api: accept parameters to update a task when accept/reject

Victor Costa
1 parent 3e2a483a
Showing 2 changed files with 25 additions and 2 deletions Show diff stats
app/api/v1/tasks.rb
test/api/task_test.rb
@@ -31,8 +31,13 @@ module Api
           desc "#{action.capitalize} a task"
           put ":id/#{action}" do
             task = find_task(current_person, Task.to(current_person), params[:id])
-            task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
-            present_partial task, :with => Entities::Task
+            begin
+              task.update(params[:task])
+              task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
+              present_partial task, :with => Entities::Task
+            rescue Exception => ex
+              render_api_error!(ex.message, 500)
+            end
           end
         end
       end
@@ -204,6 +204,24 @@ class TasksTest &lt; ActiveSupport::TestCase
       assert_nil task.reload.closed_by_id
       assert_equal Task::Status::ACTIVE, task.status
     end
+
+    should "person be able to #{action} a task with parameters" do
+      person1 = fast_create(Person)
+      task = create(Task, :requestor => person1, :target => person)
+      params[:task] = {reject_explanation: "reject explanation"}
+      put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
+      assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
+      assert_equal "reject explanation", task.reload.reject_explanation
+    end
+
+    should "not update a forbidden parameter when #{action} a task" do
+      person1 = fast_create(Person)
+      person2 = fast_create(Person)
+      task = create(Task, :requestor => person1, :target => person)
+      params[:task] = { requestor: {id: person2.id} }
+      put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
+      assert_equal 500, last_response.status
+    end
   end
  
   #################################################
...	...	@@ -31,8 +31,13 @@ module Api
31	31	desc "#{action.capitalize} a task"
32	32	put ":id/#{action}" do
33	33	task = find_task(current_person, Task.to(current_person), params[:id])
34		- task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
35		- present_partial task, :with => Entities::Task
	34	+ begin
	35	+ task.update(params[:task])
	36	+ task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
	37	+ present_partial task, :with => Entities::Task
	38	+ rescue Exception => ex
	39	+ render_api_error!(ex.message, 500)
	40	+ end
36	41	end
37	42	end
38	43	end
...	...
...	...	@@ -204,6 +204,24 @@ class TasksTest < ActiveSupport::TestCase
204	204	assert_nil task.reload.closed_by_id
205	205	assert_equal Task::Status::ACTIVE, task.status
206	206	end
	207	+
	208	+ should "person be able to #{action} a task with parameters" do
	209	+ person1 = fast_create(Person)
	210	+ task = create(Task, :requestor => person1, :target => person)
	211	+ params[:task] = {reject_explanation: "reject explanation"}
	212	+ put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
	213	+ assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
	214	+ assert_equal "reject explanation", task.reload.reject_explanation
	215	+ end
	216	+
	217	+ should "not update a forbidden parameter when #{action} a task" do
	218	+ person1 = fast_create(Person)
	219	+ person2 = fast_create(Person)
	220	+ task = create(Task, :requestor => person1, :target => person)
	221	+ params[:task] = { requestor: {id: person2.id} }
	222	+ put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
	223	+ assert_equal 500, last_response.status
	224	+ end
207	225	end
208	226
209	227	#################################################
...	...