From 9839e0e23ba78b405779b1a9c9d1e41f02991ebd Mon Sep 17 00:00:00 2001
From: Robin Houston <robin.houston@gmail.com>
Date: Tue, 4 Sep 2012 16:23:03 +0100
Subject: API errors should be JSON

The API was returning Rails (HTML) errors for certain error
conditions, which is inconvenient because it makes it difficult
for the client to extract the error message.

This patch changes add_correspondence to return JSON errors
(still with suitable HTTP status codes) for two common exceptional
conditions, and adds tests.
---
 app/controllers/api_controller.rb | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'app/controllers/api_controller.rb')

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 718c31e6f..6c98ebeba 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -72,7 +72,12 @@ class ApiController < ApplicationController
     end
     
     def add_correspondence
-        request = InfoRequest.find(params[:id])
+        request = InfoRequest.find_by_id(params[:id])
+        if request.nil?
+            render :json => { "errors" => ["Could not find request #{params[:id]}"] }, :status => 404
+            return
+        end
+        
         json = ActiveSupport::JSON.decode(params[:correspondence_json])
         attachments = params[:attachments]
         
@@ -83,11 +88,13 @@ class ApiController < ApplicationController
         errors = []
         
         if !request.is_external?
-            raise ActiveRecord::RecordNotFound.new("Request #{params[:id]} cannot be updated using the API")
+            render :json => { "errors" => ["Request #{params[:id]} cannot be updated using the API"] }, :status => 500
+            return
         end
         
         if request.public_body_id != @public_body.id
-            raise ActiveRecord::RecordNotFound.new("You do not own request #{params[:id]}")
+            render :json => { "errors" => ["You do not own request #{params[:id]}"] }, :status => 500
+            return
         end
         
         if !["request", "response"].include?(direction)
-- 
cgit v1.2.3


From 938cb83a9405bb1e5f49f4841adc3657e73d85bd Mon Sep 17 00:00:00 2001
From: Robin Houston <robin.houston@gmail.com>
Date: Mon, 10 Sep 2012 17:10:44 +0100
Subject: Add a since_date parameter to the API feed

---
 app/controllers/api_controller.rb | 46 +++++++++++++++++++++++++++++----------
 1 file changed, 35 insertions(+), 11 deletions(-)

(limited to 'app/controllers/api_controller.rb')

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 6c98ebeba..409a432eb 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -167,17 +167,41 @@ class ApiController < ApplicationController
         feed_type = params[:feed_type]
         raise PermissionDenied.new("#{@public_body.id} != #{params[:id]}") if @public_body.id != params[:id].to_i
         
-        @events = InfoRequestEvent.find_by_sql([
-          %(select info_request_events.*
-            from info_requests
-            join info_request_events on info_requests.id = info_request_events.info_request_id
-            where info_requests.public_body_id = ?
-            and info_request_events.event_type in (
-              'sent', 'followup_sent', 'resent', 'followup_resent'
-            )
-            order by info_request_events.created_at desc
-          ), @public_body.id
-        ])
+        since_date_str = params[:since_date]
+        if since_date_str.nil?
+            @events = InfoRequestEvent.find_by_sql([
+              %(select info_request_events.*
+                from info_requests
+                join info_request_events on info_requests.id = info_request_events.info_request_id
+                where info_requests.public_body_id = ?
+                and info_request_events.event_type in (
+                  'sent', 'followup_sent', 'resent', 'followup_resent'
+                )
+                order by info_request_events.created_at desc
+              ), @public_body.id
+            ])
+        else
+            begin
+              since_date = Date.strptime(since_date_str, "%Y-%m-%d")
+            rescue ArgumentError
+              render :json => {"errors" => [
+                      "Parameter since_date must be in format yyyy-mm-dd (not '#{since_date_str}')" ] },
+                  :status => 500
+              return
+            end
+            @events = InfoRequestEvent.find_by_sql([
+              %(select info_request_events.*
+                from info_requests
+                join info_request_events on info_requests.id = info_request_events.info_request_id
+                where info_requests.public_body_id = ?
+                and info_request_events.event_type in (
+                  'sent', 'followup_sent', 'resent', 'followup_resent'
+                )
+                and info_request_events.created_at >= ?
+                order by info_request_events.created_at desc
+              ), @public_body.id, since_date
+            ])
+        end
         if feed_type == "atom"
             render :template => "api/request_events.atom", :layout => false
         elsif feed_type == "json"
-- 
cgit v1.2.3