2 files changed, 41 insertions, 5 deletions

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 2c7f9a4a9..5661819b9 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -74,6 +74,7 @@ class ApiController < ApplicationController
     def add_correspondence
         request = InfoRequest.find(params[:id])
         json = ActiveSupport::JSON.decode(params[:correspondence_json])
+        attachments = params[:attachments]
         
         direction = json["direction"]
         body = json["body"]
@@ -105,8 +106,12 @@ class ApiController < ApplicationController
             errors << "Failed to parse 'sent_at' field as ISO8601 time: #{sent_at_str}"
         end
         
+        if direction == "request" && !attachments.nil?
+            errors << "You cannot attach files to messages in the 'request' direction"
+        end
+        
         if !errors.empty?
-            render :json => { "errors" => errors }
+            render :json => { "errors" => errors }, :status => 500
             return
         end
         
@@ -144,6 +149,21 @@ class ApiController < ApplicationController
             
             request.incoming_messages << incoming_message
             request.save!
+            
+            attachments.each_with_index do |attachment, i|
+                filename = File.basename(attachment.original_filename)
+                body = attachment.read
+                content_type = AlaveteliFileTypes.filename_and_content_to_mimetype(filename, body) || 'application/octet-stream'
+                
+                a = FoiAttachment.new(
+                    :incoming_message_id => incoming_message.id,
+                    :filename => filename,
+                    :content_type => content_type
+                )
+                a.body = body
+                a.save!
+            end
+            
             request.log_event("response",
                 :api => true,
                 :email => nil,
diff --git a/spec/controllers/api_controller_spec.rb b/spec/controllers/api_controller_spec.rb
index 9cd4c0820..a39471775 100644
--- a/spec/controllers/api_controller_spec.rb
+++ b/spec/controllers/api_controller_spec.rb
@@ -173,7 +173,23 @@ describe ApiController, "when using the API" do
     end
     
     it "should not allow files to be attached to a followup" do
+        post :add_correspondence,
+            :k => public_bodies(:geraldine_public_body).api_key,
+            :id => info_requests(:external_request).id,
+            :correspondence_json => {
+                    "direction" => "request",
+                    "sent_at" => Time.now.iso8601,
+                    "body" => "Are you joking, or are you serious?"
+                }.to_json,
+            :attachments => [
+                fixture_file_upload("files/tfl.pdf")
+            ]
+            
         
+        # Make sure it worked
+        response.status.to_i.should == 500
+        errors = ActiveSupport::JSON.decode(response.body)["errors"]
+        errors.should == ["You cannot attach files to messages in the 'request' direction"]
     end
     
     it "should allow files to be attached to a response" do
@@ -190,10 +206,10 @@ describe ApiController, "when using the API" do
             :k => public_bodies(:geraldine_public_body).api_key,
             :id => request_id,
             :correspondence_json => {
-                "direction" => "response",
-                "sent_at" => sent_at,
-                "body" => response_body
-            }.to_json,
+                    "direction" => "response",
+                    "sent_at" => sent_at,
+                    "body" => response_body
+                }.to_json,
             :attachments => [
                 fixture_file_upload("files/tfl.pdf")
             ]