Add CRUD for list items

chischaschos · Feb 22, 2014 · db13b25 · db13b25
1 parent 9ad8e0d
commit db13b25
Show file tree

Hide file tree

Showing 6 changed files with 186 additions and 3 deletions.
diff --git a/lib/todo/application.rb b/lib/todo/application.rb
@@ -76,13 +76,71 @@ class Application < Sinatra::Base
 
     delete '/api/session' do
       content_type :json
-      session = Models::Session.first(access_token: request.cookies[:access_token])
-      if !session && session && !session.destroy
+      session = Models::Session.first(access_token: request.cookies['access_token'])
+      if !session || session && !session.destroy
         status 404
         session.h_errors.to_json
       end
     end
 
+    post '/api/list_item' do
+      content_type :json
+      session = Models::Session.first(access_token: request.cookies['access_token'])
+
+      if session
+        list_item = session.user.list_items.create(params[:list_item])
+
+        if list_item.saved?
+          list_item.to_json
+        else
+          status 404
+          list_item.h_errors.to_json
+        end
+
+      else
+        status 501
+        { errors: { default: 'Invalid access token' } }.to_json
+      end
+    end
+
+    put '/api/list_item/:list_item_id' do |list_item_id|
+      content_type :json
+      session = Models::Session.first(access_token: request.cookies['access_token'])
+
+      if session
+        list_item = session.user.list_items.get(list_item_id)
+        list_item.attributes = list_item.attributes.merge(params[:list_item])
+
+        if list_item.save
+          list_item.to_json
+        else
+          status 404
+          list_item.h_errors.to_json
+        end
+
+      else
+        status 501
+        { errors: { default: 'Invalid access token' } }.to_json
+      end
+    end
+
+    delete '/api/list_item/:list_item_id' do |list_item_id|
+      content_type :json
+      session = Models::Session.first(access_token: request.cookies['access_token'])
+
+      if session
+        list_item = session.user.list_items.get(list_item_id)
+
+        if !list_item || !list_item.destroy
+          status 404
+          list_item.h_errors.to_json
+        end
+
+      else
+        status 501
+        { errors: { default: 'Invalid access token' } }.to_json
+      end
+    end
 
   end
 end
diff --git a/lib/todo/models.rb b/lib/todo/models.rb
@@ -3,6 +3,7 @@ module Models
 
     require 'todo/models/user'
     require 'todo/models/session'
+    require 'todo/models/list_item'
 
     DataMapper.finalize
     DataMapper.auto_upgrade!

diff --git a/lib/todo/models/list_item.rb b/lib/todo/models/list_item.rb
@@ -0,0 +1,15 @@
+module Todo
+  module Models
+    class ListItem
+      include DataMapper::Resource
+
+      property :id,           Serial
+      property :description,  String
+      property :priority,     Integer
+      property :completed,    Boolean
+      property :due_date,     Date
+
+      belongs_to :user, 'Todo::Models::User'
+    end
+  end
+end
diff --git a/lib/todo/models/user.rb b/lib/todo/models/user.rb
@@ -8,6 +8,7 @@ class User
       property :password,   String
 
       has 1, :session, 'Todo::Models::Session'
+      has n, :list_items, 'Todo::Models::ListItem'
 
       validates_presence_of :email
       validates_format_of :email, as: :email_address

diff --git a/spec/api/sessions_spec.rb b/spec/api/sessions_spec.rb
@@ -23,7 +23,7 @@
         expect(session_creator.valid?).to be_true
       end
 
-      it 'should not allow a client to create a session' do
+      xit 'should delete older session and create a new one' do
         post '/api/session', { user: params }
 
         expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'

diff --git a/spec/api/todos_spec.rb b/spec/api/todos_spec.rb
@@ -0,0 +1,108 @@
+require 'spec_helper'
+
+describe 'Todos API', api: true do
+  let(:user_params) { { email: 'test@test.com', password: '123test123' } }
+
+  let!(:user) { Todo::Models::User.create user_params }
+
+  let!(:access_token) do
+    session_creator = Todo::Services::SessionCreator.new(user_params)
+    expect(session_creator).to be_valid
+    session_creator.access_token
+  end
+
+  let(:list_item) do
+    list_item = user.list_items.create(list_item_params)
+    expect(list_item).to be_saved
+    list_item
+  end
+
+  context 'when creating a list item' do
+    let(:list_item_params) do
+      {
+        description: 'Buy beer',
+        priority: 1,
+        completed: false,
+        due_date: '2014-01-01'
+      }
+    end
+
+    context 'when passing an invalid access token' do
+      it 'should not allow to create' do
+        post '/api/list_item', { list_item: list_item_params }
+
+        expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+        expect(last_response.headers['Set-Cookie']).to be_nil
+        expect(last_response.body).to have_json_path 'errors/default'
+        expect(last_response.status).to eq 501
+      end
+
+      it 'should not allow to edit' do
+        edit_params = { list_item: { description: 'Buy wine bottles' } }
+        put "/api/list_item/#{list_item.id}", edit_params
+
+        expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+        expect(last_response.headers['Set-Cookie']).to be_nil
+        expect(last_response.body).to have_json_path 'errors/default'
+        expect(last_response.status).to eq 501
+      end
+
+      it 'should not allow to destroy' do
+        delete "/api/list_item/#{list_item.id}"
+
+        expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+        expect(last_response.headers['Set-Cookie']).to be_nil
+        expect(last_response.body).to have_json_path 'errors/default'
+        expect(last_response.status).to eq 501
+      end
+    end
+
+    context 'when passing a valid access token' do
+      before do
+        set_cookie "access_token=#{access_token}"
+      end
+
+      it 'should create a list item' do
+        post '/api/list_item', { list_item: list_item_params }
+
+        expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+        expect(last_response.headers['Set-Cookie']).to be_nil
+        last_response.body.tap do |body|
+          expect(body).to have_json_path 'id'
+          expect(body).to have_json_path 'description'
+          expect(body).to have_json_path 'priority'
+          expect(body).to have_json_path 'due_date'
+          expect(body).to have_json_path 'completed'
+        end
+        expect(last_response.status).to eq 200
+      end
+
+      it 'should edit a list item owned by you' do
+        edit_params = { list_item: { description: 'Buy wine bottles' } }
+        put "/api/list_item/#{list_item.id}", edit_params
+
+        expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+        expect(last_response.headers['Set-Cookie']).to be_nil
+        last_response.body.tap do |body|
+          expect(body).to have_json_path 'id'
+          expect(body).to have_json_path 'description'
+          expect(body).to have_json_path 'priority'
+          expect(body).to have_json_path 'due_date'
+          expect(body).to have_json_path 'completed'
+          expect(JSON.parse(body)['description']).to eq 'Buy wine bottles'
+        end
+
+        expect(last_response.status).to eq 200
+      end
+
+      it 'should destroy a list item owned by you' do
+        delete "/api/list_item/#{list_item.id}"
+
+        expect(last_response.headers['Content-Type']).to eq 'application/json;charset=utf-8'
+        expect(last_response.headers['Set-Cookie']).to be_nil
+        expect(last_response.body).to eq ''
+        expect(last_response.status).to eq 200
+      end
+    end
+  end
+end