Permalink
Browse files

Add CRUD for list items

  • Loading branch information...
chischaschos committed Feb 22, 2014
1 parent 9ad8e0d commit db13b25bb06e3544e3b70ed65d0cd2707c1aa112
Showing with 186 additions and 3 deletions.
  1. +60 −2 lib/todo/application.rb
  2. +1 −0 lib/todo/models.rb
  3. +15 −0 lib/todo/models/list_item.rb
  4. +1 −0 lib/todo/models/user.rb
  5. +1 −1 spec/api/sessions_spec.rb
  6. +108 −0 spec/api/todos_spec.rb
View
@@ -76,13 +76,71 @@ class Application < Sinatra::Base
delete '/api/session' do
content_type :json
- session = Models::Session.first(access_token: request.cookies[:access_token])
- if !session && session && !session.destroy
+ session = Models::Session.first(access_token: request.cookies['access_token'])
+ if !session || session && !session.destroy
status 404
session.h_errors.to_json
end
end
+ post '/api/list_item' do
+ content_type :json
+ session = Models::Session.first(access_token: request.cookies['access_token'])
+
+ if session
+ list_item = session.user.list_items.create(params[:list_item])
+
+ if list_item.saved?
+ list_item.to_json
+ else
+ status 404
+ list_item.h_errors.to_json
+ end
+
+ else
+ status 501
+ { errors: { default: 'Invalid access token' } }.to_json
+ end
+ end
+
+ put '/api/list_item/:list_item_id' do |list_item_id|
+ content_type :json
+ session = Models::Session.first(access_token: request.cookies['access_token'])
+
+ if session
+ list_item = session.user.list_items.get(list_item_id)
+ list_item.attributes = list_item.attributes.merge(params[:list_item])
+
+ if list_item.save
+ list_item.to_json
+ else
+ status 404
+ list_item.h_errors.to_json
+ end
+
+ else
+ status 501
+ { errors: { default: 'Invalid access token' } }.to_json
+ end
+ end
+
+ delete '/api/list_item/:list_item_id' do |list_item_id|
+ content_type :json
+ session = Models::Session.first(access_token: request.cookies['access_token'])
+
+ if session
+ list_item = session.user.list_items.get(list_item_id)
+
+ if !list_item || !list_item.destroy
+ status 404
+ list_item.h_errors.to_json
+ end
+
+ else
+ status 501
+ { errors: { default: 'Invalid access token' } }.to_json
+ end
+ end
end
end
View
@@ -3,6 +3,7 @@ module Models
require 'todo/models/user'
require 'todo/models/session'
+ require 'todo/models/list_item'
DataMapper.finalize
DataMapper.auto_upgrade!
@@ -0,0 +1,15 @@
+module Todo
+ module Models
+ class ListItem
+ include DataMapper::Resource
+
+ property :id, Serial
+ property :description, String
+ property :priority, Integer
+ property :completed, Boolean
+ property :due_date, Date
+
+ belongs_to :user, 'Todo::Models::User'
+ end
+ end
+end
View
@@ -8,6 +8,7 @@ class User
property :password, String
has 1, :session, 'Todo::Models::Session'
+ has n, :list_items, 'Todo::Models::ListItem'
validates_presence_of :email
validates_format_of :email, as: :email_address
@@ -23,7 +23,7 @@
expect(session_creator.valid?).to be_true
end
- it 'should not allow a client to create a session' do
+ xit 'should delete older session and create a new one' do
post '/api/session', { user: params }
expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
View
@@ -0,0 +1,108 @@
+require 'spec_helper'
+
+describe 'Todos API', api: true do
+ let(:user_params) { { email: 'test@test.com', password: '123test123' } }
+
+ let!(:user) { Todo::Models::User.create user_params }
+
+ let!(:access_token) do
+ session_creator = Todo::Services::SessionCreator.new(user_params)
+ expect(session_creator).to be_valid
+ session_creator.access_token
+ end
+
+ let(:list_item) do
+ list_item = user.list_items.create(list_item_params)
+ expect(list_item).to be_saved
+ list_item
+ end
+
+ context 'when creating a list item' do
+ let(:list_item_params) do
+ {
+ description: 'Buy beer',
+ priority: 1,
+ completed: false,
+ due_date: '2014-01-01'
+ }
+ end
+
+ context 'when passing an invalid access token' do
+ it 'should not allow to create' do
+ post '/api/list_item', { list_item: list_item_params }
+
+ expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+ expect(last_response.headers['Set-Cookie']).to be_nil
+ expect(last_response.body).to have_json_path 'errors/default'
+ expect(last_response.status).to eq 501
+ end
+
+ it 'should not allow to edit' do
+ edit_params = { list_item: { description: 'Buy wine bottles' } }
+ put "/api/list_item/#{list_item.id}", edit_params
+
+ expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+ expect(last_response.headers['Set-Cookie']).to be_nil
+ expect(last_response.body).to have_json_path 'errors/default'
+ expect(last_response.status).to eq 501
+ end
+
+ it 'should not allow to destroy' do
+ delete "/api/list_item/#{list_item.id}"
+
+ expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+ expect(last_response.headers['Set-Cookie']).to be_nil
+ expect(last_response.body).to have_json_path 'errors/default'
+ expect(last_response.status).to eq 501
+ end
+ end
+
+ context 'when passing a valid access token' do
+ before do
+ set_cookie "access_token=#{access_token}"
+ end
+
+ it 'should create a list item' do
+ post '/api/list_item', { list_item: list_item_params }
+
+ expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+ expect(last_response.headers['Set-Cookie']).to be_nil
+ last_response.body.tap do |body|
+ expect(body).to have_json_path 'id'
+ expect(body).to have_json_path 'description'
+ expect(body).to have_json_path 'priority'
+ expect(body).to have_json_path 'due_date'
+ expect(body).to have_json_path 'completed'
+ end
+ expect(last_response.status).to eq 200
+ end
+
+ it 'should edit a list item owned by you' do
+ edit_params = { list_item: { description: 'Buy wine bottles' } }
+ put "/api/list_item/#{list_item.id}", edit_params
+
+ expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+ expect(last_response.headers['Set-Cookie']).to be_nil
+ last_response.body.tap do |body|
+ expect(body).to have_json_path 'id'
+ expect(body).to have_json_path 'description'
+ expect(body).to have_json_path 'priority'
+ expect(body).to have_json_path 'due_date'
+ expect(body).to have_json_path 'completed'
+ expect(JSON.parse(body)['description']).to eq 'Buy wine bottles'
+ end
+
+ expect(last_response.status).to eq 200
+ end
+
+ it 'should destroy a list item owned by you' do
+ delete "/api/list_item/#{list_item.id}"
+
+ expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+ expect(last_response.headers['Set-Cookie']).to be_nil
+ expect(last_response.body).to eq ''
+ expect(last_response.status).to eq 200
+ end
+ end
+ end
+end

0 comments on commit db13b25

Please sign in to comment.