From 3ecf7943b36836b9f0337aa9d7c8f48992293ae8 Mon Sep 17 00:00:00 2001 From: Anton Khorev Date: Thu, 24 Oct 2024 04:11:37 +0300 Subject: [PATCH] Add create note subscription api endpoint --- app/abilities/api_capability.rb | 1 + .../api/note_subscriptions_controller.rb | 16 ++++ config/routes.rb | 2 + .../api/note_subscriptions_controller_test.rb | 76 +++++++++++++++++++ 4 files changed, 95 insertions(+) create mode 100644 app/controllers/api/note_subscriptions_controller.rb create mode 100644 test/controllers/api/note_subscriptions_controller_test.rb diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb index d8be136438..dade7f6fec 100644 --- a/app/abilities/api_capability.rb +++ b/app/abilities/api_capability.rb @@ -9,6 +9,7 @@ def initialize(token) if user&.active? can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes) + can :create, NoteSubscription if scope?(token, :write_notes) can [:show, :data], Trace if scope?(token, :read_gpx) can [:create, :update, :destroy], Trace if scope?(token, :write_gpx) can [:details], User if scope?(token, :read_prefs) diff --git a/app/controllers/api/note_subscriptions_controller.rb b/app/controllers/api/note_subscriptions_controller.rb new file mode 100644 index 0000000000..a616b57da8 --- /dev/null +++ b/app/controllers/api/note_subscriptions_controller.rb @@ -0,0 +1,16 @@ +module Api + class NoteSubscriptionsController < ApiController + before_action :check_api_writable + before_action :authorize + + authorize_resource + + def create + note_id = params[:note_id].to_i + note = Note.find(note_id) + note.subscribers << current_user + rescue ActiveRecord::RecordNotUnique + head :conflict + end + end +end diff --git a/config/routes.rb b/config/routes.rb index 22c4ad6421..44c324da6b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -108,6 +108,8 @@ post "close" post "reopen" end + + resource :subscription, :only => :create, :controller => "note_subscriptions" end resources :user_blocks, :only => :show, :id => /\d+/, :controller => "user_blocks" diff --git a/test/controllers/api/note_subscriptions_controller_test.rb b/test/controllers/api/note_subscriptions_controller_test.rb new file mode 100644 index 0000000000..42aed47f46 --- /dev/null +++ b/test/controllers/api/note_subscriptions_controller_test.rb @@ -0,0 +1,76 @@ +require "test_helper" + +module Api + class NoteSubscriptionsControllerTest < ActionDispatch::IntegrationTest + def test_routes + assert_routing( + { :path => "/api/0.6/notes/1/subscription", :method => :post }, + { :controller => "api/note_subscriptions", :action => "create", :note_id => "1" } + ) + end + + def test_create + user = create(:user) + auth_header = bearer_authorization_header user + note = create(:note_with_comments) + assert_empty note.subscribers + + assert_difference "NoteSubscription.count", 1 do + assert_difference "note.subscribers.count", 1 do + post api_note_subscription_path(note), :headers => auth_header + assert_response :success + end + end + assert_response :success + assert_equal user, note.subscribers.last + end + + def test_create_fail_anonymous + note = create(:note_with_comments) + + assert_no_difference "NoteSubscription.count" do + assert_no_difference "note.subscribers.count" do + post api_note_subscription_path(note) + assert_response :unauthorized + end + end + end + + def test_create_fail_no_scope + user = create(:user) + auth_header = bearer_authorization_header user, :scopes => %w[read_prefs] + note = create(:note_with_comments) + + assert_no_difference "NoteSubscription.count" do + assert_no_difference "note.subscribers.count" do + post api_note_subscription_path(note), :headers => auth_header + assert_response :forbidden + end + end + end + + def test_create_fail_note_not_found + user = create(:user) + auth_header = bearer_authorization_header user + + assert_no_difference "NoteSubscription.count" do + post api_note_subscription_path(999111), :headers => auth_header + assert_response :not_found + end + end + + def test_create_fail_already_subscribed + user = create(:user) + auth_header = bearer_authorization_header user + note = create(:note_with_comments) + create(:note_subscription, :user => user, :note => note) + + assert_no_difference "NoteSubscription.count" do + assert_no_difference "note.subscribers.count" do + post api_note_subscription_path(note), :headers => auth_header + assert_response :conflict + end + end + end + end +end