_id each return :not_found and leave the Tag count unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

A rabbit once fetched with find_by,
And got back a nil — oh my!
Now find takes the stage,
A 404 cage,
No more 500s flying by! 🐇✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and directly summarizes the main change: fixing error handling for invalid or cross-family tag deletions to return 404 instead of 500.
Linked Issues check	✅ Passed	The PR fully addresses the requirements in #2469: replacing find_by with find for @tag lookup to raise RecordNotFound for invalid/cross-family tags, guarding replacement_tag lookup with present? check, and adding tests for both invalid tag_id and invalid replacement_tag_id scenarios.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the tag deletion error handling issue in the controller and adding corresponding test coverage, with no unrelated modifications present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[superagent-security]

Superagent didn't find any vulnerabilities or security issues in this PR.