Merge pull request #41 from participateapp/23-delete-support

DELETE /support/:id

Author: ThomasWeiser

spec/requests/supports_spec.exs

@@ -12,9 +12,10 @@ defmodule ParticipateApi.SupportsSpec do
       { :ok, jwt, _full_claims } = Guardian.encode_and_sign(account)
       jwt
     end
+    
+    let! :proposal, do: insert(:proposal)
 
     describe "POST /supports" do
-      let! :proposal, do: insert(:proposal)
       let :params do
         %{
           "data" => %{
@@ -141,5 +142,53 @@ defmodule ParticipateApi.SupportsSpec do
         end
       end
     end
+
+    describe "DELETE /proposals/:id/support" do
+      let! :support, do: insert(:support, proposal: proposal, author: current_participant)
+
+      subject do
+        build_conn()
+        |> put_req_header("accept", "application/vnd.api+json")
+        |> put_req_header("content-type", "application/vnd.api+json")
+        |> put_req_header("authorization", "Bearer #{token}")
+        |> delete("/proposals/#{proposal.id}/support")
+      end
+
+      it "deletes the support resource" do
+        subject
+        query = from Support, where: [id: ^support.id]
+        expect(Repo.aggregate(query, :count, :id)).to eq 0
+      end
+
+      it "204 No Content" do
+        expect(subject).to have_http_status(204)
+        expect(subject.resp_body).to eq ""
+      end
+
+      context "current participant isn't the supporter" do
+        let! :support, do: insert(:support)
+
+        it "403 Forbidden" do
+          expect(subject).to have_http_status(403)
+          expect(subject.resp_body).to eq ""
+        end
+      end
+
+      context "token is invalid" do
+        let :token, do: "badtoken"
+
+        it "401 Unauthorized" do
+          expect(subject).to have_http_status(401)
+        end
+
+        it "Unauthenticated error" do
+          # expect(subject.resp_body).to eq ""
+          # this diverges from the oauth spec, but overriding 
+          # Guardian.Plug.EnsureAuthenticated's error handling isn't 
+          # worth it for now
+          expect(subject.resp_body).to eq "{\"errors\":[\"Unauthenticated\"]}"
+        end
+      end
+    end
   end
 end

web/controllers/proposal_controller.ex

@@ -57,14 +57,4 @@ defmodule ParticipateApi.ProposalController do
     end
   end
 
-  def delete(conn, %{"id" => id}) do
-    proposal = Repo.get!(Proposal, id)
-
-    # Here we use delete! (with a bang) because we expect
-    # it to always work (and if it does not, it will raise).
-    Repo.delete!(proposal)
-
-    send_resp(conn, :no_content, "")
-  end
-
 end

web/controllers/support_controller.ex

@@ -40,4 +40,17 @@ defmodule ParticipateApi.SupportController do
         |> render(:errors, data: changeset)
     end
   end
+
+  def delete(conn, %{"proposal_id" => proposal_id}, account, _claims) do
+    query = from Support, where: [proposal_id: ^proposal_id, author_id: ^account.participant_id]
+
+    support = Repo.one(query)
+
+    if support do
+      Repo.delete(support)
+      conn |> send_resp(:no_content, "")
+    else 
+      conn |> send_resp(:forbidden, "")
+    end
+  end
 end

web/router.ex

@@ -28,6 +28,8 @@ defmodule ParticipateApi.Router do
     resources "/participants", ParticipantController, only: [:show]
     resources "/proposals", ProposalController
     resources "/supports", SupportController, only: [:create]
+
+    delete "/proposals/:proposal_id/support", SupportController, :delete
   end
 
 end