From 4fc54d69a9e61cd8c5b9b6792c7454adfb6a1291 Mon Sep 17 00:00:00 2001 From: Olalekan Eyiowuawi Date: Tue, 18 Oct 2016 12:09:07 +0100 Subject: [PATCH 1/3] finish appove proverb --- app/controllers/api/v1/proverbs_controller.rb | 7 ++++++- app/models/ability.rb | 2 +- config/routes.rb | 4 +++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/proverbs_controller.rb b/app/controllers/api/v1/proverbs_controller.rb index 9985114..d0a70b4 100644 --- a/app/controllers/api/v1/proverbs_controller.rb +++ b/app/controllers/api/v1/proverbs_controller.rb @@ -1,7 +1,7 @@ module Api module V1 class ProverbsController < ApplicationController - before_action :set_proverb, only: [:show, :update, :destroy, :translations] + before_action :set_proverb, only: [:show, :update, :destroy, :translations, :approve] before_action :check_tags, only: [:create] before_action :authenticate, except: [:index, :show] before_action :set_locale @@ -38,6 +38,11 @@ def destroy head :no_content end + def approve + @proverb.update_attribute(:status, "approved") + render json: @proverb, status: 200 + end + private def set_locale diff --git a/app/models/ability.rb b/app/models/ability.rb index fc6cff4..c2fb53e 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -6,7 +6,7 @@ def initialize(user) # user ||= User.new # guest user (not logged in) - alias_action :create, :update, :destroy, to: :moderate + alias_action :create, :update, :destroy, :approve to: :moderate alias_action :create, :update, to: :regular_user_crud diff --git a/config/routes.rb b/config/routes.rb index 3f00fbd..7e28f6f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,7 +2,9 @@ namespace :api, default: { format: :json } do namespace :v1 do scope "/:locale" do - resources :proverbs, except: [:new, :edit] + resources :proverbs, except: [:new, :edit] do + get "approve", on: :member + end end post "/auth/login", to: "auth#login" get "/auth/logout", to: "auth#logout" From 13899df55ffb0cfd2145fb5136027465d793a45f Mon Sep 17 00:00:00 2001 From: Olalekan Eyiowuawi Date: Tue, 18 Oct 2016 13:35:35 +0100 Subject: [PATCH 2/3] add request specs for proverb approval --- app/controllers/api/v1/proverbs_controller.rb | 1 + app/controllers/application_controller.rb | 6 ++-- app/models/ability.rb | 3 +- spec/factories/users.rb | 2 +- spec/requests/proverbs_spec.rb | 33 +++++++++++++++++-- 5 files changed, 38 insertions(+), 7 deletions(-) diff --git a/app/controllers/api/v1/proverbs_controller.rb b/app/controllers/api/v1/proverbs_controller.rb index d0a70b4..3fed93b 100644 --- a/app/controllers/api/v1/proverbs_controller.rb +++ b/app/controllers/api/v1/proverbs_controller.rb @@ -5,6 +5,7 @@ class ProverbsController < ApplicationController before_action :check_tags, only: [:create] before_action :authenticate, except: [:index, :show] before_action :set_locale + load_and_authorize_resource def index proverbs = Proverb.paginate(params) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index cd62c78..6192f31 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,12 +1,14 @@ class ApplicationController < ActionController::API include CanCan::ControllerAdditions - rescue_from ActiveRecord::RecordNotFound do render json: { Error: "Resource not found" }, status: 404 end + rescue_from CanCan::AccessDenied do + render json: { Error: " Tah!! You are not authorized" }, status: 403 + end attr_reader :current_user, :token - + helper_method :current_user def no_route_found found = { Error: "The end point you requested does not exist.", Debug: "Please check the documentation for existing end points" } diff --git a/app/models/ability.rb b/app/models/ability.rb index c2fb53e..144875f 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -6,7 +6,7 @@ def initialize(user) # user ||= User.new # guest user (not logged in) - alias_action :create, :update, :destroy, :approve to: :moderate + alias_action :create, :update, :destroy, :approve, to: :moderate alias_action :create, :update, to: :regular_user_crud @@ -15,7 +15,6 @@ def initialize(user) if user.admin? can :manage, :all end - if user.moderator? can :moderate, Proverb can :manage, User, id: user.id diff --git a/spec/factories/users.rb b/spec/factories/users.rb index f71312e..f81a2cf 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -4,6 +4,6 @@ username { Faker::Name.name } first_name { Faker::Name.first_name } last_name { Faker::Name.last_name } - fb_id Faker::Number.digit + fb_id { Faker::Number.digit } end end diff --git a/spec/requests/proverbs_spec.rb b/spec/requests/proverbs_spec.rb index 41f3c42..990d800 100644 --- a/spec/requests/proverbs_spec.rb +++ b/spec/requests/proverbs_spec.rb @@ -2,8 +2,8 @@ RSpec.describe Api::V1::ProverbsController, type: :request do before(:each) { I18n.locale = :en } - let(:user) { create(:user) } - let!(:valid_session) { login(user) } + let(:user) { create(:user, user_type: 1) } + let(:valid_session) { login(user) } let(:valid_attributes) { attributes_for(:proverb) } let(:invalid_attributes) { attributes_for(:proverb, :invalid) } @@ -294,4 +294,33 @@ expect(response).to have_http_status(204) end end + + describe "approve" do + let!(:proverb) { create(:proverb) } + context "when user is a moderator" do + it " updates the status of the proverb" do + get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, valid_session + expect(JSON.parse(response.body)["status"]).to eq "approved" + end + end + + context "when user is an admin" do + let(:user_admin) { create(:user, user_type: 2)} + let(:valid_admin_session) { login(user_admin) } + it " updates the status of the proverb" do + get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, valid_admin_session + expect(JSON.parse(response.body)["status"]).to eq "approved" + end + end + + context "when user is a regular user" do + let(:user_regular) { create(:user)} + let(:valid_regular_session) { login(user_regular) } + it " updates the status of the proverb" do + get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, valid_regular_session + expect(response).to have_http_status(403) + end + end + + end end From 7cefdbd174f127bc4d1cb65652797ff56727e6ae Mon Sep 17 00:00:00 2001 From: Olalekan Eyiowuawi Date: Tue, 18 Oct 2016 15:53:45 +0100 Subject: [PATCH 3/3] refactor specs --- app/models/ability.rb | 1 - spec/requests/proverbs_spec.rb | 40 +++++++++++++++------------------- 2 files changed, 17 insertions(+), 24 deletions(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index 144875f..2928af7 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -11,7 +11,6 @@ def initialize(user) alias_action :create, :update, to: :regular_user_crud can :read, Proverb - if user.admin? can :manage, :all end diff --git a/spec/requests/proverbs_spec.rb b/spec/requests/proverbs_spec.rb index 990d800..0155722 100644 --- a/spec/requests/proverbs_spec.rb +++ b/spec/requests/proverbs_spec.rb @@ -2,9 +2,11 @@ RSpec.describe Api::V1::ProverbsController, type: :request do before(:each) { I18n.locale = :en } - let(:user) { create(:user, user_type: 1) } - let(:valid_session) { login(user) } + let(:user) { create(:user) } + let!(:valid_session) { login(user) } + let!