WIP, adding api/bikes_controller#create

app/controllers/api/v1/bikes_controller.rb

@@ -0,0 +1,31 @@
+class Api::V1::BikesController < Api::V1::BaseController
+  CANNOT_MANAGE = "You do not have permission to manage bikes."
+  EXPECTED_BIKE = "Expected bike in submitted data"
+
+  before_filter :check_bike_permission
+
+  def create
+    puts params.inspect
+
+    if bike = params[:bike]
+
+      b = Bike.new(bike)
+      if !b.save
+        render json: { errors: b.errors }, status: 409 and return
+      else
+        render json: { bike: b.as_json }, status: 200 and return
+      end
+
+    else
+        render json: { errors: ["Expected bike in submitted data" ]}, status: 400 and return
+    end
+    render json: {}, status: 200 and return
+  end
+
+  private
+    def check_bike_permission
+      if cannot? :manage, Bike
+        render json: { errors: [CANNOT_MANAGE]}, status: 403 and return
+      end
+    end
+end

config/routes.rb

@@ -16,6 +16,8 @@ Velocipede::Application.routes.draw do
       post 'checkin' => "logs#checkin", :as => "api_checkin"
       post 'checkout' => "logs#checkout", :as => "api_checkout"
       post 'reset' => "users#password_reset", :as => "api_password_reset"
+
+      post 'bikes/create' => "bikes#create", as: "api_create_bike"
     end
   end
 

spec/controllers/api/bikes_controller_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+
+describe Api::V1::BikesController do
+
+  describe "#create" do
+    context "as a user" do
+      before(:each) do
+        @user = FactoryGirl.create(:user)
+        sign_in @user
+      end
+      it "returns 403" do
+        post :create
+        expect(@response.code.to_i).to eql 403
+      end
+
+      it "returns an error message" do
+        post :create
+        json = JSON.parse(@response.body)
+        expect(json["errors"].first).to eql Api::V1::BikesController::CANNOT_MANAGE
+      end
+    end
+
+    context "as a bike admin" do
+      before(:each) do
+        @user = FactoryGirl.create(:bike_admin)
+        sign_in @user
+      end
+
+      context "with no bike in json data" do
+        it "returns 400" do
+          post :create
+          expect(@response.code.to_i).to eql 400
+        end
+
+        it "returns an error message" do
+          post :create
+          json = JSON.parse(@response.body)
+          expect(json["errors"].first).to eql Api::V1::BikesController::EXPECTED_BIKE
+        end
+      end
+
+      context "with valid bike in json data" do
+        before(:each) do
+          @submit_json = { bike: {
+            serial_number: "XKCD",
+            bike_brand_id: 1,
+            shop_id: 1,
+            model: "Bike Model",
+            bike_style_id: 1,
+            seat_tube_height: 52,
+            bike_condition_id: 1,
+            bike_purpose_id: 1,
+            bike_wheel_size_id: 1,
+          }}
+        end
+
+        it "returns 200" do
+          post :create, @submit_json
+          expect(@response.code.to_i).to eql 200
+        end
+
+        it "returns the created bike json" do
+          post :create, @submit_json
+          json = JSON.parse(@response.body)
+          expect(json).to have_key("bike")
+          expect(json.to_s).to include(@submit_json[:bike][:serial_number])
+        end
+      end
+    end
+  end
+end