From bc8c005d6186c56054fc68d8281e67ba8efb76cc Mon Sep 17 00:00:00 2001
From: Anton Khorev <tony29@yandex.ru>
Date: Thu, 24 Oct 2024 04:46:57 +0300
Subject: [PATCH] Add destroy note subscription api endpoint

---
 app/abilities/api_capability.rb               |  2 +-
 .../api/note_subscriptions_controller.rb      |  6 ++
 config/routes.rb                              |  2 +-
 .../api/note_subscriptions_controller_test.rb | 58 ++++++++++++++++++-
 4 files changed, 65 insertions(+), 3 deletions(-)

diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb
index dade7f6fec..0e953d50b1 100644
--- a/app/abilities/api_capability.rb
+++ b/app/abilities/api_capability.rb
@@ -9,7 +9,7 @@ def initialize(token)
 
       if user&.active?
         can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes)
-        can :create, NoteSubscription if scope?(token, :write_notes)
+        can [:create, :destroy], NoteSubscription if scope?(token, :write_notes)
         can [:show, :data], Trace if scope?(token, :read_gpx)
         can [:create, :update, :destroy], Trace if scope?(token, :write_gpx)
         can [:details], User if scope?(token, :read_prefs)
diff --git a/app/controllers/api/note_subscriptions_controller.rb b/app/controllers/api/note_subscriptions_controller.rb
index a616b57da8..b307c3d9b8 100644
--- a/app/controllers/api/note_subscriptions_controller.rb
+++ b/app/controllers/api/note_subscriptions_controller.rb
@@ -12,5 +12,11 @@ def create
     rescue ActiveRecord::RecordNotUnique
       head :conflict
     end
+
+    def destroy
+      note_id = params[:note_id].to_i
+      count = NoteSubscription.where(:user => current_user, :note => note_id).delete_all
+      head :not_found if count.zero?
+    end
   end
 end
diff --git a/config/routes.rb b/config/routes.rb
index 44c324da6b..60004007e4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -109,7 +109,7 @@
         post "reopen"
       end
 
-      resource :subscription, :only => :create, :controller => "note_subscriptions"
+      resource :subscription, :only => [:create, :destroy], :controller => "note_subscriptions"
     end
 
     resources :user_blocks, :only => :show, :id => /\d+/, :controller => "user_blocks"
diff --git a/test/controllers/api/note_subscriptions_controller_test.rb b/test/controllers/api/note_subscriptions_controller_test.rb
index 42aed47f46..405d59db82 100644
--- a/test/controllers/api/note_subscriptions_controller_test.rb
+++ b/test/controllers/api/note_subscriptions_controller_test.rb
@@ -7,6 +7,10 @@ def test_routes
         { :path => "/api/0.6/notes/1/subscription", :method => :post },
         { :controller => "api/note_subscriptions", :action => "create", :note_id => "1" }
       )
+      assert_routing(
+        { :path => "/api/0.6/notes/1/subscription", :method => :delete },
+        { :controller => "api/note_subscriptions", :action => "destroy", :note_id => "1" }
+      )
     end
 
     def test_create
@@ -21,7 +25,6 @@ def test_create
           assert_response :success
         end
       end
-      assert_response :success
       assert_equal user, note.subscribers.last
     end
 
@@ -72,5 +75,58 @@ def test_create_fail_already_subscribed
         end
       end
     end
+
+    def test_destroy
+      user = create(:user)
+      auth_header = bearer_authorization_header user
+      note = create(:note_with_comments)
+      create(:note_subscription, :user => user, :note => note)
+      assert_equal [user], note.subscribers
+
+      assert_difference "NoteSubscription.count", -1 do
+        assert_difference "note.subscribers.count", -1 do
+          delete api_note_subscription_path(note), :headers => auth_header
+          assert_response :success
+        end
+      end
+    end
+
+    def test_destroy_fail_anonymous
+      note = create(:note_with_comments)
+
+      delete api_note_subscription_path(note)
+      assert_response :unauthorized
+    end
+
+    def test_destroy_fail_no_scope
+      user = create(:user)
+      auth_header = bearer_authorization_header user, :scopes => %w[read_prefs]
+      note = create(:note_with_comments)
+      create(:note_subscription, :user => user, :note => note)
+
+      assert_no_difference "NoteSubscription.count" do
+        assert_no_difference "note.subscribers.count" do
+          delete api_note_subscription_path(note), :headers => auth_header
+          assert_response :forbidden
+        end
+      end
+    end
+
+    def test_destroy_fail_note_not_found
+      user = create(:user)
+      auth_header = bearer_authorization_header user
+
+      delete api_note_subscription_path(999111), :headers => auth_header
+      assert_response :not_found
+    end
+
+    def test_destroy_fail_not_subscribed
+      user = create(:user)
+      auth_header = bearer_authorization_header user
+      note = create(:note_with_comments)
+
+      delete api_note_subscription_path(note), :headers => auth_header
+      assert_response :not_found
+    end
   end
 end