Fix some tests

CHANGELOG.md

@@ -24,6 +24,7 @@ OIDC_REDIRECT_URI=https://your-dawarich-url.com/users/auth/openid_connect/callba
 - User can now create a place directly from the map and add tags and notes to it. If reverse geocoding is enabled, list of nearby places will be shown as suggestions.
 - User can create and manage tags for places.
   - [ ] Tags can be added when creating or editing a place.
+  - [ ] Provide sensible list of default tags for the user to choose from.
 - User can enable or disable places layers on the map to show/hide all or just some of their places based on tags.
 - User can define privacy zones around places with specific tags to hide map data within a certain radius.
 

app/controllers/api/v1/places_controller.rb

@@ -6,7 +6,7 @@ module Api
       before_action :set_place, only: [:show, :update, :destroy]
 
       def index
-        @places = policy_scope(Place).includes(:tags, :visits)
+        @places = current_api_user.places.includes(:tags, :visits)
         @places = @places.with_tags(params[:tag_ids]) if params[:tag_ids].present?
         @places = @places.without_tags if params[:untagged] == 'true'
 
@@ -14,16 +14,12 @@ module Api
       end
 
       def show
-        authorize @place
-
         render json: serialize_place(@place)
       end
 
       def create
         @place = current_api_user.places.build(place_params)
 
-        authorize @place
-
         if @place.save
           add_tags if tag_ids.present?
           render json: serialize_place(@place), status: :created
@@ -33,8 +29,6 @@ module Api
       end
 
       def update
-        authorize @place
-
         if @place.update(place_params)
           set_tags if params[:place][:tag_ids]
           render json: serialize_place(@place)
@@ -44,16 +38,12 @@ module Api
       end
 
       def destroy
-        authorize @place
-
         @place.destroy!
 
         head :no_content
       end
 
       def nearby
-        authorize Place, :nearby?
-
         unless params[:latitude].present? && params[:longitude].present?
           return render json: { error: 'latitude and longitude are required' }, status: :bad_request
         end
@@ -99,8 +89,8 @@ module Api
         {
           id: place.id,
           name: place.name,
-          latitude: place.latitude,
-          longitude: place.longitude,
+          latitude: place.lat,
+          longitude: place.lon,
           source: place.source,
           note: place.note,
           icon: place.tags.first&.icon,

app/controllers/api_controller.rb

@@ -5,8 +5,14 @@ class ApiController < ApplicationController
   before_action :set_version_header
   before_action :authenticate_api_key
 
+  rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
+
   private
 
+  def record_not_found
+    render json: { error: 'Record not found' }, status: :not_found
+  end
+
   def set_version_header
     message = "Hey, I\'m alive#{current_api_user ? ' and authenticated' : ''}!"
 

spec/models/user_spec.rb

@@ -11,7 +11,7 @@ RSpec.describe User, type: :model do
     it { is_expected.to have_many(:notifications).dependent(:destroy) }
     it { is_expected.to have_many(:areas).dependent(:destroy) }
     it { is_expected.to have_many(:visits).dependent(:destroy) }
-    it { is_expected.to have_many(:places).through(:visits) }
+    it { is_expected.to have_many(:places).dependent(:destroy) }
     it { is_expected.to have_many(:trips).dependent(:destroy) }
     it { is_expected.to have_many(:tracks).dependent(:destroy) }
     it { is_expected.to have_many(:tags).dependent(:destroy) }

spec/requests/api/v1/places_spec.rb

@@ -51,11 +51,12 @@ RSpec.describe 'Api::V1::Places', type: :request do
     end
 
     it 'returns 404 for other users place' do
-      other_place = create(:place, user: create(:user))
-      
-      expect {
-        get "/api/v1/places/#{other_place.id}", headers: headers
-      }.to raise_error(ActiveRecord::RecordNotFound)
+      other_user = create(:user)
+      other_place = create(:place, user: other_user)
+
+      get "/api/v1/places/#{other_place.id}", headers: headers
+
+      expect(response).to have_http_status(:not_found)
     end
   end
 
@@ -119,13 +120,15 @@ RSpec.describe 'Api::V1::Places', type: :request do
     end
 
     it 'prevents updating other users places' do
-      other_place = create(:place, user: create(:user))
-      
-      expect {
-        patch "/api/v1/places/#{other_place.id}",
-              params: { place: { name: 'Hacked' } },
-              headers: headers
-      }.to raise_error(ActiveRecord::RecordNotFound)
+      other_user = create(:user)
+      other_place = create(:place, user: other_user)
+
+      patch "/api/v1/places/#{other_place.id}",
+            params: { place: { name: 'Hacked' } },
+            headers: headers
+
+      expect(response).to have_http_status(:not_found)
+      expect(other_place.reload.name).not_to eq('Hacked')
     end
   end
 
@@ -139,11 +142,14 @@ RSpec.describe 'Api::V1::Places', type: :request do
     end
 
     it 'prevents deleting other users places' do
-      other_place = create(:place, user: create(:user))
-      
+      other_user = create(:user)
+      other_place = create(:place, user: other_user)
+
       expect {
         delete "/api/v1/places/#{other_place.id}", headers: headers
-      }.to raise_error(ActiveRecord::RecordNotFound)
+      }.not_to change(Place, :count)
+
+      expect(response).to have_http_status(:not_found)
     end
   end