Approve proverb

app/controllers/api/v1/proverbs_controller.rb

@@ -1,10 +1,11 @@
 module Api
   module V1
     class ProverbsController < ApplicationController
-      before_action :set_proverb, only: [:show, :update, :destroy, :translations]
+      before_action :set_proverb, only: [:show, :update, :destroy, :translations, :approve]
       before_action :check_tags, only: [:create]
       before_action :authenticate, except: [:index, :show]
       before_action :set_locale
+      load_and_authorize_resource
 
       def index
         proverbs = Proverb.paginate(params)
@@ -38,6 +39,11 @@ def destroy
         head :no_content
       end
 
+      def approve
+        @proverb.update_attribute(:status, "approved")
+        render json: @proverb, status: 200
+      end
+
       private
 
       def set_locale

app/controllers/application_controller.rb

@@ -1,12 +1,14 @@
 class ApplicationController < ActionController::API
   include CanCan::ControllerAdditions
-
   rescue_from ActiveRecord::RecordNotFound do
     render json: { Error: "Resource not found" }, status: 404
   end
+  rescue_from CanCan::AccessDenied do
+    render json: { Error: " Tah!! You are not authorized" }, status: 403
+  end
 
   attr_reader :current_user, :token
-
+  helper_method :current_user
   def no_route_found
     found = { Error: "The end point you requested does not exist.",
               Debug: "Please check the documentation for existing end points" }

app/models/ability.rb

@@ -6,16 +6,14 @@ def initialize(user)
     #
     user ||= User.new # guest user (not logged in)
 
-    alias_action :create, :update, :destroy, to: :moderate
+    alias_action :create, :update, :destroy, :approve, to: :moderate
 
     alias_action :create, :update, to: :regular_user_crud
 
     can :read, Proverb
-
     if user.admin?
       can :manage, :all
     end
-
     if user.moderator?
       can :moderate, Proverb
       can :manage, User, id: user.id

config/routes.rb

@@ -2,7 +2,9 @@
   namespace :api, default: { format: :json } do
     namespace :v1 do
       scope "/:locale" do
-        resources :proverbs, except: [:new, :edit]
+        resources :proverbs, except: [:new, :edit] do
+          get "approve", on: :member
+        end
       end
       post "/auth/login", to: "auth#login"
       get "/auth/logout", to: "auth#logout"

spec/factories/users.rb

@@ -4,6 +4,6 @@
     username { Faker::Name.name }
     first_name { Faker::Name.first_name }
     last_name { Faker::Name.last_name }
-    fb_id Faker::Number.digit
+    fb_id { Faker::Number.digit }
   end
 end

spec/requests/proverbs_spec.rb

@@ -5,6 +5,8 @@
   let(:user) { create(:user) }
   let!(:valid_session) { login(user) }
 
+  let!(:admin) { create(:user, user_type: 2) }
+  let(:admin_session) { login(admin) }
   let(:valid_attributes) { attributes_for(:proverb) }
   let(:invalid_attributes) { attributes_for(:proverb, :invalid) }
 
@@ -198,7 +200,7 @@
           post(
             "/api/v1/en/proverbs/",
             proverbs_with_translations_params,
-            valid_session
+            admin_session
           )
         end.to change(Proverb, :count).by(1)
         expect(response).to have_http_status(201)
@@ -208,7 +210,7 @@
         post(
           "/api/v1/en/proverbs/",
           proverbs_with_translations_params,
-          valid_session
+          admin_session
         )
         expect(assigns(:proverb)).to be_a(Proverb)
         expect(assigns(:proverb)).to be_persisted
@@ -222,7 +224,7 @@
       it "creates translations in translations array" do
         post(
           "/api/v1/en/proverbs/", proverbs_with_translations_params,
-          valid_session
+          admin_session
         )
         expect(assigns(:proverb)).to be_persisted
         expect(assigns(:proverb).translations.size).to eq 1
@@ -232,7 +234,7 @@
 
     context "with invalid params" do
       it "assigns a newly created but unsaved proverb as @proverb" do
-        post "/api/v1/en/proverbs/", { proverb: invalid_attributes.merge!(all_tags: ["life"]) }, valid_session
+        post "/api/v1/en/proverbs/", { proverb: invalid_attributes.merge!(all_tags: ["life"]) }, admin_session
         expect(assigns(:proverb)).to be_a_new(Proverb)
       end
     end
@@ -242,7 +244,7 @@
         post(
           "/api/v1/en/proverbs/",
           { proverb: valid_attributes.merge!(all_tags: "wisdom, life") },
-          valid_session
+          admin_session
         )
         expect(JSON.parse(response.body)["tag_error"]).to eq "tags must be in an array"
       end
@@ -255,15 +257,15 @@
 
       it "updates the requested proverb" do
         proverb = create(:proverb)
-        put "/api/v1/en/proverbs/#{proverb.id}", { proverb: new_attributes }, valid_session
+        put "/api/v1/en/proverbs/#{proverb.id}", { proverb: new_attributes }, admin_session
         proverb.reload
         expect(assigns(:proverb).body).to eq("This is a new proverb body")
         expect(response).to have_http_status(200)
       end
 
       it "assigns the requested proverb as @proverb" do
         proverb = create(:proverb)
-        put "/api/v1/en/proverbs/#{proverb.id}", { proverb: valid_attributes }, valid_session
+        put "/api/v1/en/proverbs/#{proverb.id}", { proverb: valid_attributes }, admin_session
         expect(assigns(:proverb)).to eq(proverb)
         expect(response).to have_http_status(200)
       end
@@ -272,7 +274,7 @@
     context "with invalid params" do
       it "assigns the proverb as @proverb" do
         proverb = create(:proverb)
-        put "/api/v1/en/proverbs/#{proverb.id}", { proverb: invalid_attributes }, valid_session
+        put "/api/v1/en/proverbs/#{proverb.id}", { proverb: invalid_attributes }, admin_session
         expect(assigns(:proverb)).to eq(proverb)
         expect(response).to have_http_status(422)
       end
@@ -283,15 +285,36 @@
     it "destroys the requested proverb" do
       proverb = create(:proverb)
       expect do
-        delete "/api/v1/en/proverbs/#{proverb.id}", {}, valid_session
+        delete "/api/v1/en/proverbs/#{proverb.id}", {}, admin_session
       end.to change(Proverb, :count).by(-1)
       expect(response).to have_http_status(204)
     end
 
     it "redirects to the proverbs list" do
       proverb = create(:proverb)
-      delete "/api/v1/en/proverbs/#{proverb.id}", {}, valid_session
+      delete "/api/v1/en/proverbs/#{proverb.id}", {}, admin_session
       expect(response).to have_http_status(204)
     end
   end
+
+  describe "approve" do
+    let!(:proverb) { create(:proverb) }
+
+    context "when user is an admin" do
+      let(:user_admin) { create(:user, user_type: 2)}
+      let(:valid_admin_session) { login(user_admin) }
+      it " updates the status of the proverb" do
+        get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, admin_session
+        expect(JSON.parse(response.body)["status"]).to eq "approved"
+      end
+    end
+
+    context "when user is a regular user" do
+      it "returns an authorized status code" do
+        get "/api/v1/en/proverbs/#{proverb.id}/approve", {}, valid_session
+        expect(response).to have_http_status(403)
+      end
+    end
+
+  end
 end