First draft API to delete collections (#37117)

1 month ago · 9921fa1af7
parent 5a7a4fff11
commit 9921fa1af7
3 changed files with 45 additions and 3 deletions
--- a/app/controllers/api/v1_alpha/collections_controller.rb
+++ b/app/controllers/api/v1_alpha/collections_controller.rb
@ -13,11 +13,12 @@ class Api::V1Alpha::CollectionsController < Api::BaseController

  before_action :require_user!, only: [:create]

+  before_action :set_collection, only: [:show, :update, :destroy]
+
  after_action :verify_authorized

  def show
    cache_if_unauthenticated!
-    @collection = Collection.find(params[:id])
    authorize @collection, :show?

    render json: @collection, serializer: REST::CollectionSerializer
@ -32,7 +33,6 @@ class Api::V1Alpha::CollectionsController < Api::BaseController
  end

  def update
-    @collection = Collection.find(params[:id])
    authorize @collection, :update?

    @collection.update!(collection_update_params) # TODO: Create a service for this to federate changes
@ -40,8 +40,20 @@ class Api::V1Alpha::CollectionsController < Api::BaseController
    render json: @collection, serializer: REST::CollectionSerializer
  end

+  def destroy
+    authorize @collection, :destroy?
+
+    @collection.destroy
+
+    head 200
+  end
+
  private

+  def set_collection
+    @collection = Collection.find(params[:id])
+  end
+
  def collection_creation_params
    params.permit(:name, :description, :sensitive, :discoverable, :tag_name, account_ids: [])
  end
--- a/config/routes/api.rb
+++ b/config/routes/api.rb
@ -8,7 +8,7 @@ namespace :api, format: false do
  namespace :v1_alpha do
    resources :async_refreshes, only: :show

-    resources :collections, only: [:show, :create, :update]
+    resources :collections, only: [:show, :create, :update, :destroy]
  end

  # JSON / REST API
--- a/spec/requests/api/v1_alpha/collections_spec.rb
+++ b/spec/requests/api/v1_alpha/collections_spec.rb
@ -164,4 +164,34 @@ RSpec.describe 'Api::V1Alpha::Collections', feature: :collections do
      end
    end
  end
+
+  describe 'DELETE /api/v1_alpha/collections/:id' do
+    subject do
+      delete "/api/v1_alpha/collections/#{collection.id}", headers: headers
+    end
+
+    let(:collection) { Fabricate(:collection) }
+
+    it_behaves_like 'forbidden for wrong scope', 'read:collections'
+
+    context 'when user is not owner' do
+      it 'returns http forbidden' do
+        subject
+
+        expect(response).to have_http_status(403)
+      end
+    end
+
+    context 'when user is the owner' do
+      let(:collection) { Fabricate(:collection, account: user.account) }
+
+      it 'deletes the collection and returns http success' do
+        collection
+
+        expect { subject }.to change(Collection, :count).by(-1)
+
+        expect(response).to have_http_status(200)
+      end
+    end
+  end
 end