diff options
| -rw-r--r-- | app/assets/stylesheets/responsive/_attachments_layout.scss | 10 | ||||
| -rw-r--r-- | app/controllers/api_controller.rb | 142 | ||||
| -rw-r--r-- | app/models/info_request.rb | 10 | ||||
| -rw-r--r-- | app/views/request/_view_html_stylesheet.html.erb | 13 | ||||
| -rwxr-xr-x | config/alert-tracks-debian.ugly | 13 | ||||
| -rw-r--r-- | config/deploy.rb | 2 | ||||
| -rw-r--r-- | config/general.yml-example | 1 | ||||
| -rw-r--r-- | config/packages | 54 | ||||
| -rw-r--r-- | config/packages.debian-squeeze | 57 | ||||
| -rw-r--r-- | config/packages.debian-wheezy | 50 | ||||
| -rw-r--r-- | config/packages.ubuntu-precise | 48 | ||||
| -rwxr-xr-x[-rw-r--r--] | config/purge-varnish-debian.ugly | 12 | ||||
| -rw-r--r-- | config/routes.rb | 1 | ||||
| -rw-r--r-- | db/migrate/20140801132719_add_index_to_info_request_events.rb | 5 | ||||
| -rw-r--r-- | doc/CHANGES.md | 5 | ||||
| -rw-r--r-- | lib/tasks/config_files.rake | 23 | ||||
| -rw-r--r-- | spec/controllers/api_controller_spec.rb | 823 |
17 files changed, 751 insertions, 518 deletions
diff --git a/app/assets/stylesheets/responsive/_attachments_layout.scss b/app/assets/stylesheets/responsive/_attachments_layout.scss index 1eedc601b..070c288b8 100644 --- a/app/assets/stylesheets/responsive/_attachments_layout.scss +++ b/app/assets/stylesheets/responsive/_attachments_layout.scss @@ -61,6 +61,14 @@ } } - +#wrapper_google_embed iframe { + min-height: 400px; + @include respond-min($main_menu-mobile_menu_cutoff ){ + min-height: 800px; + @include lte-ie7{ + height:800px !important; + } + } +} diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index e6b0c121a..4473139d1 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,5 +1,9 @@ class ApiController < ApplicationController before_filter :check_api_key + before_filter :check_external_request, + :only => [:add_correspondence, :update_state] + before_filter :check_request_ownership, + :only => [:add_correspondence, :update_state] def show_request @request = InfoRequest.find(params[:id]) @@ -9,16 +13,11 @@ class ApiController < ApplicationController :id => @request.id, :url => make_url("request", @request.url_title), :title => @request.title, - :created_at => @request.created_at, :updated_at => @request.updated_at, - :status => @request.calculate_status, - :public_body_url => make_url("body", @request.public_body.url_name), - :request_email => @request.incoming_email, - :request_text => @request.last_event_forming_initial_request.outgoing_message.body, } if @request.user @@ -73,35 +72,19 @@ class ApiController < ApplicationController 'url' => make_url("request", request.url_title), 'id' => request.id } - end def add_correspondence - request = InfoRequest.find_by_id(params[:id]) - if request.nil? - render :json => { "errors" => ["Could not find request #{params[:id]}"] }, :status => 404 - return - end - json = ActiveSupport::JSON.decode(params[:correspondence_json]) attachments = params[:attachments] direction = json["direction"] body = json["body"] sent_at = json["sent_at"] + new_state = params["state"] errors = [] - if !request.is_external? - render :json => { "errors" => ["Request #{params[:id]} cannot be updated using the API"] }, :status => 500 - return - end - - if request.public_body_id != @public_body.id - render :json => { "errors" => ["You do not own request #{params[:id]}"] }, :status => 500 - return - end - if !["request", "response"].include?(direction) errors << "The direction parameter must be 'request' or 'response'" end @@ -116,6 +99,10 @@ class ApiController < ApplicationController errors << "You cannot attach files to messages in the 'request' direction" end + if new_state && !InfoRequest.allowed_incoming_states.include?(new_state) + errors << "'#{new_state}' is not a valid request state" + end + if !errors.empty? render :json => { "errors" => errors }, :status => 500 return @@ -125,16 +112,16 @@ class ApiController < ApplicationController # In the 'request' direction, i.e. what we (Alaveteli) regard as outgoing outgoing_message = OutgoingMessage.new( - :info_request => request, + :info_request => @request, :status => 'ready', :message_type => 'followup', :body => body, :last_sent_at => sent_at, :what_doing => 'normal_sort' ) - request.outgoing_messages << outgoing_message - request.save! - request.log_event("followup_sent", + @request.outgoing_messages << outgoing_message + @request.save! + @request.log_event("followup_sent", :api => true, :email => nil, :outgoing_message_id => outgoing_message.id, @@ -154,12 +141,48 @@ class ApiController < ApplicationController ) end - mail = RequestMailer.external_response(request, body, sent_at, attachment_hashes) + mail = RequestMailer.external_response(@request, body, sent_at, attachment_hashes) + + @request.receive(mail, mail.encoded, true) - request.receive(mail, mail.encoded, true) + if new_state + # we've already checked above that the status is valid + # so no need to check a second time + event = @request.log_event("status_update", + { :script => "#{@public_body.name} via API", + :old_described_state => @request.described_state, + :described_state => new_state, + }) + @request.set_described_state(new_state) + end end render :json => { - 'url' => make_url("request", request.url_title), + 'url' => make_url("request", @request.url_title), + } + end + + def update_state + new_state = params["state"] + + if InfoRequest.allowed_incoming_states.include?(new_state) + ActiveRecord::Base.transaction do + event = @request.log_event("status_update", + { :script => "#{@public_body.name} on behalf of requester via API", + :old_described_state => @request.described_state, + :described_state => new_state, + }) + @request.set_described_state(new_state) + end + else + render :json => { + "errors" => ["'#{new_state}' is not a valid request state" ] + }, + :status => 500 + return + end + + render :json => { + 'url' => make_url("request", @request.url_title), } end @@ -168,40 +191,27 @@ class ApiController < ApplicationController raise PermissionDenied.new("#{@public_body.id} != #{params[:id]}") if @public_body.id != params[:id].to_i since_date_str = params[:since_date] + event_type_clause = "event_type in ('sent', 'followup_sent', 'resent', 'followup_resent')" if since_date_str.nil? - @events = InfoRequestEvent.find_by_sql([ - %(select info_request_events.