diff options
| -rw-r--r-- | app/controllers/api_controller.rb | 1 | ||||
| -rw-r--r-- | spec/controllers/api_controller_spec.rb | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 9bcd82632..2c7f9a4a9 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -157,6 +157,7 @@ class ApiController < ApplicationController protected def check_api_key + raise "Missing required parameter 'k'" if params[:k].nil? @public_body = PublicBody.find_by_api_key(params[:k].gsub(' ', '+')) raise PermissionDenied if @public_body.nil? end diff --git a/spec/controllers/api_controller_spec.rb b/spec/controllers/api_controller_spec.rb index b08b1f527..cd47cc2f2 100644 --- a/spec/controllers/api_controller_spec.rb +++ b/spec/controllers/api_controller_spec.rb @@ -177,6 +177,19 @@ describe ApiController, "when using the API" do end it "should show information about a request" do + info_request = info_requests(:naughty_chicken_request) + get :show_request, + :k => public_bodies(:geraldine_public_body).api_key, + :id => info_request.id + response.should be_success + assigns[:request].id.should == info_request.id + + r = ActiveSupport::JSON.decode(response.body) + r["title"].should == info_request.title + # Let’s not test all the fields here, because it would + # essentially just be a matter of copying the code that + # assigns them and changing assignment to an equality + # check, which does not really test anything at all. end end |