From 213b029c3ae93b02b72263b3bb6c908355111237 Mon Sep 17 00:00:00 2001
From: lizconlan <liz@mysociety.org>
Date: Mon, 23 Jun 2014 13:02:53 +0100
Subject: New API method for updating request state

---
 app/controllers/api_controller.rb | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'app/controllers/api_controller.rb')

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index e6b0c121a..f826f65d1 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -163,6 +163,40 @@ class ApiController < ApplicationController
         }
     end
 
+    def update_state
+        request = InfoRequest.find_by_id(params[:id])
+        if request.nil?
+            render :json => { "errors" => ["Could not find request #{params[:id]}"] }, :status => 404
+            return
+        end
+        new_state = params["state"]
+
+        errors = []
+
+        if !request.is_external?
+            render :json => { "errors" => ["Request #{params[:id]} cannot be updated using the API"] }, :status => 500
+            return
+        end
+
+        if request.public_body_id != @public_body.id
+            render :json => { "errors" => ["You do not own request #{params[:id]}"] }, :status => 500
+            return
+        end
+
+        if InfoRequest.enumerate_states.include?(new_state)
+            request.set_described_state(new_state)
+        else
+              render :json => {"errors" => [
+                  "'#{new_state}' is not a valid request state" ] },
+              :status => 500
+          return
+        end
+
+        render :json => {
+            'url' => make_url("request", request.url_title),
+        }
+    end
+
     def body_request_events
         feed_type = params[:feed_type]
         raise PermissionDenied.new("#{@public_body.id} != #{params[:id]}") if @public_body.id != params[:id].to_i
-- 
cgit v1.2.3