* - from info_requests - join info_request_events on info_requests.id = info_request_events.info_request_id - where info_requests.public_body_id = ? - and info_request_events.event_type in ( - 'sent', 'followup_sent', 'resent', 'followup_resent' - ) - order by info_request_events.created_at desc - ), @public_body.id - ]) - else + where_params = event_type_clause + else begin - since_date = Date.strptime(since_date_str, "%Y-%m-%d") + since_date = Date.strptime(since_date_str, "%Y-%m-%d") rescue ArgumentError - render :json => {"errors" => [ - "Parameter since_date must be in format yyyy-mm-dd (not '#{since_date_str}')" ] }, - :status => 500 - return + render :json => {"errors" => [ + "Parameter since_date must be in format yyyy-mm-dd (not '#{since_date_str}')" ] }, + :status => 500 + return end - @events = InfoRequestEvent.find_by_sql([ - %(select info_request_events.* - from info_requests - join info_request_events on info_requests.id = info_request_events.info_request_id - where info_requests.public_body_id = ? - and info_request_events.event_type in ( - 'sent', 'followup_sent', 'resent', 'followup_resent' - ) - and info_request_events.created_at >= ? - order by info_request_events.created_at desc - ), @public_body.id, since_date - ]) + event_type_clause << " AND info_request_events.created_at >= ?" + where_params = [event_type_clause, since_date] end + @events = InfoRequestEvent.where(where_params) \ + .joins(:info_request) \ + .where("public_body_id = ?", @public_body.id) \ + .includes([{:info_request => :user}, :outgoing_message]) \ + .order('info_request_events.created_at DESC') + if feed_type == "atom" render :template => "api/request_events", :formats => ['atom'], :layout => false elsif feed_type == "json" @@ -224,7 +234,6 @@ class ApiController < ApplicationController :request_email => request.incoming_email, :title => request.title, :body => event.outgoing_message.body, - :user_name => request.user_name, } if request.user @@ -246,6 +255,21 @@ class ApiController < ApplicationController raise PermissionDenied if @public_body.nil? end + def check_external_request + @request = InfoRequest.find_by_id(params[:id]) + if @request.nil? + render :json => { "errors" => ["Could not find request #{params[:id]}"] }, :status => 404 + elsif !@request.is_external? + render :json => { "errors" => ["Request #{params[:id]} cannot be updated using the API"] }, :status => 403 + end + end + + def check_request_ownership + if @request.public_body_id != @public_body.id + render :json => { "errors" => ["You do not own request #{params[:id]}"] }, :status => 403 + end + end + private def make_url(*args) "http://" + AlaveteliConfiguration::domain + "/" + args.join("/") diff --git a/app/models/info_request.rb b/app/models/info_request.rb index a2112a210..aed651ad3 100644 --- a/app/models/info_request.rb +++ b/app/models/info_request.rb @@ -115,6 +115,16 @@ class InfoRequest < ActiveRecord::Base states end + # Subset of states accepted via the API + def self.allowed_incoming_states + [ + 'waiting_response', + 'rejected', + 'successful', + 'partially_successful' + ] + end + # Possible reasons that a request could be reported for administrator attention def report_reasons [_("Contains defamatory material"), diff --git a/app/views/request/_view_html_stylesheet.html.erb b/app/views/request/_view_html_stylesheet.html.erb index 6746cf71b..f3d8799da 100644 --- a/app/views/request/_view_html_stylesheet.html.erb +++ b/app/views/request/_view_html_stylesheet.html.erb @@ -1,5 +1,16 @@ <% if AlaveteliConfiguration::responsive_styling || params[:responsive] %> - <%= render :partial => 'general/responsive_stylesheets' %> + <!--[if LTE IE 7]> + <link href="/assets/responsive/application-lte-ie7.css" media="all" rel="stylesheet" title="Main" type="text/css" /> + <![endif]--> + + <!--[if IE 8]> + <link href="/assets/responsive/application-ie8.css" media="all" rel="stylesheet" title="Main" type="text/css" /> + <![endif]--> + + <!--[if GT IE 8]><!--> + <link href="/assets/responsive/application.css" media="all" rel="stylesheet" title="Main" type="text/css" /> + <!--<![endif]--> + <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <% else %> <link type="text/css" title="Main" rel="stylesheet" media="screen" href="/assets/application.css"> diff --git a/config/alert-tracks-debian.ugly b/config/alert-tracks-debian.ugly index c7d82d8c8..f1ca68b03 100755 --- a/config/alert-tracks-debian.ugly +++ b/config/alert-tracks-debian.ugly @@ -13,10 +13,12 @@ # !!(*= $daemon_name *)!! Start the Alaveteli email alert daemon NAME=!!(*= $daemon_name *)!! -DAEMON=!!(*= $vhost_dir *)!!/alaveteli/script/runner +DAEMON=!!(*= $vhost_dir *)!!/!!(*= $vcspath *)!!/script/runner DAEMON_ARGS="--daemon TrackMailer.alert_tracks_loop" -PIDFILE=!!(*= $vhost_dir *)!!/alert-tracks.pid -LOGFILE=!!(*= $vhost_dir *)!!/alaveteli/log/alert-tracks.log +PIDDIR=!!(*= $vhost_dir *)!!/!!(*= $vcspath *)!!/tmp/pids +PIDFILE=$PIDDIR/!!(*= $daemon_name *)!!.pid +LOGDIR=!!(*= $vhost_dir *)!!/!!(*= $vcspath *)!!/log +LOGFILE=$LOGDIR/!!(*= $daemon_name *)!!.log DUSER=!!(*= $user *)!! # Set RAILS_ENV - not needed if using config/rails_env.rb # RAILS_ENV=your_rails_env @@ -27,10 +29,14 @@ trap "" 1 export PIDFILE LOGFILE quietly_start_daemon() { + mkdir -p {$LOGDIR,$PIDDIR} + chown $DUSER:$DUSER {$LOGDIR,$PIDDIR} /sbin/start-stop-daemon --quiet --start --pidfile "$PIDFILE" --chuid "$DUSER" --startas "$DAEMON" -- $DAEMON_ARGS } start_daemon() { + mkdir -p {$LOGDIR,$PIDDIR} + chown $DUSER:$DUSER {$LOGDIR,$PIDDIR} /sbin/start-stop-daemon --start --pidfile "$PIDFILE" --chuid "$DUSER" --startas "$DAEMON" -- $DAEMON_ARGS } @@ -81,4 +87,3 @@ else echo " failed" exit 1 fi - diff --git a/config/deploy.rb b/config/deploy.rb index 9cc847dba..afc586ecf 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -57,6 +57,7 @@ namespace :deploy do "#{release_path}/files" => "#{shared_path}/files", "#{release_path}/cache" => "#{shared_path}/cache", "#{release_path}/log" => "#{shared_path}/log", + "#{release_path}/tmp/pids" => "#{shared_path}/tmp/pids", "#{release_path}/lib/acts_as_xapian/xapiandbs" => "#{shared_path}/xapiandbs", } @@ -68,6 +69,7 @@ namespace :deploy do run "mkdir -p #{shared_path}/files" run "mkdir -p #{shared_path}/cache" run "mkdir -p #{shared_path}/log" + run "mkdir -p #{shared_path}/tmp/pids" run "mkdir -p #{shared_path}/xapiandbs" end end diff --git a/config/general.yml-example b/config/general.yml-example index a6f68c52e..0f32f6192 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -246,6 +246,7 @@ SHARED_DIRECTORIES: - cache/ - lib/acts_as_xapian/xapiandbs/ - log/ + - tmp/pids - vendor/bundle - public/assets diff --git a/config/packages b/config/packages index fda09cbc1..200a8c34f 100644 --- a/config/packages +++ b/config/packages @@ -1,42 +1,42 @@ # please note that this package list currently forms part of the # mysociety deployment infrastructure -- please discuss on the # alavateli mailing list if you want to change it -ruby1.8 -ruby -rdoc | rdoc1.8 -irb | irb1.8 -wv -poppler-utils -pdftk (>> 1.41+dfsg-1) | pdftk (<< 1.41+dfsg-1) # that version has a non-functionining uncompress option -ghostscript +build-essential +bundler catdoc -links elinks -unrtf -xlhtml -xapian-tools -gnuplot-nox -php5-cli -sharutils -unzip -mutt -tnef (>= 1.4.5) gettext -python-yaml -wkhtmltopdf-static +ghostscript +gnuplot-nox +irb | irb1.8 +libicu-dev libmagic-dev libmagickwand-dev libpq-dev +libsqlite3-dev libxml2-dev libxslt-dev -uuid-dev +links +memcached +mutt +pdftk (>> 1.41+dfsg-1) | pdftk (<< 1.41+dfsg-1) # that version has a non-functionining uncompress option +php5-cli +poppler-utils +python-yaml +rake (>= 0.9.2.2) +rdoc | rdoc1.8 +ruby +ruby1.8 ruby1.8-dev rubygems (>= 1.8.15) -rake (>= 0.9.2.2) -build-essential -bundler +sharutils sqlite3 -libsqlite3-dev -libicu-dev -memcached +tnef (>= 1.4.5) ttf-bitstream-vera +unrtf +unzip +uuid-dev +wkhtmltopdf-static +wv +xapian-tools +xlhtml diff --git a/config/packages.debian-squeeze b/config/packages.debian-squeeze index d82d66324..52bdbc376 100644 --- a/config/packages.debian-squeeze +++ b/config/packages.debian-squeeze @@ -1,40 +1,41 @@ -ruby1.8 -ruby -libruby1.8 -rdoc1.8 -irb1.8 -wv -poppler-utils -pdftk -ghostscript +build-essential +bundler catdoc -links elinks -unrtf -xlhtml -xapian-tools -gnuplot-nox -php5-cli -sharutils -unzip -mutt -tnef gettext -python-yaml -wkhtmltopdf-static +ghostscript +gnuplot-nox +irb1.8 +libicu-dev libmagic-dev libmagickwand-dev libpq-dev +libruby1.8 +libsqlite3-dev libxml2-dev libxslt-dev -uuid-dev +links +mutt +pdftk +php5-cli +poppler-utils +postgresql +postgresql-client +python-yaml +rake +rdoc1.8 +ruby +ruby1.8 ruby1.8-dev rubygems/squeeze-backports -rake -build-essential +sharutils sqlite3 -libsqlite3-dev -libicu-dev -postgresql -postgresql-client +tnef ttf-bitstream-vera +unrtf +unzip +uuid-dev +wkhtmltopdf-static +wv +xapian-tools +xlhtml diff --git a/config/packages.debian-wheezy b/config/packages.debian-wheezy index 509cde56e..381e25daa 100644 --- a/config/packages.debian-wheezy +++ b/config/packages.debian-wheezy @@ -1,36 +1,36 @@ -ruby1.9.3 -wv -poppler-utils -pdftk -ghostscript +build-essential +bundler catdoc -links elinks -unrtf -xlhtml -xapian-tools -gnuplot-nox -php5-cli -sharutils -unzip -mutt -tnef gettext -python-yaml -wkhtmltopdf-static +ghostscript +gnuplot-nox +libicu-dev libmagic-dev libmagickwand-dev libpq-dev +libsqlite3-dev libxml2-dev libxslt-dev -uuid-dev +links +mutt +pdftk +php5-cli +poppler-utils +postgresql +postgresql-client +python-yaml +rake ruby-dev +ruby1.9.3 rubygems -rake -build-essential -bundler +sharutils sqlite3 -libsqlite3-dev -libicu-dev -postgresql -postgresql-client +tnef +unrtf +unzip +uuid-dev +wkhtmltopdf-static +wv +xapian-tools +xlhtml diff --git a/config/packages.ubuntu-precise b/config/packages.ubuntu-precise index 68911359a..87b9591bf 100644 --- a/config/packages.ubuntu-precise +++ b/config/packages.ubuntu-precise @@ -1,36 +1,36 @@ -ruby1.9.1 -wv -poppler-utils -pdftk -ghostscript +build-essential catdoc -links elinks -unrtf -xlhtml -xapian-tools -gnuplot-nox -sharutils -unzip -mutt -tnef gettext -python-yaml -wkhtmltopdf-static +ghostscript +gnuplot-nox +libicu-dev libmagic-dev libmagickwand-dev libpq-dev +libsqlite3-dev libxml2-dev libxslt1-dev -uuid-dev -ruby1.9.1-dev -rubygems +links +mutt +pdftk +poppler-utils +postgresql +postgresql-client +python-yaml rake -build-essential ruby-bundler +ruby1.9.1 +ruby1.9.1-dev +rubygems +sharutils sqlite3 -libsqlite3-dev -libicu-dev -postgresql -postgresql-client +tnef ttf-bitstream-vera +unrtf +unzip +uuid-dev +wkhtmltopdf-static +wv +xapian-tools +xlhtml diff --git a/config/purge-varnish-debian.ugly b/config/purge-varnish-debian.ugly index ebd4d9e5c..dc3f74ff6 100644..100755 --- a/config/purge-varnish-debian.ugly +++ b/config/purge-varnish-debian.ugly @@ -13,10 +13,12 @@ # !!(*= $daemon_name *)!! Start the Alaveteli email purge-varnish daemon NAME=!!(*= $daemon_name *)!! -DAEMON=!!(*= $vhost_dir *)!!/alaveteli/script/runner +DAEMON=!!(*= $vhost_dir *)!!/!!(*= $vcspath *)!!/script/runner DAEMON_ARGS="--daemon PurgeRequest.purge_all_loop" -PIDFILE=!!(*= $vhost_dir *)!!/purge-varnish.pid -LOGFILE=!!(*= $vhost_dir *)!!/alaveteli/log/purge-varnish.log +PIDDIR=!!(*= $vhost_dir *)!!/!!(*= $vcspath *)!!/tmp/pids +PIDFILE=$PIDDIR/!!(*= $daemon_name *)!!.pid +LOGDIR=!!(*= $vhost_dir *)!!/!!(*= $vcspath *)!!/log +LOGFILE=$LOGDIR/!!(*= $daemon_name *)!!.log DUSER=!!(*= $user *)!! # Set RAILS_ENV - not needed if using config/rails_env.rb # RAILS_ENV=your_rails_env @@ -29,10 +31,14 @@ trap "" 1 export PIDFILE LOGFILE quietly_start_daemon() { + mkdir -p {$LOGDIR,$PIDDIR} + chown $DUSER:$DUSER {$LOGDIR,$PIDDIR} /sbin/start-stop-daemon --quiet --start --pidfile "$PIDFILE" --chuid "$DUSER" --startas "$DAEMON" -- $DAEMON_ARGS } start_daemon() { + mkdir -p {$LOGDIR,$PIDDIR} + chown $DUSER:$DUSER {$LOGDIR,$PIDDIR} /sbin/start-stop-daemon --start --pidfile "$PIDFILE" --chuid "$DUSER" --startas "$DAEMON" -- $DAEMON_ARGS } diff --git a/config/routes.rb b/config/routes.rb index 7cc85c974..9f426fabf 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -261,6 +261,7 @@ Alaveteli::Application.routes.draw do match '/api/v2/request/:id.json' => 'api#show_request', :as => :api_show_request, :via => :get match '/api/v2/request/:id.json' => 'api#add_correspondence', :as => :api_add_correspondence, :via => :post + match '/api/v2/request/:id/update.json' => 'api#update_state', :as => :api_update_state, :via => :post match '/api/v2/body/:id/request_events.:feed_type' => 'api#body_request_events', :as => :api_body_request_events, :feed_type => '^(json|atom)$' #### diff --git a/db/migrate/20140801132719_add_index_to_info_request_events.rb b/db/migrate/20140801132719_add_index_to_info_request_events.rb new file mode 100644 index 000000000..5f0a77eac --- /dev/null +++ b/db/migrate/20140801132719_add_index_to_info_request_events.rb @@ -0,0 +1,5 @@ +class AddIndexToInfoRequestEvents < ActiveRecord::Migration + def change + add_index :info_request_events, :event_type + end +end diff --git a/doc/CHANGES.md b/doc/CHANGES.md index 0032706ef..61f55211c 100644 --- a/doc/CHANGES.md +++ b/doc/CHANGES.md @@ -4,6 +4,11 @@ ## Upgrade Notes +* The `SHARED_DIRECTORIES` setting now includes `tmp/pids`. The notes below for + updating the log directory should cover the