diff --git a/CHANGELOG.md b/CHANGELOG.md index 0483778f..91285f07 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ OIDC_REDIRECT_URI=https://your-dawarich-url.com/users/auth/openid_connect/callba - User can now create a place directly from the map and add tags and notes to it. If reverse geocoding is enabled, list of nearby places will be shown as suggestions. - User can create and manage tags for places. - [ ] Tags can be added when creating or editing a place. + - [ ] Provide sensible list of default tags for the user to choose from. - User can enable or disable places layers on the map to show/hide all or just some of their places based on tags. - User can define privacy zones around places with specific tags to hide map data within a certain radius. diff --git a/app/controllers/api/v1/places_controller.rb b/app/controllers/api/v1/places_controller.rb index 2579cce6..65322cf2 100644 --- a/app/controllers/api/v1/places_controller.rb +++ b/app/controllers/api/v1/places_controller.rb @@ -6,7 +6,7 @@ module Api before_action :set_place, only: [:show, :update, :destroy] def index - @places = policy_scope(Place).includes(:tags, :visits) + @places = current_api_user.places.includes(:tags, :visits) @places = @places.with_tags(params[:tag_ids]) if params[:tag_ids].present? @places = @places.without_tags if params[:untagged] == 'true' @@ -14,16 +14,12 @@ module Api end def show - authorize @place - render json: serialize_place(@place) end def create @place = current_api_user.places.build(place_params) - authorize @place - if @place.save add_tags if tag_ids.present? render json: serialize_place(@place), status: :created @@ -33,8 +29,6 @@ module Api end def update - authorize @place - if @place.update(place_params) set_tags if params[:place][:tag_ids] render json: serialize_place(@place) @@ -44,16 +38,12 @@ module Api end def destroy - authorize @place - @place.destroy! head :no_content end def nearby - authorize Place, :nearby? - unless params[:latitude].present? && params[:longitude].present? return render json: { error: 'latitude and longitude are required' }, status: :bad_request end @@ -99,8 +89,8 @@ module Api { id: place.id, name: place.name, - latitude: place.latitude, - longitude: place.longitude, + latitude: place.lat, + longitude: place.lon, source: place.source, note: place.note, icon: place.tags.first&.icon, diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index d53f57ae..74848252 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -5,8 +5,14 @@ class ApiController < ApplicationController before_action :set_version_header before_action :authenticate_api_key + rescue_from ActiveRecord::RecordNotFound, with: :record_not_found + private + def record_not_found + render json: { error: 'Record not found' }, status: :not_found + end + def set_version_header message = "Hey, I\'m alive#{current_api_user ? ' and authenticated' : ''}!" diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 2a97ccb7..c11017e6 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -11,7 +11,7 @@ RSpec.describe User, type: :model do it { is_expected.to have_many(:notifications).dependent(:destroy) } it { is_expected.to have_many(:areas).dependent(:destroy) } it { is_expected.to have_many(:visits).dependent(:destroy) } - it { is_expected.to have_many(:places).through(:visits) } + it { is_expected.to have_many(:places).dependent(:destroy) } it { is_expected.to have_many(:trips).dependent(:destroy) } it { is_expected.to have_many(:tracks).dependent(:destroy) } it { is_expected.to have_many(:tags).dependent(:destroy) } diff --git a/spec/requests/api/v1/places_spec.rb b/spec/requests/api/v1/places_spec.rb index 01e4c031..2c67c3cc 100644 --- a/spec/requests/api/v1/places_spec.rb +++ b/spec/requests/api/v1/places_spec.rb @@ -51,11 +51,12 @@ RSpec.describe 'Api::V1::Places', type: :request do end it 'returns 404 for other users place' do - other_place = create(:place, user: create(:user)) - - expect { - get "/api/v1/places/#{other_place.id}", headers: headers - }.to raise_error(ActiveRecord::RecordNotFound) + other_user = create(:user) + other_place = create(:place, user: other_user) + + get "/api/v1/places/#{other_place.id}", headers: headers + + expect(response).to have_http_status(:not_found) end end @@ -119,13 +120,15 @@ RSpec.describe 'Api::V1::Places', type: :request do end it 'prevents updating other users places' do - other_place = create(:place, user: create(:user)) - - expect { - patch "/api/v1/places/#{other_place.id}", - params: { place: { name: 'Hacked' } }, - headers: headers - }.to raise_error(ActiveRecord::RecordNotFound) + other_user = create(:user) + other_place = create(:place, user: other_user) + + patch "/api/v1/places/#{other_place.id}", + params: { place: { name: 'Hacked' } }, + headers: headers + + expect(response).to have_http_status(:not_found) + expect(other_place.reload.name).not_to eq('Hacked') end end @@ -139,11 +142,14 @@ RSpec.describe 'Api::V1::Places', type: :request do end it 'prevents deleting other users places' do - other_place = create(:place, user: create(:user)) - + other_user = create(:user) + other_place = create(:place, user: other_user) + expect { delete "/api/v1/places/#{other_place.id}", headers: headers - }.to raise_error(ActiveRecord::RecordNotFound) + }.not_to change(Place, :count) + + expect(response).to have_http_status(:not_found) end end