Added tasks controller, spec, JS, apitesthelper

Had an issue with calling render_views in the specs to render the
jbuilder json templates and also getting the devise sign_in method to
work, ended up adding a helper to add the username/password for a user

app/assets/javascripts/task_lists.js

@@ -0,0 +1,32 @@
+$(".task_list_task").click(function(){
+  $("#update_tasks_submit").removeClass("disabled");
+});
+
+$("#update_tasks_submit").click(function(){
+
+  tasks = [];
+  $(".task_list_task").each(function(){
+    tasks.push({
+      id: parseInt($(this).data("id")),
+      done: $(this).is(":checked")
+    });
+  });
+
+  json_data = { tasks: tasks };
+
+  $.ajax({
+    url: $("#update_tasks_submit").data("url"),
+    type: "PUT",
+    data: JSON.stringify(json_data),
+    contentType: 'application/json',
+    dataType: "json",
+    success: function(data, status, xhr){
+      //should re-render via JS, but for now reload
+      location.reload();
+    },
+    error: function(data, status ){
+      alert("An error occured updating tasks");
+      //displayFormErrors(data.responseJSON);
+    }
+  });
+});

app/controllers/api/v1/tasks_controller.rb

@@ -0,0 +1,64 @@
+class Api::V1::TasksController < Api::V1::BaseController
+  EXPECTED_TASKS = "Expected a list of tasks in submitted data."
+  CANNOT_MANAGE = "You do not have permission to manage this task."
+  NOT_FOUND = "The task could not be found."
+
+  before_filter :validate_params
+  before_filter :get_tasks
+  before_filter :check_task_permission, except: :show
+
+  def update
+    errors = []
+    @tasks.each do |task_hash|
+      task = task_hash[:record]
+      attrs = task_hash[:new_attributes]
+      task.update_attributes(attrs)
+      if !task.errors.empty?
+        errors << { id: task.id, errors: task.errors }
+      end
+    end
+
+    if !errors.empty?
+      render json: { errors: errors }, status: 422 and return
+    end
+  end
+
+  private
+    def validate_params
+      if params[:tasks].nil? and not params[:tasks].kind_of?(Array)
+        render json: { errors: [EXPECTED_TASKS]}, status: 422 and return
+      end
+    end
+
+    def get_tasks
+      @tasks = []
+      errors = []
+
+      params[:tasks].each do |task|
+        t = Task.find_by_id(task[:id])
+        if t.nil?
+          errors << { id: task[:id], error: NOT_FOUND }
+        else
+          @tasks << { record: t, new_attributes: task }
+        end
+      end
+
+      if !errors.empty?
+          render json: { errors: errors }, status: 404 and return
+      end
+    end
+
+    def check_task_permission
+      errors = []
+      @tasks.each do |task_hash|
+        task = task_hash[:record]
+        if task.task_list.item != current_user.bike
+          errors << { id: task[:id], error: CANNOT_MANAGE }
+        end
+      end
+
+      if cannot? :manage, Bike and !errors.empty?
+        render json: { errors: errors}, status: 403 and return
+      end
+    end
+end

app/views/api/v1/tasks/update.json.jbuilder

@@ -0,0 +1,3 @@
+json.tasks [@tasks.map{|x| x[:record]}] do |task|
+  json.array! task
+end

config/routes.rb

@@ -24,6 +24,8 @@ Velocipede::Application.routes.draw do
       post 'bikes/create' => "bikes#create", as: "api_create_bike"
 
       get  'task_lists/:id' => "task_lists#show",   as: "api_task_list"
+
+      put  'tasks/update' => "tasks#update", as: "api_update_task"
     end
   end
 

spec/controllers/api/bikes_controller_spec.rb

@@ -57,7 +57,6 @@ describe Api::V1::BikesController do
 
         it "returns 200" do
           post :create, @submit_json
-          puts @response.inspect
           expect(@response.code.to_i).to eql 200
         end
 