update steps for `tmp/pids`. +* Capistrano now creates `SHARED_PATH/tmp/pids` and links `APP_ROOT/tmp/pids` + here, as the alert tracks daemon writes its pids to the generally expected + location of `APP_ROOT/tmp/pids`. * rails-post-deploy no longer handles linking `APP_ROOT/log` to a log directory outside the app. Capistrano users will find that `:symlink_configuration` now links `APP_ROOT/log` to `SHARED_PATH/log`. Users who aleady use the diff --git a/lib/tasks/config_files.rake b/lib/tasks/config_files.rake index 60814cb27..438b63fc0 100644 --- a/lib/tasks/config_files.rake +++ b/lib/tasks/config_files.rake @@ -23,26 +23,33 @@ namespace :config_files do desc 'Convert Debian .ugly init script in config to a form suitable for installing in /etc/init.d' task :convert_init_script => :environment do - example = 'rake config_files:convert_init_script DEPLOY_USER=deploy VHOST_DIR=/dir/above/alaveteli SCRIPT_FILE=config/alert-tracks-debian.ugly ' - check_for_env_vars(['DEPLOY_USER', 'VHOST_DIR', 'SCRIPT_FILE'], example) + example = 'rake config_files:convert_init_script DEPLOY_USER=deploy VHOST_DIR=/dir/above/alaveteli VCSPATH=alaveteli SITE=alaveteli SCRIPT_FILE=config/alert-tracks-debian.ugly' + check_for_env_vars(['DEPLOY_USER', + 'VHOST_DIR', + 'SCRIPT_FILE'], example) - deploy_user = ENV['DEPLOY_USER'] - vhost_dir = ENV['VHOST_DIR'] script_file = ENV['SCRIPT_FILE'] + site = ENV.fetch('SITE', 'foi') - replacements = { :user => deploy_user, - :vhost_dir => vhost_dir } + replacements = { + :user => ENV['DEPLOY_USER'], + :vhost_dir => ENV['VHOST_DIR'], + :vcspath => ENV.fetch('VCSPATH', 'alaveteli'), + :site => site + } daemon_name = File.basename(script_file, '-debian.ugly') - replacements.update(:daemon_name => "foi-#{daemon_name}") + replacements.update(:daemon_name => "#{ site }-#{ daemon_name }") converted = convert_ugly(script_file, replacements) rails_env_file = File.expand_path(File.join(Rails.root, 'config', 'rails_env.rb')) - if !File.exists?(rails_env_file) + + unless File.exists?(rails_env_file) converted.each do |line| line.gsub!(/^#\s*RAILS_ENV=your_rails_env/, "RAILS_ENV=#{Rails.env}") line.gsub!(/^#\s*export RAILS_ENV/, "export RAILS_ENV") end end + converted.each do |line| puts line end diff --git a/spec/controllers/api_controller_spec.rb b/spec/controllers/api_controller_spec.rb index 6b02bd5b4..7b1d73e8a 100644 --- a/spec/controllers/api_controller_spec.rb +++ b/spec/controllers/api_controller_spec.rb @@ -4,382 +4,529 @@ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') describe ApiController, "when using the API" do describe 'checking API keys' do - before do - @number_of_requests = InfoRequest.count - @request_data = { - "title" => "Tell me about your chickens", - "body" => "Dear Sir,\n\nI should like to know about your chickens.\n\nYours in faith,\nBob\n", - - "external_url" => "http://www.example.gov.uk/foi/chickens_23", - "external_user_name" => "Bob Smith", - } - end - - it 'should check that an API key is given as a param' do - expect { - post :create_request, :request_json => @request_data.to_json - }.to raise_error ApplicationController::PermissionDenied - InfoRequest.count.should == @number_of_requests - end - - it "should check the API key" do - expect { - post :create_request, - :k => "This is not really an API key", - :request_json => @request_data.to_json - }.to raise_error ApplicationController::PermissionDenied - InfoRequest.count.should == @number_of_requests - end + before do + @number_of_requests = InfoRequest.count + @request_data = { + 'title' => 'Tell me about your chickens', + 'body' => "Dear Sir,\n\nI should like to know about your chickens.\n\nYours in faith,\nBob\n", + 'external_url' => 'http://www.example.gov.uk/foi/chickens_23', + 'external_user_name' => 'Bob Smith' + } + end + + it 'should check that an API key is given as a param' do + expect { + post :create_request, :request_json => @request_data.to_json + }.to raise_error ApplicationController::PermissionDenied + InfoRequest.count.should == @number_of_requests + end + + it 'should check the API key' do + expect { + post :create_request, + :k => 'This is not really an API key', + :request_json => @request_data.to_json + }.to raise_error ApplicationController::PermissionDenied + InfoRequest.count.should == @number_of_requests + end + end + + def _create_request + post :create_request, + :k => public_bodies(:geraldine_public_body).api_key, + :request_json => { + 'title' => 'Tell me about your chickens', + 'body' => "Dear Sir,\n\nI should like to know about your chickens.\n\nYours in faith,\nBob\n", + 'external_url' => 'http://www.example.gov.uk/foi/chickens_23', + 'external_user_name' => 'Bob Smith' + }.to_json + response.content_type.should == 'application/json' + ActiveSupport::JSON.decode(response.body)['id'] end - it "should create a new request from a POST" do - number_of_requests = InfoRequest.count( + # POST /api/v2/request.json + describe 'creating a request' do + it 'should create a new request from a POST' do + number_of_requests = InfoRequest.count( :conditions => [ - "public_body_id = ?", - public_bodies(:geraldine_public_body).id + "public_body_id = ?", + public_bodies(:geraldine_public_body).id ] - ) - - request_data = { - "title" => "Tell me about your chickens", - "body" => "Dear Sir,\n\nI should like to know about your chickens.\n\nYours in faith,\nBob\n", + ) + + request_data = { + 'title' => 'Tell me about your chickens', + 'body' => "Dear Sir,\n\nI should like to know about your chickens.\n\nYours in faith,\nBob\n", + 'external_url' => 'http://www.example.gov.uk/foi/chickens_23', + 'external_user_name' => 'Bob Smith', + } + + post :create_request, + :k => public_bodies(:geraldine_public_body).api_key, + :request_json => request_data.to_json + response.should be_success + + response.content_type.should == 'application/json' + response_body = ActiveSupport::JSON.decode(response.body) + response_body['errors'].should be_nil + response_body['url'].should =~ /^http/ + + InfoRequest.count(:conditions => [ + 'public_body_id = ?', + public_bodies(:geraldine_public_body).id] + ).should == number_of_requests + 1 + + new_request = InfoRequest.find(response_body['id']) + new_request.user_id.should be_nil + new_request.external_user_name.should == request_data['external_user_name'] + new_request.external_url.should == request_data['external_url'] + + new_request.title.should == request_data['title'] + new_request.last_event_forming_initial_request.outgoing_message.body.should == request_data['body'].strip + + new_request.public_body_id.should == public_bodies(:geraldine_public_body).id + new_request.info_request_events.size.should == 1 + new_request.info_request_events[0].event_type.should == 'sent' + new_request.info_request_events[0].calculated_state.should == 'waiting_response' + end + end - "external_url" => "http://www.example.gov.uk/foi/chickens_23", - "external_user_name" => "Bob Smith", - } + # POST /api/v2/request/:id/add_correspondence.json + describe 'adding correspondence to a request' do + it 'should add a response to a request' do + # First we need an external request + request_id = info_requests(:external_request).id + + # Initially it has no incoming messages + IncomingMessage.count(:conditions => ["info_request_id = ?", request_id]).should == 0 + + # Now add one + sent_at = '2012-05-28T12:35:39+01:00' + response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :correspondence_json => { + 'direction' => 'response', + 'sent_at' => sent_at, + 'body' => response_body + }.to_json + + # And make sure it worked + response.should be_success + incoming_messages = IncomingMessage.all(:conditions => ['info_request_id = ?', request_id]) + incoming_messages.count.should == 1 + incoming_message = incoming_messages[0] + + incoming_message.sent_at.should == Time.iso8601(sent_at) + incoming_message.get_main_body_text_folded.should be_equal_modulo_whitespace_to(response_body) + end - post :create_request, :k => public_bodies(:geraldine_public_body).api_key, :request_json => request_data.to_json - response.should be_success + it 'should add a followup to a request' do + # First we need an external request + request_id = info_requests(:external_request).id + + # Initially it has one outgoing message + OutgoingMessage.count(:conditions => ['info_request_id = ?', request_id]).should == 1 + + # Add another, as a followup + sent_at = '2012-05-29T12:35:39+01:00' + followup_body = "Pls answer ASAP.\nkthxbye\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :correspondence_json => { + 'direction' => 'request', + 'sent_at' => sent_at, + 'body' => followup_body + }.to_json + + # Make sure it worked + response.should be_success + followup_messages = OutgoingMessage.all( + :conditions => ["info_request_id = ? and message_type = 'followup'", request_id] + ) + followup_messages.size.should == 1 + followup_message = followup_messages[0] + + followup_message.last_sent_at.should == Time.iso8601(sent_at) + followup_message.body.should == followup_body.strip + end - response.content_type.should == "application/json" + it 'should update the status if a valid state is supplied' do + # First we need an external request + request_id = info_requests(:external_request).id + + # Initially it has no incoming messages + IncomingMessage.count(:conditions => ['info_request_id = ?', request_id]).should == 0 + + # Now add one + sent_at = '2012-05-28T12:35:39+01:00' + response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :state => 'successful', + :correspondence_json => { + 'direction' => 'response', + 'sent_at' => sent_at, + 'body' => response_body, + }.to_json + + # And make sure it worked + response.should be_success + incoming_messages = IncomingMessage.all(:conditions => ['info_request_id = ?', request_id]) + incoming_messages.count.should == 1 + request = InfoRequest.find_by_id(request_id) + request.described_state.should == 'successful' + end - response_body = ActiveSupport::JSON.decode(response.body) - response_body["errors"].should be_nil - response_body["url"].should =~ /^http/ + it 'should raise a JSON 500 error if an invalid state is supplied' do + # First we need an external request + request_id = info_requests(:external_request).id + + # Initially it has no incoming messages + IncomingMessage.count(:conditions => ['info_request_id = ?', request_id]).should == 0 + + # Now add one + sent_at = '2012-05-28T12:35:39+01:00' + response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :state => 'random_string', + :correspondence_json => { + 'direction' => 'response', + 'sent_at' => sent_at, + 'body' => response_body, + }.to_json + + # And make sure it worked + response.status.should == 500 + ActiveSupport::JSON.decode(response.body)['errors'].should == [ + "'random_string' is not a valid request state"] + + incoming_messages = IncomingMessage.all(:conditions => ['info_request_id = ?', request_id]) + incoming_messages.count.should == 0 + request = InfoRequest.find_by_id(request_id) + request.described_state.should == 'waiting_response' + end - InfoRequest.count(:conditions => [ - "public_body_id = ?", - public_bodies(:geraldine_public_body).id] - ).should == number_of_requests + 1 + it 'should not allow internal requests to be updated' do + n_incoming_messages = IncomingMessage.count + n_outgoing_messages = OutgoingMessage.count + + request_id = info_requests(:naughty_chicken_request).id + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :correspondence_json => { + 'direction' => 'request', + 'sent_at' => Time.now.iso8601, + 'body' => 'xxx' + }.to_json + + response.status.should == 403 + ActiveSupport::JSON.decode(response.body)['errors'].should == [ + "Request #{request_id} cannot be updated using the API"] + + IncomingMessage.count.should == n_incoming_messages + OutgoingMessage.count.should == n_outgoing_messages + end - new_request = InfoRequest.find(response_body["id"]) - new_request.user_id.should be_nil - new_request.external_user_name.should == request_data["external_user_name"] - new_request.external_url.should == request_data["external_url"] + it 'should not allow other people\'s requests to be updated' do + request_id = _create_request + n_incoming_messages = IncomingMessage.count + n_outgoing_messages = OutgoingMessage.count + + post :add_correspondence, + :k => public_bodies(:humpadink_public_body).api_key, + :id => request_id, + :correspondence_json => { + 'direction' => 'request', + 'sent_at' => Time.now.iso8601, + 'body' => 'xxx' + }.to_json + + response.status.should == 403 + ActiveSupport::JSON.decode(response.body)['errors'].should == [ + "You do not own request #{request_id}"] + + IncomingMessage.count.should == n_incoming_messages + OutgoingMessage.count.should == n_outgoing_messages + end - new_request.title.should == request_data["title"] - new_request.last_event_forming_initial_request.outgoing_message.body.should == request_data["body"].strip + it 'should return a JSON 404 error for non-existent requests' do + request_id = '123459876' + InfoRequest.stub(:find_by_id).with(request_id).and_return(nil) + sent_at = '2012-05-28T12:35:39+01:00' + response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :correspondence_json => { + 'direction' => 'response', + 'sent_at' => sent_at, + 'body' => response_body + }.to_json + response.status.should == 404 + ActiveSupport::JSON.decode(response.body)['errors'].should == ['Could not find request 123459876'] + end - new_request.public_body_id.should == public_bodies(:geraldine_public_body).id - new_request.info_request_events.size.should == 1 - new_request.info_request_events[0].event_type.should == 'sent' - new_request.info_request_events[0].calculated_state.should == 'waiting_response' - end + it 'should return a JSON 403 error if we try to add correspondence to a request we don\'t own' do + request_id = info_requests(:naughty_chicken_request).id + sent_at = '2012-05-28T12:35:39+01:00' + response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :correspondence_json => { + 'direction' => 'response', + 'sent_at' => sent_at, + 'body' => response_body + }.to_json + response.status.should == 403 + ActiveSupport::JSON.decode(response.body)['errors'].should == ["Request #{request_id} cannot be updated using the API"] + end - def _create_request - post :create_request, - :k => public_bodies(:geraldine_public_body).api_key, - :request_json => { - "title" => "Tell me about your chickens", - "body" => "Dear Sir,\n\nI should like to know about your chickens.\n\nYours in faith,\nBob\n", - - "external_url" => "http://www.example.gov.uk/foi/chickens_23", - "external_user_name" => "Bob Smith", - }.to_json - response.content_type.should == "application/json" - return ActiveSupport::JSON.decode(response.body)["id"] - end + it 'should not allow files to be attached to a followup' do + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => info_requests(:external_request).id, + :correspondence_json => { + 'direction' => 'request', + 'sent_at' => Time.now.iso8601, + 'body' => 'Are you joking, or are you serious?' + }.to_json, + :attachments => [ + fixture_file_upload('/files/tfl.pdf') + ] + + # Make sure it worked + response.status.should == 500 + errors = ActiveSupport::JSON.decode(response.body)['errors'] + errors.should == ["You cannot attach files to messages in the 'request' direction"] + end - it "should add a response to a request" do - # First we need an external request - request_id = info_requests(:external_request).id - - # Initially it has no incoming messages - IncomingMessage.count(:conditions => ["info_request_id = ?", request_id]).should == 0 - - # Now add one - sent_at = "2012-05-28T12:35:39+01:00" - response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" - post :add_correspondence, - :k => public_bodies(:geraldine_public_body).api_key, - :id => request_id, - :correspondence_json => { - "direction" => "response", - "sent_at" => sent_at, - "body" => response_body - }.to_json - - # And make sure it worked - response.should be_success - incoming_messages = IncomingMessage.all(:conditions => ["info_request_id = ?", request_id]) - incoming_messages.count.should == 1 - incoming_message = incoming_messages[0] - - incoming_message.sent_at.should == Time.iso8601(sent_at) - incoming_message.get_main_body_text_folded.should be_equal_modulo_whitespace_to(response_body) + it 'should allow files to be attached to a response' do + # First we need an external request + request_id = info_requests(:external_request).id + + # Initially it has no incoming messages + IncomingMessage.count(:conditions => ['info_request_id = ?', request_id]).should == 0 + + # Now add one + sent_at = '2012-05-28T12:35:39+01:00' + response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :correspondence_json => { + 'direction' => 'response', + 'sent_at' => sent_at, + 'body' => response_body + }.to_json, + :attachments => [ + fixture_file_upload('/files/tfl.pdf') + ] + + # And make sure it worked + response.should be_success + incoming_messages = IncomingMessage.all(:conditions => ['info_request_id = ?', request_id]) + incoming_messages.count.should == 1 + incoming_message = incoming_messages[0] + + incoming_message.sent_at.should == Time.iso8601(sent_at) + incoming_message.get_main_body_text_folded.should be_equal_modulo_whitespace_to(response_body) + + # Get the attachment + attachments = incoming_message.get_attachments_for_display + attachments.size.should == 1 + attachment = attachments[0] + attachment.filename.should == 'tfl.pdf' + attachment.body.should == load_file_fixture('tfl.pdf') + end end - it "should add a followup to a request" do - # First we need an external request - request_id = info_requests(:external_request).id - - # Initially it has one outgoing message - OutgoingMessage.count(:conditions => ["info_request_id = ?", request_id]).should == 1 - - # Add another, as a followup - sent_at = "2012-05-29T12:35:39+01:00" - followup_body = "Pls answer ASAP.\nkthxbye\n" - post :add_correspondence, - :k => public_bodies(:geraldine_public_body).api_key, - :id => request_id, - :correspondence_json => { - "direction" => "request", - "sent_at" => sent_at, - "body" => followup_body - }.to_json - - # Make sure it worked - response.should be_success - followup_messages = OutgoingMessage.all( - :conditions => ["info_request_id = ? and message_type = 'followup'", request_id] - ) - followup_messages.size.should == 1 - followup_message = followup_messages[0] - - followup_message.last_sent_at.should == Time.iso8601(sent_at) - followup_message.body.should == followup_body.strip - end + # POST /api/v2/request/:id/update.json + describe 'updating a request\'s status' do + it 'should update the status' do + # First we need an external request + request_id = info_requests(:external_request).id + request = InfoRequest.find_by_id(request_id) + + # Its status should be the default for a new request + request.described_state.should == 'waiting_response' + + # Now accept an update + post :update_state, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :state => 'partially_successful' + + # It should have updated the status + request = InfoRequest.find_by_id(request_id) + request.described_state.should == 'partially_successful' + + # It should have recorded the status_update event + last_event = request.info_request_events.last + last_event.event_type.should == 'status_update' + last_event.described_state.should == 'partially_successful' + last_event.params_yaml.should =~ /script: Geraldine Quango on behalf of requester via API/ + end - it "should not allow internal requests to be updated" do - n_incoming_messages = IncomingMessage.count - n_outgoing_messages = OutgoingMessage.count - - request_id = info_requests(:naughty_chicken_request).id - post :add_correspondence, - :k => public_bodies(:geraldine_public_body).api_key, - :id => request_id, - :correspondence_json => { - "direction" => "request", - "sent_at" => Time.now.iso8601, - "body" => "xxx" - }.to_json - - response.status.should == 500 - ActiveSupport::JSON.decode(response.body)["errors"].should == [ - "Request #{request_id} cannot be updated using the API"] - - IncomingMessage.count.should == n_incoming_messages - OutgoingMessage.count.should == n_outgoing_messages - end + it 'should return a JSON 500 error if an invalid state is sent' do + # First we need an external request + request_id = info_requests(:external_request).id + request = InfoRequest.find_by_id(request_id) - it "should not allow other people's requests to be updated" do - request_id = _create_request - n_incoming_messages = IncomingMessage.count - n_outgoing_messages = OutgoingMessage.count - - post :add_correspondence, - :k => public_bodies(:humpadink_public_body).api_key, - :id => request_id, - :correspondence_json => { - "direction" => "request", - "sent_at" => Time.now.iso8601, - "body" => "xxx" - }.to_json - - response.status.should == 500 - ActiveSupport::JSON.decode(response.body)["errors"].should == [ - "You do not own request #{request_id}"] - - IncomingMessage.count.should == n_incoming_messages - OutgoingMessage.count.should == n_outgoing_messages - end + # Its status should be the default for a new request + request.described_state.should == 'waiting_response' - it "should not allow files to be attached to a followup" do - post :add_correspondence, - :k => public_bodies(:geraldine_public_body).api_key, - :id => info_requests(:external_request).id, - :correspondence_json => { - "direction" => "request", - "sent_at" => Time.now.iso8601, - "body" => "Are you joking, or are you serious?" - }.to_json, - :attachments => [ - fixture_file_upload("/files/tfl.pdf") - ] + # Now post an invalid update + post :update_state, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :state => 'random_string' + # Check that the error has been raised... + response.status.should == 500 + ActiveSupport::JSON.decode(response.body)['errors'].should == ["'random_string' is not a valid request state"] - # Make sure it worked - response.status.should == 500 - errors = ActiveSupport::JSON.decode(response.body)["errors"] - errors.should == ["You cannot attach files to messages in the 'request' direction"] - end + # ..and that the status hasn't been updated + request = InfoRequest.find_by_id(request_id) + request.described_state.should == 'waiting_response' + end - it "should allow files to be attached to a response" do - # First we need an external request - request_id = info_requests(:external_request).id - - # Initially it has no incoming messages - IncomingMessage.count(:conditions => ["info_request_id = ?", request_id]).should == 0 - - # Now add one - sent_at = "2012-05-28T12:35:39+01:00" - response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" - post :add_correspondence, - :k => public_bodies(:geraldine_public_body).api_key, - :id => request_id, - :correspondence_json => { - "direction" => "response", - "sent_at" => sent_at, - "body" => response_body - }.to_json, - :attachments => [ - fixture_file_upload("/files/tfl.pdf") - ] + it 'should return a JSON 404 error for non-existent requests' do + request_id = '123459876' + InfoRequest.stub(:find_by_id).with(request_id).and_return(nil) - # And make sure it worked - response.should be_success - incoming_messages = IncomingMessage.all(:conditions => ["info_request_id = ?", request_id]) - incoming_messages.count.should == 1 - incoming_message = incoming_messages[0] - - incoming_message.sent_at.should == Time.iso8601(sent_at) - incoming_message.get_main_body_text_folded.should be_equal_modulo_whitespace_to(response_body) - - # Get the attachment - attachments = incoming_message.get_attachments_for_display - attachments.size.should == 1 - attachment = attachments[0] - attachment.filename.should == "tfl.pdf" - attachment.body.should == load_file_fixture("tfl.pdf") - end + post :update_state, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :state => "successful" - it "should show information about a request" do - info_request = info_requests(:naughty_chicken_request) - get :show_request, - :k => public_bodies(:geraldine_public_body).api_key, - :id => info_request.id - - response.should be_success - assigns[:request].id.should == info_request.id - - r = ActiveSupport::JSON.decode(response.body) - r["title"].should == info_request.title - # Let’s not test all the fields here, because it would - # essentially just be a matter of copying the code that - # assigns them and changing assignment to an equality - # check, which does not really test anything at all. - end + response.status.should == 404 + ActiveSupport::JSON.decode(response.body)['errors'].should == ['Could not find request 123459876'] + end - it 'should show information about an external request' do - info_request = info_requests(:external_request) - get :show_request, - :k => public_bodies(:geraldine_public_body).api_key, - :id => info_request.id + it 'should return a JSON 403 error if we try to add correspondence to a request we don\'t own' do + request_id = info_requests(:naughty_chicken_request).id - response.should be_success - assigns[:request].id.should == info_request.id - r = ActiveSupport::JSON.decode(response.body) - r["title"].should == info_request.title - end + post :update_state, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :state => 'successful' - it "should show an Atom feed of new request events" do - get :body_request_events, - :id => public_bodies(:geraldine_public_body).id, - :k => public_bodies(:geraldine_public_body).api_key, - :feed_type => "atom" - - response.should be_success - response.should render_template("api/request_events") - assigns[:events].size.should > 0 - assigns[:events].each do |event| - event.info_request.public_body.should == public_bodies(:geraldine_public_body) - event.outgoing_message.should_not be_nil - event.event_type.should satisfy {|x| ['sent', 'followup_sent', 'resent', 'followup_resent'].include?