Permalink
Browse files

Forbid access to hidden Heading & Chapter.

  • Loading branch information...
1 parent ae1866e commit 8931e689c14cb3cd6ce5e408dd3b7fe883dc14f0 @saulius saulius committed Dec 4, 2012
View
15 app/controllers/api/v1/chapters_controller.rb
@@ -3,11 +3,8 @@
module Api
module V1
class ChaptersController < ApplicationController
+ before_filter :find_chapter, only: [:show]
def show
- @chapter = Chapter.actual
- .where(goods_nomenclature_item_id: chapter_id)
- .take
-
@headings = GoodsNomenclatureMapper.new(@chapter.headings_dataset
.eager(:goods_nomenclature_description,
:goods_nomenclature_indent)
@@ -16,6 +13,16 @@ def show
respond_with @chapter
end
+ private
+
+ def find_chapter
+ @chapter = Chapter.actual
+ .where(goods_nomenclature_item_id: chapter_id)
+ .take
+
+ raise Sequel::RecordNotFound if @chapter.goods_nomenclature_item_id.in? HiddenGoodsNomenclature.codes
+ end
+
def chapter_id
"#{params[:id]}00000000"
end
View
18 app/controllers/api/v1/headings_controller.rb
@@ -3,12 +3,9 @@
module Api
module V1
class HeadingsController < ApplicationController
- def show
- @heading = Heading.actual
- .non_grouping
- .where(goods_nomenclatures__goods_nomenclature_item_id: heading_id)
- .take
+ before_filter :find_heading, only: [:show]
+ def show
if @heading.declarable?
@measures = MeasurePresenter.new(@heading.measures_dataset.eager({geographical_area: [:geographical_area_description, :children_geographical_areas]},
{footnotes: :footnote_description},
@@ -40,6 +37,17 @@ def show
respond_with @heading
end
+ private
+
+ def find_heading
+ @heading = Heading.actual
+ .non_grouping
+ .where(goods_nomenclatures__goods_nomenclature_item_id: heading_id)
+ .take
+
+ raise Sequel::RecordNotFound if @heading.goods_nomenclature_item_id.in? HiddenGoodsNomenclature.codes
+ end
+
def heading_id
"#{params[:id]}000000"
end
View
8 spec/controllers/api/v1/chapters_controller_spec.rb
@@ -27,4 +27,12 @@
expect { get :show, id: "55", format: :json }.to raise_error Sequel::RecordNotFound
end
end
+
+ context 'when record is hidden' do
+ let!(:hidden_goods_nomenclature) { create :hidden_goods_nomenclature, goods_nomenclature_item_id: chapter.goods_nomenclature_item_id }
+
+ it 'returns not found' do
+ expect { get :show, id: chapter.goods_nomenclature_item_id.first(2), format: :json }.to raise_error Sequel::RecordNotFound
+ end
+ end
end
View
8 spec/controllers/api/v1/headings_controller_spec.rb
@@ -75,5 +75,13 @@
expect { get :show, id: "1234", format: :json }.to raise_error Sequel::RecordNotFound
end
end
+
+ context 'when record is hidden' do
+ let!(:hidden_goods_nomenclature) { create :hidden_goods_nomenclature, goods_nomenclature_item_id: heading.goods_nomenclature_item_id }
+
+ it 'returns not found' do
+ expect { get :show, id: heading.goods_nomenclature_item_id.first(4), format: :json }.to raise_error Sequel::RecordNotFound
+ end
+ end
end
end

0 comments on commit 8931e68

Please sign in to comment.