spec/controllers/api/tasks_controller.rb

@@ -0,0 +1,100 @@
+require 'spec_helper'
+
+describe Api::V1::TasksController do
+  render_views
+
+  describe "#update" do
+    context "as a user with a bike" do
+      before(:each) do
+        @user = FactoryGirl.create(:user_with_bike)
+        sign_in @user
+      end
+
+      context "with no tasks in json data" do
+        it "returns 400" do
+          put :update
+          expect(@response.code.to_i).to eql 422
+        end
+
+        it "returns an error message" do
+          put :update
+          json = JSON.parse(@response.body)
+          expect(json["errors"].first).to eql Api::V1::TasksController::EXPECTED_TASKS
+        end
+      end
+
+      context "with non existing task in data" do
+        before(:each) do
+          @submit_json = { tasks: [
+            { id: 9999, done: false },
+          ]}
+        end
+
+        it "returns 404" do
+          put :update, @submit_json
+          expect(@response.code.to_i).to eql 404
+        end
+
+        it "returns an error message" do
+          put :update, @submit_json
+          json = JSON.parse(@response.body)
+          expect(json["errors"].to_s).to include(Api::V1::TasksController::NOT_FOUND)
+        end
+      end
+
+      context "with valid tasks json data" do
+        before(:each) do
+          @task = FactoryGirl.create(:task, done: false, task_list_id: @user.bike.task_list.id)
+          task_data = { tasks: [
+            { id: @task.id, done: true},
+          ]}
+          #this is necessary because render_views does not work with sign_in devise helper
+          @submit_json = api_submit_json(@user, task_data)
+          #not sure why format: :json not working
+          request.accept = 'application/json'
+        end
+
+        it "returns 200" do
+          put :update, @submit_json
+          expect(@response.code.to_i).to eql 200
+        end
+
+        it "returns the updated task json" do
+          put :update, @submit_json
+          json = JSON.parse(@response.body)
+          expect(json).to have_key("tasks")
+          expect(json.to_s).to include(Task.find_by_id(@task.id).done.to_s)
+        end
+
+        it "updates the task" do
+          expect{put :update, @submit_json}.
+            to change{ Task.find_by_id(@task.id).done }.
+              from(false).to(true)
+        end
+      end
+    end
+
+    context "as a user without a bike" do
+      before(:each) do
+        @user = FactoryGirl.create(:user, bike_id: nil)
+        sign_in @user
+
+        task = FactoryGirl.create(:task)
+        @submit_json = { tasks: [
+          { id: task.id, done: false },
+        ]}
+      end
+
+      it "should return 403" do
+        put :update, @submit_json
+        expect(@response.code.to_i).to eql 403
+      end
+
+      it "returns an error message" do
+        put :update, @submit_json
+        json = JSON.parse(@response.body)
+        expect(json["errors"].to_s).to include(Api::V1::TasksController::CANNOT_MANAGE)
+      end
+    end
+  end
+end

spec/factories/tasks.rb

@@ -0,0 +1,7 @@
+FactoryGirl.define do
+  factory :task do
+    task_list { FactoryGirl.create(:task_list) }
+    done false
+    task { Faker::Lorem.words(7).join(" ")}
+  end
+end

spec/factories/users.rb

@@ -36,5 +36,9 @@ FactoryGirl.define do
       end
     end
 
+    factory :user_with_bike do
+      bike { FactoryGirl.create(:bike) }
+    end
+
   end
 end

spec/spec_helper.rb

@@ -68,6 +68,7 @@ Spork.prefork do
     config.infer_base_class_for_anonymous_controllers = false
     config.include FactoryGirlStepHelpers
     config.include FactoryGirl::Syntax::Methods
+    config.include ApiTestHelpers
     config.include Devise::TestHelpers, type: :controller
 
     #allows :focus tag to only run specific tests
@@ -80,7 +81,6 @@ end
 
 Spork.each_run do
   # This code will be run each time you run your specs.
-
   #Reload Factories
   #FYI make sure that Factories use strings instead of class constants
   FactoryGirl.reload

spec/support/api_test_helpers.rb

@@ -0,0 +1,5 @@
+module ApiTestHelpers
+  def api_submit_json(user, json_hash)
+    json_hash.merge({username: user.email, password: user.password})
+  end
+end