if user&.active?
can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes)
+ can :create, NoteSubscription if scope?(token, :write_notes)
can [:show, :data], Trace if scope?(token, :read_gpx)
can [:create, :update, :destroy], Trace if scope?(token, :write_gpx)
can [:details], User if scope?(token, :read_prefs)
--- /dev/null
+module Api
+ class NoteSubscriptionsController < ApiController
+ before_action :check_api_writable
+ before_action :authorize
+
+ authorize_resource
+
+ def create
+ note_id = params[:note_id].to_i
+ note = Note.find(note_id)
+ note.subscribers << current_user
+ rescue ActiveRecord::RecordNotFound
+ report_error "Note #{note_id} not found.", :not_found
+ rescue ActiveRecord::RecordNotUnique
+ report_error "You are already subscribed to note #{note_id}.", :conflict
+ end
+ end
+end
--- /dev/null
+require "test_helper"
+
+module Api
+ class NoteSubscriptionsControllerTest < ActionDispatch::IntegrationTest
+ def test_routes
+ assert_routing(
+ { :path => "/api/0.6/notes/1/subscription", :method => :post },
+ { :controller => "api/note_subscriptions", :action => "create", :note_id => "1" }
+ )
+ end
+
+ def test_create
+ user = create(:user)
+ auth_header = bearer_authorization_header user
+ note = create(:note_with_comments)
+ assert_empty note.subscribers
+
+ assert_difference "NoteSubscription.count", 1 do
+ assert_difference "note.subscribers.count", 1 do
+ post api_note_subscription_path(note), :headers => auth_header
+ assert_response :success
+ end
+ end
+ assert_equal user, note.subscribers.last
+ end
+
+ def test_create_fail_anonymous
+ note = create(:note_with_comments)
+
+ assert_no_difference "NoteSubscription.count" do
+ assert_no_difference "note.subscribers.count" do
+ post api_note_subscription_path(note)
+ assert_response :unauthorized
+ end
+ end
+ end
+
+ def test_create_fail_no_scope
+ user = create(:user)
+ auth_header = bearer_authorization_header user, :scopes => %w[read_prefs]
+ note = create(:note_with_comments)
+
+ assert_no_difference "NoteSubscription.count" do
+ assert_no_difference "note.subscribers.count" do
+ post api_note_subscription_path(note), :headers => auth_header
+ assert_response :forbidden
+ end
+ end
+ end
+
+ def test_create_fail_note_not_found
+ user = create(:user)
+ auth_header = bearer_authorization_header user
+
+ assert_no_difference "NoteSubscription.count" do
+ post api_note_subscription_path(999111), :headers => auth_header
+ assert_response :not_found
+ end
+ assert_match "not found", @response.body
+ end
+
+ def test_create_fail_already_subscribed
+ user = create(:user)
+ auth_header = bearer_authorization_header user
+ note = create(:note_with_comments)
+ create(:note_subscription, :user => user, :note => note)
+
+ assert_no_difference "NoteSubscription.count" do
+ assert_no_difference "note.subscribers.count" do
+ post api_note_subscription_path(note), :headers => auth_header
+ assert_response :conflict
+ end
+ end
+ assert_match "already subscribed", @response.body
+ end
+ end
+end
projects / rails.git / commitdiff