ajout des def update et destroy - les tests ne sont pas complets

app/controllers/api/v1/memberships_controller.rb

   end
 
   def create
-    memberId = User.where(username: params[:membership][:username])[0].id
-    teamId = Team.where(name: params[:membership][:team_name])[0].id
+    member_id = User.where(username: params[:membership][:username])[0].id
+    team_id = Team.where(name: params[:membership][:team_name])[0].id
 
-    membership = Membership.new(team_id: teamId, member_id: memberId, can_edit: false)
+    membership = Membership.new(team_id: team_id, member_id: member_id, can_edit: false)
     
     if membership.save
       render json: MembershipSerializer.new(membership).serializable_hash.to_json, status: :created
     else
-      render json: { errors: membership.errors }, status: :unprocessable_entity
+      render json: membership.errors, status: :unprocessable_entity
     end
   end
 
+  def update
+    if @membership.update(memberships_params)
+      render json: MembershipSerializer.new(@membership).serializable_hash.to_json, status: :ok
+    else
+      render json: @membership.errors, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    @membership.destroy
+    head 204
+  end
+
   private
 
   def memberships_params
-    params.require(:membership).permit(:team_id, :member_id, :can_edit)
+    params.require(:membership).permit(:can_edit)
   end
   
   def set_memberships
     @membership = Membership.find(params[:id])
   end
-
 end

app/controllers/api/v1/teams_controller.rb

         render json: TeamSerializer.new(team).serializable_hash.to_json, status: :created
       end
     else 
-      render json: { errors: team.errors }, status: :unprocessable_entity
+      render json: team.errors, status: :unprocessable_entity
     end
   end
 

app/models/membership.rb

 class Membership < ApplicationRecord
-  # validates :member, presence: :true
-  # validates :team, presence: :true
+  attr_readonly :member
+  attr_readonly :team
+
+  validates :member, presence: :true
+  validates :team, presence: :true
   validates_uniqueness_of :member, scope: :team, message: "user already part of this team"
 
   belongs_to :member, class_name: 'User'

test/controllers/api/v1/memberships_controller_test.rb

   setup do
     @membership = memberships(:one)
     @user = users(:one)
+    @user2 = users(:two)
     @team = teams(:one)
+    @team2 = teams(:two)
   end
 
   # INDEX
   #   end
   #   assert_response :created
   # end
-  
 
   test "should forbid create membership" do
     assert_no_difference("Membership.count") do
     end
     assert_response :forbidden
   end
+
+  # UPDATE
+  test "should update membership" do
+    patch api_v1_membership_url(@membership),
+    headers: { Authorization: JsonWebToken.encode(user_id: @user.id) }, 
+    params: { membership: { can_edit: true } },
+    as: :json
+    assert_response :success
+  end
+
+  test "should forbid update membership" do
+    patch api_v1_membership_url(@membership),
+    params: { membership: { can_edit: true } },
+    as: :json
+    assert_response :forbidden
+  end
+
+  # test "should forbid update read_only attributes - team_id" do
+  #   patch api_v1_membership_url(@membership),
+  #   headers: { Authorization: JsonWebToken.encode(user_id: @user.id) }, 
+  #   params: { membership: { team_id: @team2.id } },
+  #   as: :json
+  #   assert_response :unprocessable_entity
+  # end
+
+  # test "should forbid update read_only attributes - member_id" do
+  #   patch api_v1_membership_url(@membership),
+  #   headers: { Authorization: JsonWebToken.encode(user_id: @user.id) }, 
+  #   params: { membership: { member_id: @user2.id } },
+  #   as: :json
+  #   assert_response :unprocessable_entity
+  # end  
+
+  # DESTROY
+  test "should destroy membership" do
+    assert_difference('Membership.count', -1) do
+      delete api_v1_membership_url(@membership), 
+      headers: { Authorization: JsonWebToken.encode(user_id: @user.id) },
+      as: :json
+    end
+    assert_response :no_content
+  end
+
+  test "should forbid destroy membership" do
+    assert_no_difference('Membership.count') do
+      delete api_v1_membership_url(@membership), as: :json
+    end
+    assert_response :forbidden
+  end
 end

test/models/membership_test.rb

 
 class MembershipTest < ActiveSupport::TestCase
   setup do
+    @membership = memberships(:one)
     @user = users(:one)
     @user2 = users(:two)
     @team = teams(:one)
     membership = Membership.new(member_id: @user.id, team_id: @team.id, can_edit: true)
     assert_not membership.valid?
   end
+
+  test "membership team & member id should not be updated" do
+    # How to perfom this test ?
+  end
 end