(x)} + response.status.should == 403 + ActiveSupport::JSON.decode(response.body)['errors'].should == ["Request #{request_id} cannot be updated using the API"] end end - it "should show a JSON feed of new request events" do - get :body_request_events, - :id => public_bodies(:geraldine_public_body).id, - :k => public_bodies(:geraldine_public_body).api_key, - :feed_type => "json" - - response.should be_success - assigns[:events].size.should > 0 - assigns[:events].each do |event| - event.info_request.public_body.should == public_bodies(:geraldine_public_body) - event.outgoing_message.should_not be_nil - event.event_type.should satisfy {|x| ['sent', 'followup_sent', 'resent', 'followup_resent'].include?(x)} + # GET /api/v2/request/:id.json + describe 'showing request info' do + it 'should show information about a request' do + info_request = info_requests(:naughty_chicken_request) + + get :show_request, + :k => public_bodies(:geraldine_public_body).api_key, + :id => info_request.id + + response.should be_success + assigns[:request].id.should == info_request.id + + r = ActiveSupport::JSON.decode(response.body) + r['title'].should == info_request.title + # Let’s not test all the fields here, because it would + # essentially just be a matter of copying the code that + # assigns them and changing assignment to an equality + # check, which does not really test anything at all. end - assigns[:event_data].size.should == assigns[:events].size - assigns[:event_data].each do |event_record| - event_record[:event_type].should satisfy {|x| ['sent', 'followup_sent', 'resent', 'followup_resent'].include?(x)} + it 'should show information about an external request' do + info_request = info_requests(:external_request) + get :show_request, + :k => public_bodies(:geraldine_public_body).api_key, + :id => info_request.id + + response.should be_success + assigns[:request].id.should == info_request.id + r = ActiveSupport::JSON.decode(response.body) + r['title'].should == info_request.title end end - it "should honour the since_event_id parameter" do - get :body_request_events, - :id => public_bodies(:geraldine_public_body).id, - :k => public_bodies(:geraldine_public_body).api_key, - :feed_type => "json" - response.should be_success - first_event = assigns[:event_data][0] - second_event_id = assigns[:event_data][1][:event_id] - - get :body_request_events, - :id => public_bodies(:geraldine_public_body).id, - :k => public_bodies(:geraldine_public_body).api_key, - :feed_type => "json", - :since_event_id => second_event_id - response.should be_success - assigns[:event_data].should == [first_event] - end + # GET /api/v2/body/:id/request_events.:feed_type + describe 'showing public body info' do + it 'should show an Atom feed of new request events' do + get :body_request_events, + :id => public_bodies(:geraldine_public_body).id, + :k => public_bodies(:geraldine_public_body).api_key, + :feed_type => 'atom' + + response.should be_success + response.should render_template('api/request_events') + assigns[:events].size.should > 0 + assigns[:events].each do |event| + event.info_request.public_body.should == public_bodies(:geraldine_public_body) + event.outgoing_message.should_not be_nil + event.event_type.should satisfy { |x| ['sent', 'followup_sent', 'resent', 'followup_resent'].include?(x) } + end + end - it "should honour the since_date parameter for the Atom feed" do - get :body_request_events, - :id => public_bodies(:humpadink_public_body).id, - :k => public_bodies(:humpadink_public_body).api_key, - :since_date => "2010-01-01", - :feed_type => "atom" - - response.should be_success - response.should render_template("api/request_events") - assigns[:events].size.should > 0 - assigns[:events].each do |event| - event.created_at.should >= Date.new(2010, 1, 1) + it 'should show a JSON feed of new request events' do + get :body_request_events, + :id => public_bodies(:geraldine_public_body).id, + :k => public_bodies(:geraldine_public_body).api_key, + :feed_type => 'json' + + response.should be_success + assigns[:events].size.should > 0 + assigns[:events].each do |event| + event.info_request.public_body.should == public_bodies(:geraldine_public_body) + event.outgoing_message.should_not be_nil + event.event_type.should satisfy {|x| ['sent', 'followup_sent', 'resent', 'followup_resent'].include?(x)} + end + + assigns[:event_data].size.should == assigns[:events].size + assigns[:event_data].each do |event_record| + event_record[:event_type].should satisfy { |x| ['sent', 'followup_sent', 'resent', 'followup_resent'].include?(x) } + end end - end - it "should return a JSON 404 error for non-existent requests" do - request_id = 123459876 # Let's hope this doesn't exist! - sent_at = "2012-05-28T12:35:39+01:00" - response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" - post :add_correspondence, - :k => public_bodies(:geraldine_public_body).api_key, - :id => request_id, - :correspondence_json => { - "direction" => "response", - "sent_at" => sent_at, - "body" => response_body - }.to_json - response.status.should == 404 - ActiveSupport::JSON.decode(response.body)["errors"].should == ["Could not find request 123459876"] - end + it 'should honour the since_event_id parameter' do + get :body_request_events, + :id => public_bodies(:geraldine_public_body).id, + :k => public_bodies(:geraldine_public_body).api_key, + :feed_type => 'json' + + response.should be_success + first_event = assigns[:event_data][0] + second_event_id = assigns[:event_data][1][:event_id] + + get :body_request_events, + :id => public_bodies(:geraldine_public_body).id, + :k => public_bodies(:geraldine_public_body).api_key, + :feed_type => 'json', + :since_event_id => second_event_id + response.should be_success + assigns[:event_data].should == [first_event] + end - it "should return a JSON 500 error if we try to add correspondence to a request we don't own" do - request_id = info_requests(:naughty_chicken_request).id - sent_at = "2012-05-28T12:35:39+01:00" - response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" - post :add_correspondence, - :k => public_bodies(:geraldine_public_body).api_key, - :id => request_id, - :correspondence_json => { - "direction" => "response", - "sent_at" => sent_at, - "body" => response_body - }.to_json - response.status.should == 500 - ActiveSupport::JSON.decode(response.body)["errors"].should == ["Request #{request_id} cannot be updated using the API"] + it 'should honour the since_date parameter for the Atom feed' do + get :body_request_events, + :id => public_bodies(:humpadink_public_body).id, + :k => public_bodies(:humpadink_public_body).api_key, + :since_date => '2010-01-01', + :feed_type => 'atom' + + response.should be_success + response.should render_template('api/request_events') + assigns[:events].size.should > 0 + assigns[:events].each do |event| + event.created_at.should >= Date.new(2010, 1, 1) + end + end end end |