Commit 46af34c89aa189edb86cea304b6815208877a4c0
Exists in
ratings_minor_fixes
and in
3 other branches
Merge branch 'remove-comments-api' into 'master'
[API] Endpoit to remove comments Also fix the post comment endpoint when article does not accept comments. See merge request !930
Showing
2 changed files
with
73 additions
and
0 deletions
Show diff stats
app/api/v1/comments.rb
| ... | ... | @@ -34,6 +34,7 @@ module Api |
| 34 | 34 | post ":id/comments" do |
| 35 | 35 | authenticate! |
| 36 | 36 | article = find_article(environment.articles, params[:id]) |
| 37 | + return forbidden! unless article.accept_comments? | |
| 37 | 38 | options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article) |
| 38 | 39 | begin |
| 39 | 40 | comment = Comment.create!(options) |
| ... | ... | @@ -42,6 +43,19 @@ module Api |
| 42 | 43 | end |
| 43 | 44 | present comment, :with => Entities::Comment, :current_person => current_person |
| 44 | 45 | end |
| 46 | + | |
| 47 | + delete ":id/comments/:comment_id" do | |
| 48 | + article = find_article(environment.articles, params[:id]) | |
| 49 | + comment = article.comments.find_by_id(params[:comment_id]) | |
| 50 | + return not_found! if comment.nil? | |
| 51 | + return forbidden! unless comment.can_be_destroyed_by?(current_person) | |
| 52 | + begin | |
| 53 | + comment.destroy | |
| 54 | + present comment, with: Entities::Comment, :current_person => current_person | |
| 55 | + rescue => e | |
| 56 | + render_api_error!(e.message, 500) | |
| 57 | + end | |
| 58 | + end | |
| 45 | 59 | end |
| 46 | 60 | |
| 47 | 61 | end | ... | ... |
test/api/comments_test.rb
| ... | ... | @@ -70,6 +70,16 @@ class CommentsTest < ActiveSupport::TestCase |
| 70 | 70 | assert_equal body, json['comment']['body'] |
| 71 | 71 | end |
| 72 | 72 | |
| 73 | + should 'not create comment when an article does not accept comments' do | |
| 74 | + login_api | |
| 75 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", accept_comments: false) | |
| 76 | + body = 'My comment' | |
| 77 | + params.merge!({:body => body}) | |
| 78 | + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | |
| 79 | + json = JSON.parse(last_response.body) | |
| 80 | + assert_equal 403, last_response.status | |
| 81 | + end | |
| 82 | + | |
| 73 | 83 | should 'logged user not comment an archived article' do |
| 74 | 84 | login_api |
| 75 | 85 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :archived => true) |
| ... | ... | @@ -186,4 +196,53 @@ class CommentsTest < ActiveSupport::TestCase |
| 186 | 196 | assert_equal [comment1.id], json["comments"].map { |c| c['id'] } |
| 187 | 197 | end |
| 188 | 198 | |
| 199 | + should 'delete comment successfully' do | |
| 200 | + login_api | |
| 201 | + article = fast_create(Article, profile_id: person.id, name: "Some thing") | |
| 202 | + comment = article.comments.create!(body: "some comment", author: person) | |
| 203 | + delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" | |
| 204 | + json = JSON.parse(last_response.body) | |
| 205 | + assert_equal 200, last_response.status | |
| 206 | + assert_equal comment.id, json['comment']['id'] | |
| 207 | + assert_not_includes article.comments, comment | |
| 208 | + end | |
| 209 | + | |
| 210 | + should 'not delete a comment when user is not logged' do | |
| 211 | + article = fast_create(Article, profile_id: person.id, name: "Some thing") | |
| 212 | + comment = article.comments.create!(body: "some comment", author: person) | |
| 213 | + delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" | |
| 214 | + json = JSON.parse(last_response.body) | |
| 215 | + assert_equal 403, last_response.status | |
| 216 | + assert_includes article.comments, comment | |
| 217 | + end | |
| 218 | + | |
| 219 | + should 'not delete a comment when user does not have permission' do | |
| 220 | + login_api | |
| 221 | + article = fast_create(Article, profile_id: @local_person.id, name: "Some thing") | |
| 222 | + comment = article.comments.create!(body: "some comment", author: @local_person) | |
| 223 | + delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" | |
| 224 | + json = JSON.parse(last_response.body) | |
| 225 | + assert_equal 403, last_response.status | |
| 226 | + assert_includes article.comments, comment | |
| 227 | + end | |
| 228 | + | |
| 229 | + should 'return not found when delete a inexistent comment' do | |
| 230 | + article = fast_create(Article, profile_id: person.id, name: "Some thing") | |
| 231 | + comment = article.comments.create!(body: "some comment", author: person) | |
| 232 | + delete "api/v1/articles/#{article.id}/comments/0?#{params.to_query}" | |
| 233 | + json = JSON.parse(last_response.body) | |
| 234 | + assert_equal 404, last_response.status | |
| 235 | + assert_includes article.comments, comment | |
| 236 | + end | |
| 237 | + | |
| 238 | + should 'return error when failed to delete comment' do | |
| 239 | + login_api | |
| 240 | + article = fast_create(Article, profile_id: person.id, name: "Some thing") | |
| 241 | + comment = article.comments.create!(body: "some comment", author: person) | |
| 242 | + Comment.any_instance.expects(:destroy).raises(StandardError) | |
| 243 | + delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" | |
| 244 | + json = JSON.parse(last_response.body) | |
| 245 | + assert_equal 500, last_response.status | |
| 246 | + assert_includes article.comments, comment | |
| 247 | + end | |
| 189 | 248 | end | ... | ... |