Adds def update to activity controller, and unit tests

2021-04-27 16:07:17 +02:00 · 2021-04-27 16:07:17 +02:00 · 26ee834214
commit 26ee834214
parent 7249e53c27
3 changed files with 43 additions and 1 deletions
--- a/app/controllers/api/v1/activities_controller.rb
+++ b/app/controllers/api/v1/activities_controller.rb
@ -1,6 +1,7 @@
 class Api::V1::ActivitiesController < ApplicationController
  before_action :set_activity, only: %i[show update destroy]
  before_action :check_login
+  before_action :check_owner, only: %i[update]

  def index
    render json: Activity.all
@ -19,6 +20,14 @@ class Api::V1::ActivitiesController < ApplicationController
    end
  end

+  def update
+    if @activity.update(activity_params)
+      render json: @product
+    else
+      render json: @product.erros, status: :unprocessable_entity
+    end
+  end
+
  private

  # Only allow a trusted parameter "white list" through.
@ -29,4 +38,8 @@ class Api::V1::ActivitiesController < ApplicationController
  def set_activity
    @activity = Activity.find(params[:id])
  end
+
+  def check_owner
+    head :forbidden unless @activity.author_id == current_user&.id
+  end
 end
--- a/test/controllers/api/v1/activities_controller_test.rb
+++ b/test/controllers/api/v1/activities_controller_test.rb
@ -52,4 +52,28 @@ class Api::V1::ActivitiesControllerTest < ActionDispatch::IntegrationTest
    end
    assert_response :forbidden
  end
-end
+
+  #UPDATE
+  test "should update activity" do
+    patch api_v1_activity_url(@activity),
+    params: { activity: { name: "Updated name" } },
+    headers: { Authorization: JsonWebToken.encode(user_id: @activity.author_id) },
+    as: :json
+    assert_response :success
+  end
+
+  test "should forbid update activity - not connected" do
+    patch api_v1_activity_url(@activity),
+    params: { activity: { name: "Updated name" } },
+    as: :json
+    assert_response :forbidden
+  end
+
+  test "should forbid update activity - not owner" do
+    patch api_v1_activity_url(@activity),
+    params: { activity: { name: "Updated name" } },
+    headers: { Authorization: JsonWebToken.encode(user_id: users(:two).id) },
+    as: :json
+    assert_response :forbidden
+  end
+end
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@ -3,4 +3,9 @@
 one:
  email: one@one.com
  username: OneUsername
+  password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>
+
+two:
+  email: two@two.com
+  username: TwoUsername
  password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>