Add patch

4 years ago · 4e223af45d
2 changed files with 32 additions and 8 deletions
--- a/app/controllers/case_logs_controller.rb
+++ b/app/controllers/case_logs_controller.rb
@ -1,6 +1,6 @@
 class CaseLogsController < ApplicationController
-  skip_before_action :verify_authenticity_token, if: :json_create_request?
-  before_action :authenticate, if: :json_create_request?
+  skip_before_action :verify_authenticity_token, if: :json_api_request?
+  before_action :authenticate, if: :json_api_request?

  def index
    @submitted_case_logs = CaseLog.where(status: 1)
@ -8,7 +8,7 @@ class CaseLogsController < ApplicationController
  end

  def create
-    case_log = CaseLog.create(create_params)
+    case_log = CaseLog.create(api_case_log_params)
    respond_to do |format|
      format.html { redirect_to case_log }
      format.json do
@ -21,6 +21,15 @@ class CaseLogsController < ApplicationController
    end
  end

+  def update
+    @case_log = CaseLog.find(params[:id])
+    if @case_log.update(api_case_log_params)
+      render json: @case_log, status: :ok
+    else
+      render json: { errors: @case_log.errors.full_messages }, status: :unprocessable_entity
+    end
+  end
+
  # We don't have a dedicated non-editable show view
  def show
    edit
@ -65,6 +74,8 @@ class CaseLogsController < ApplicationController

 private

+  API_ACTIONS = %w[create update].freeze
+
  def question_responses(questions_for_page)
    questions_for_page.each_with_object({}) do |(question_key, question_info), result|
      question_params = params["case_log"][question_key]
@ -79,15 +90,15 @@ private
    end
  end

-  def json_create_request?
-    (request["action"] == "create") && request.format.json?
+  def json_api_request?
+    API_ACTIONS.include?(request["action"]) && request.format.json?
  end

  def authenticate
    http_basic_authenticate_or_request_with name: ENV["API_USER"], password: ENV["API_KEY"]
  end

-  def create_params
+  def api_case_log_params
    return {} unless params[:case_log]

    params.require(:case_log).permit(CaseLog.editable_fields)
--- a/spec/requests/case_log_controller_spec.rb
+++ b/spec/requests/case_log_controller_spec.rb
@ -1,7 +1,6 @@
 require "rails_helper"

 RSpec.describe CaseLogsController, type: :request do
-
  let(:api_username) { "test_user" }
  let(:api_password) { "test_password" }
  let(:basic_credentials) do
@ -106,7 +105,11 @@ RSpec.describe CaseLogsController, type: :request do
    end

    before do
-      post "/case_logs/#{case_log.id}", headers: headers, params: params.to_json
+      patch "/case_logs/#{case_log.id}", headers: headers, params: params.to_json
+    end
+
+    it "returns http success" do
+      expect(response).to have_http_status(:success)
    end

    it "updates the case log with the given fields and keeps original values where none are passed" do
@ -114,5 +117,15 @@ RSpec.describe CaseLogsController, type: :request do
      expect(case_log.tenant_code).to eq("New Value")
      expect(case_log.property_postcode).to eq("Old Value")
    end
+
+    context "request with invalid credentials" do
+      let(:basic_credentials) do
+        ActionController::HttpAuthentication::Basic.encode_credentials(api_username, "Oops")
+      end
+
+      it "returns 401" do
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
  end
 end