Commit dccf72d44117c5b0772d615047c879ee434323c3
1 parent
3e2a483a
Exists in
staging
and in
7 other branches
api: accept parameters to update a task when accept/reject
Showing
2 changed files
with
25 additions
and
2 deletions
Show diff stats
app/api/v1/tasks.rb
... | ... | @@ -31,8 +31,13 @@ module Api |
31 | 31 | desc "#{action.capitalize} a task" |
32 | 32 | put ":id/#{action}" do |
33 | 33 | task = find_task(current_person, Task.to(current_person), params[:id]) |
34 | - task.send(action, current_person) if (task.status == Task::Status::ACTIVE) | |
35 | - present_partial task, :with => Entities::Task | |
34 | + begin | |
35 | + task.update(params[:task]) | |
36 | + task.send(action, current_person) if (task.status == Task::Status::ACTIVE) | |
37 | + present_partial task, :with => Entities::Task | |
38 | + rescue Exception => ex | |
39 | + render_api_error!(ex.message, 500) | |
40 | + end | |
36 | 41 | end |
37 | 42 | end |
38 | 43 | end | ... | ... |
test/api/task_test.rb
... | ... | @@ -204,6 +204,24 @@ class TasksTest < ActiveSupport::TestCase |
204 | 204 | assert_nil task.reload.closed_by_id |
205 | 205 | assert_equal Task::Status::ACTIVE, task.status |
206 | 206 | end |
207 | + | |
208 | + should "person be able to #{action} a task with parameters" do | |
209 | + person1 = fast_create(Person) | |
210 | + task = create(Task, :requestor => person1, :target => person) | |
211 | + params[:task] = {reject_explanation: "reject explanation"} | |
212 | + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}" | |
213 | + assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status | |
214 | + assert_equal "reject explanation", task.reload.reject_explanation | |
215 | + end | |
216 | + | |
217 | + should "not update a forbidden parameter when #{action} a task" do | |
218 | + person1 = fast_create(Person) | |
219 | + person2 = fast_create(Person) | |
220 | + task = create(Task, :requestor => person1, :target => person) | |
221 | + params[:task] = { requestor: {id: person2.id} } | |
222 | + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}" | |
223 | + assert_equal 500, last_response.status | |
224 | + end | |
207 | 225 | end |
208 | 226 | |
209 | 227 | ################################################# | ... | ... |