2907: allow depositor to be passed in to api params (#490)

* if depositor key is in API side params, sign in the depositor (but raise exception if not found) after successful API user authentication, otherwise just sign in API user.
aic-collections · Jun 21, 2018 · 1676cf1 · 1676cf1
1 parent 34ef683
commit 1676cf1
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 3 deletions.
diff --git a/app/controllers/lakeshore/api_controller.rb b/app/controllers/lakeshore/api_controller.rb
@@ -8,7 +8,11 @@ def authenticate_api_user
         resource = User.find_by_email(username)
         return head :unauthorized unless resource
         if resource.valid_password?(password) && resource.api?
-          sign_in :user, resource
+          if params[:depositor]
+            sign_in :user, User.find_by_email!(params[:depositor])
+          else
+            sign_in :user, resource
+          end
         end
       end
     end

diff --git a/config/environments/development.rb b/config/environments/development.rb
@@ -49,6 +49,6 @@
   # config.action_view.raise_on_missing_translations = true
 
   # default the queue adapter to :inline or override to :resque, if needed
-  config.active_job.queue_adapter = :inline
-  # config.active_job.queue_adapter = :resque
+  # config.active_job.queue_adapter = :inline
+  config.active_job.queue_adapter = :resque
 end
diff --git a/spec/controllers/lakeshore/file_sets_controller_spec.rb b/spec/controllers/lakeshore/file_sets_controller_spec.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+require 'rails_helper'
+
+describe Lakeshore::FileSetsController do
+  let(:apiuser) { create(:apiuser) }
+  before do
+    sign_in_basic(apiuser)
+    LakeshoreTesting.restore
+  end
+
+  let(:asset)     { create(:asset, :with_intermediate_file_set) }
+  let(:file_set1) { asset.intermediate_file_set.first }
+  let(:file)      { create(:image_file) }
+  let(:aic_user1) { create(:aic_user1) }
+
+  describe "#update" do
+    before { put :update, params }
+    context "when API user exists" do
+      context "but is not an AICUser and no depositor param exists" do
+        let(:file_set_params) { { files: [file] } }
+        let(:params)          { { file_set: file_set_params, id: file_set1.id } }
+        it "returns a 500 respone code with an error message" do
+          expect(response).to have_http_status(500)
+          expect(response.body).to include("AICUser 'apiuser' not found, contact [email protected]\n")
+        end
+      end
+    end
+  end
+end