diff --git a/app/controllers/api/public/v1/courses_controller.rb b/app/controllers/api/public/v1/courses_controller.rb index 42e2cab42d..dbf8ac2fa2 100644 --- a/app/controllers/api/public/v1/courses_controller.rb +++ b/app/controllers/api/public/v1/courses_controller.rb @@ -16,10 +16,12 @@ def index private def cached_course_count - if params[:no_cache] + year = permitted[:recruitment_cycle_year] || RecruitmentCycle.current.year + + if permitted[:no_cache] courses.count('course.id') else - Rails.cache.fetch('api_course_count', expires_in: 5.minutes) do + Rails.cache.fetch("api_course_count_#{year}", expires_in: 5.minutes) do courses.count('course.id') end end @@ -27,14 +29,18 @@ def cached_course_count def courses @courses ||= APICourseSearchService.call( - filter: params[:filter], - sort: params[:sort], + filter: permitted[:filter], + sort: permitted[:sort], course_scope: recruitment_cycle.courses ) end def include_param - params.fetch(:include, '') + permitted.fetch(:include, '') + end + + def permitted + params.permit('page', 'no_cache', 'sort', 'per_page', 'courses', 'recruitment_cycle_year', 'include', 'filter' => %w[updated_since funding_type]) end end end