From dccf72d44117c5b0772d615047c879ee434323c3 Mon Sep 17 00:00:00 2001
From: Victor Costa <vfcosta@gmail.com>
Date: Fri, 22 Jul 2016 10:49:35 -0300
Subject: [PATCH] api: accept parameters to update a task when accept/reject

---
 app/api/v1/tasks.rb   |  9 +++++++--
 test/api/task_test.rb | 18 ++++++++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/app/api/v1/tasks.rb b/app/api/v1/tasks.rb
index 9187774..e4bf031 100644
--- a/app/api/v1/tasks.rb
+++ b/app/api/v1/tasks.rb
@@ -31,8 +31,13 @@ module Api
           desc "#{action.capitalize} a task"
           put ":id/#{action}" do
             task = find_task(current_person, Task.to(current_person), params[:id])
-            task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
-            present_partial task, :with => Entities::Task
+            begin
+              task.update(params[:task])
+              task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
+              present_partial task, :with => Entities::Task
+            rescue Exception => ex
+              render_api_error!(ex.message, 500)
+            end
           end
         end
       end
diff --git a/test/api/task_test.rb b/test/api/task_test.rb
index 83c7798..08cf941 100644
--- a/test/api/task_test.rb
+++ b/test/api/task_test.rb
@@ -204,6 +204,24 @@ class TasksTest < ActiveSupport::TestCase
       assert_nil task.reload.closed_by_id
       assert_equal Task::Status::ACTIVE, task.status
     end
+
+    should "person be able to #{action} a task with parameters" do
+      person1 = fast_create(Person)
+      task = create(Task, :requestor => person1, :target => person)
+      params[:task] = {reject_explanation: "reject explanation"}
+      put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
+      assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
+      assert_equal "reject explanation", task.reload.reject_explanation
+    end
+
+    should "not update a forbidden parameter when #{action} a task" do
+      person1 = fast_create(Person)
+      person2 = fast_create(Person)
+      task = create(Task, :requestor => person1, :target => person)
+      params[:task] = { requestor: {id: person2.id} }
+      put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
+      assert_equal 500, last_response.status
+    end
   end
 
   #################################################
--
libgit2 0.21.2