From 56e31cdaf3dac1758e09e4e3c5db5d1511625fd5 Mon Sep 17 00:00:00 2001 From: Victor Costa Date: Thu, 19 May 2016 11:02:12 -0300 Subject: [PATCH] api: add endpoint to remove comments --- app/api/v1/comments.rb | 13 +++++++++++++ test/api/comments_test.rb | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 0 deletions(-) diff --git a/app/api/v1/comments.rb b/app/api/v1/comments.rb index 4952e77..68ad20c 100644 --- a/app/api/v1/comments.rb +++ b/app/api/v1/comments.rb @@ -42,6 +42,19 @@ module Api end present comment, :with => Entities::Comment, :current_person => current_person end + + delete ":id/comments/:comment_id" do + article = find_article(environment.articles, params[:id]) + comment = article.comments.find_by_id(params[:comment_id]) + return not_found! if comment.nil? + return forbidden! unless comment.can_be_destroyed_by?(current_person) + begin + comment.destroy + present comment, with: Entities::Comment, :current_person => current_person + rescue => e + render_api_error!(e.message, 500) + end + end end end diff --git a/test/api/comments_test.rb b/test/api/comments_test.rb index 4255755..601c299 100644 --- a/test/api/comments_test.rb +++ b/test/api/comments_test.rb @@ -186,4 +186,53 @@ class CommentsTest < ActiveSupport::TestCase assert_equal [comment1.id], json["comments"].map { |c| c['id'] } end + should 'delete comment successfully' do + login_api + article = fast_create(Article, profile_id: person.id, name: "Some thing") + comment = article.comments.create!(body: "some comment", author: person) + delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 200, last_response.status + assert_equal comment.id, json['comment']['id'] + assert_not_includes article.comments, comment + end + + should 'not delete a comment when user is not logged' do + article = fast_create(Article, profile_id: person.id, name: "Some thing") + comment = article.comments.create!(body: "some comment", author: person) + delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 403, last_response.status + assert_includes article.comments, comment + end + + should 'not delete a comment when user does not have permission' do + login_api + article = fast_create(Article, profile_id: @local_person.id, name: "Some thing") + comment = article.comments.create!(body: "some comment", author: @local_person) + delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 403, last_response.status + assert_includes article.comments, comment + end + + should 'return not found when delete a inexistent comment' do + article = fast_create(Article, profile_id: person.id, name: "Some thing") + comment = article.comments.create!(body: "some comment", author: person) + delete "api/v1/articles/#{article.id}/comments/0?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 404, last_response.status + assert_includes article.comments, comment + end + + should 'return error when failed to delete comment' do + login_api + article = fast_create(Article, profile_id: person.id, name: "Some thing") + comment = article.comments.create!(body: "some comment", author: person) + Comment.any_instance.expects(:destroy).raises(StandardError) + delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 500, last_response.status + assert_includes article.comments, comment + end end -- libgit2 0.21.2