From 26ee8342143686e81e1c9903ae2f66f2fddbacc2 Mon Sep 17 00:00:00 2001 From: Lou Date: Tue, 27 Apr 2021 16:07:17 +0200 Subject: [PATCH] Adds def update to activity controller, and unit tests --- .../api/v1/activities_controller.rb | 13 ++++++++++ .../api/v1/activities_controller_test.rb | 26 ++++++++++++++++++- test/fixtures/users.yml | 5 ++++ 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/v1/activities_controller.rb b/app/controllers/api/v1/activities_controller.rb index e854551..eb2ecd8 100644 --- a/app/controllers/api/v1/activities_controller.rb +++ b/app/controllers/api/v1/activities_controller.rb @@ -1,6 +1,7 @@ class Api::V1::ActivitiesController < ApplicationController before_action :set_activity, only: %i[show update destroy] before_action :check_login + before_action :check_owner, only: %i[update] def index render json: Activity.all @@ -19,6 +20,14 @@ class Api::V1::ActivitiesController < ApplicationController end end + def update + if @activity.update(activity_params) + render json: @product + else + render json: @product.erros, status: :unprocessable_entity + end + end + private # Only allow a trusted parameter "white list" through. @@ -29,4 +38,8 @@ class Api::V1::ActivitiesController < ApplicationController def set_activity @activity = Activity.find(params[:id]) end + + def check_owner + head :forbidden unless @activity.author_id == current_user&.id + end end diff --git a/test/controllers/api/v1/activities_controller_test.rb b/test/controllers/api/v1/activities_controller_test.rb index 3b18750..731f8c3 100644 --- a/test/controllers/api/v1/activities_controller_test.rb +++ b/test/controllers/api/v1/activities_controller_test.rb @@ -52,4 +52,28 @@ class Api::V1::ActivitiesControllerTest < ActionDispatch::IntegrationTest end assert_response :forbidden end -end + + #UPDATE + test "should update activity" do + patch api_v1_activity_url(@activity), + params: { activity: { name: "Updated name" } }, + headers: { Authorization: JsonWebToken.encode(user_id: @activity.author_id) }, + as: :json + assert_response :success + end + + test "should forbid update activity - not connected" do + patch api_v1_activity_url(@activity), + params: { activity: { name: "Updated name" } }, + as: :json + assert_response :forbidden + end + + test "should forbid update activity - not owner" do + patch api_v1_activity_url(@activity), + params: { activity: { name: "Updated name" } }, + headers: { Authorization: JsonWebToken.encode(user_id: users(:two).id) }, + as: :json + assert_response :forbidden + end +end \ No newline at end of file diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 8fc06ce..33aff36 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -3,4 +3,9 @@ one: email: one@one.com username: OneUsername + password_digest: <%= BCrypt::Password.create('g00d_pa$$') %> + +two: + email: two@two.com + username: TwoUsername password_digest: <%= BCrypt::Password.create('g00d_pa$$') %> \ No newline at end of file