(:admin) { create(:user, user_type: 2) } + let(:admin_session) { login(admin) } let(:valid_attributes) { attributes_for(:proverb) } let(:invalid_attributes) { attributes_for(:proverb, :invalid) } @@ -198,7 +200,7 @@ post( "/api/v1/en/proverbs/", proverbs_with_translations_params, - valid_session + admin_session ) end.to change(Proverb, :count).by(1) expect(response).to have_http_status(201) @@ -208,7 +210,7 @@ post( "/api/v1/en/proverbs/", proverbs_with_translations_params, - valid_session + admin_session ) expect(assigns(:proverb)).to be_a(Proverb) expect(assigns(:proverb)).to be_persisted @@ -222,7 +224,7 @@ it "creates translations in translations array" do post( "/api/v1/en/proverbs/", proverbs_with_translations_params, - valid_session + admin_session ) expect(assigns(:proverb)).to be_persisted expect(assigns(:proverb).translations.size).to eq 1 @@ -232,7 +234,7 @@ context "with invalid params" do it "assigns a newly created but unsaved proverb as @proverb" do - post "/api/v1/en/proverbs/", { proverb: invalid_attributes.merge!(all_tags: ["life"]) }, valid_session + post "/api/v1/en/proverbs/", { proverb: invalid_attributes.merge!(all_tags: ["life"]) }, admin_session expect(assigns(:proverb)).to be_a_new(Proverb) end end @@ -242,7 +244,7 @@ post( "/api/v1/en/proverbs/", { proverb: valid_attributes.merge!(all_tags: "wisdom, life") }, - valid_session + admin_session ) expect(JSON.parse(response.body)["tag_error"]).to eq "tags must be in an array" end @@ -255,7 +257,7 @@ it "updates the requested proverb" do proverb = create(:proverb) - put "/api/v1/en/proverbs/#{proverb.id}", { proverb: new_attributes }, valid_session + put "/api/v1/en/proverbs/#{proverb.id}", { proverb: new_attributes }, admin_session proverb.reload expect(assigns(:proverb).body).to eq("This is a new proverb body") expect(response).to have_http_status(200) @@ -263,7 +265,7 @@ it "assigns the requested proverb as @proverb" do proverb = create(:proverb) - put "/api/v1/en/proverbs/#{proverb.id}", { proverb: valid_attributes }, valid_session + put "/api/v1/en/proverbs/#{proverb.id}", { proverb: valid_attributes }, admin_session expect(assigns(:proverb)).to eq(proverb) expect(response).to have_http_status(200) end @@ -272,7 +274,7 @@ context "with invalid params" do it "assigns the proverb as @proverb" do proverb = create(:proverb) - put "/api/v1/en/proverbs/#{proverb.id}", { proverb: invalid_attributes }, valid_session + put "/api/v1/en/proverbs/#{proverb.id}", { proverb: invalid_attributes }, admin_session expect(assigns(:proverb)).to eq(proverb) expect(response).to have_http_status(422) end @@ -283,41 +285,33 @@ it "destroys the requested proverb" do proverb = create(:proverb) expect do - delete "/api/v1/en/proverbs/#{proverb.id}", {}, valid_session + delete "/api/v1/en/proverbs/#{proverb.id}", {}, admin_session end.to change(Proverb, :count).by(-1) expect(response).to have_http_status(204) end it "redirects to the proverbs list" do proverb = create(:proverb) - delete "/api/v1/en/proverbs/#{proverb.id}", {}, valid_session + delete "/api/v1/en/proverbs/#{proverb.id}", {}, admin_session expect(response).to have_http_status(204) end end describe "approve" do let!(:proverb) { create(:proverb) } - context "when user is a moderator" do - it " updates the status of the proverb" do - get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, valid_session - expect(JSON.parse(response.body)["status"]).to eq "approved" - end - end context "when user is an admin" do let(:user_admin) { create(:user, user_type: 2)} let(:valid_admin_session) { login(user_admin) } it " updates the status of the proverb" do - get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, valid_admin_session + get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, admin_session expect(JSON.parse(response.body)["status"]).to eq "approved" end end context "when user is a regular user" do - let(:user_regular) { create(:user)} - let(:valid_regular_session) { login(user_regular) } - it " updates the status of the proverb" do - get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, valid_regular_session + it "returns an authorized status code" do + get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, valid_session expect(response).to have_http_status(403) end end