cleanup vocabulary_controller and add tests

avalonmediasystem · Dec 11, 2015 · c0bff70 · c0bff70
1 parent 18c001f
commit c0bff70
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 31 deletions.
diff --git a/app/controllers/vocabulary_controller.rb b/app/controllers/vocabulary_controller.rb
@@ -18,37 +18,25 @@ class VocabularyController < ApplicationController
   before_action :verify_vocabulary_exists, except: [:index]
 
   def index
-    if can? :json_index, Avalon::ControlledVocabulary
-      render json: Avalon::ControlledVocabulary.vocabulary
-    else
-      render json: {errors: ['Permission denied.']}, status: 403
-    end
+    render json: Avalon::ControlledVocabulary.vocabulary
   end
 
   def show
-    if can? :json_show, Avalon::ControlledVocabulary
-      render json: Avalon::ControlledVocabulary.vocabulary[params[:id].to_sym]
-    else
-      render json: {errors: ['Permission denied.']}, status: 403
-    end
+    render json: Avalon::ControlledVocabulary.vocabulary[params[:id].to_sym]
   end
 
   def update
-    if can? :json_show, Avalon::ControlledVocabulary
-      unless params[:entry].present?
-        render json: {errors: ["No update value sent"]}, status: 422 and return
-      end
-
-      v = Avalon::ControlledVocabulary.vocabulary
-      v[params[:id].to_sym] |= Array(params[:entry])
-      result = Avalon::ControlledVocabulary.vocabulary = v
-      if result
-        render nothing: true, content_type: 'application/json', status: 200
-      else
-        render json: {errors: ["Update failed"]}, status: 422
-      end
+    unless params[:entry].present?
+      render json: {errors: ["No update value sent"]}, status: 422 and return
+    end
+
+    v = Avalon::ControlledVocabulary.vocabulary
+    v[params[:id].to_sym] |= Array(params[:entry])
+    result = Avalon::ControlledVocabulary.vocabulary = v
+    if result
+      render nothing: true, content_type: 'application/json', status: 200
     else
-      render json: {errors: ['Permission denied.']}, status: 403
+      render json: {errors: ["Update failed"]}, status: 422
     end
   end
 

diff --git a/spec/controllers/vocabulary_controller_spec.rb b/spec/controllers/vocabulary_controller_spec.rb
@@ -27,43 +27,55 @@
   }
 
   describe "#index" do
+    it "should return 403 if bad token passed" do
+      get 'index', format:'json', api_key:'badtoken'
+      expect(response.status).to eq(403)
+    end
     it "should return vocabulary for entire app" do
-      get 'index'
+      get 'index', format:'json', api_key:'secret_token'
       expect(JSON.parse(response.body)).to include('units','note_types','identifier_types')
     end
   end
   describe "#show" do
+    it "should return 403 if bad token passed" do
+      get 'show', format:'json', id: :units, api_key:'badtoken'
+      expect(response.status).to eq(403)
+    end
     it "should return a particular vocabulary" do
-      get 'show', id: :units
+      get 'show', format:'json', id: :units, api_key:'secret_token'
       expect(JSON.parse(response.body)).to include('Default Unit')
     end
     it "should return 404 if requested vocabulary not present" do
-      get 'show', id: :doesnt_exist
+      get 'show', format:'json', id: :doesnt_exist, api_key:'secret_token'
       expect(response.status).to eq(404)
       expect(JSON.parse(response.body)["errors"].class).to eq Array
       expect(JSON.parse(response.body)["errors"].first.class).to eq String
     end
   end
   describe "#update" do
+    it "should return 403 if bad token passed" do
+      put 'update', format:'json', id: :units, entry: 'New Unit', api_key:'badtoken'
+      expect(response.status).to eq(403)
+    end
     it "should add unit to controlled vocabulary" do
-      put 'update', id: :units, entry: 'New Unit'
+      put 'update', format:'json', id: :units, entry: 'New Unit', api_key:'secret_token'
       expect(Avalon::ControlledVocabulary.vocabulary[:units]).to include("New Unit")
     end
     it "should return 404 if requested vocabulary not present" do
-      put 'update', id: :doesnt_exist, entry: 'test'
+      put 'update', format:'json', id: :doesnt_exist, entry: 'test', api_key:'secret_token'
       expect(response.status).to eq(404)
       expect(JSON.parse(response.body)["errors"].class).to eq Array
       expect(JSON.parse(response.body)["errors"].first.class).to eq String
     end
     it "should return 422 if no new value sent" do
-      put 'update', id: :units
+      put 'update', format:'json', id: :units, api_key:'secret_token'
       expect(response.status).to eq(422)
       expect(JSON.parse(response.body)["errors"].class).to eq Array
       expect(JSON.parse(response.body)["errors"].first.class).to eq String
     end
     it "should return 422 if update fails" do
       allow(Avalon::ControlledVocabulary).to receive(:vocabulary=).and_return(false)
-      put 'update', id: :units
+      put 'update', format:'json', id: :units, api_key:'secret_token'
       expect(response.status).to eq(422)
       expect(JSON.parse(response.body)["errors"].class).to eq Array
       expect(JSON.parse(response.body)["errors"].first.class).to eq String