VRFS-3359 : Enhance show/detail record. Also allow looking up by teacher or current user, which changes URI signature. Update tests accordingly.

web/app/controllers/api_teachers_controller.rb

@@ -2,6 +2,7 @@ class ApiTeachersController < ApiController
 
   before_filter :api_signed_in_user, :except => [:index, :show]
   before_filter :auth_teacher, :only => [:update, :delete]
+  before_filter :auth_user, :only => [:create, :update]
 
   respond_to :json
 
@@ -9,8 +10,9 @@ class ApiTeachersController < ApiController
     @teachers = Teacher.paginate(page: params[:page])
   end
 
-  def show
-    @teacher = Teacher.find(params[:id])
+  def detail
+    teacher_id=(params[:teacher_id].present?) ? params[:teacher_id] : (current_user.teacher && current_user.teacher.id)
+    @teacher = Teacher.find(teacher_id)
     respond_with_model(@teacher)
   end
 
@@ -20,12 +22,12 @@ class ApiTeachersController < ApiController
   end
 
   def create
-    @teacher = Teacher.save_teacher(current_user, params)
+    @teacher = Teacher.save_teacher(@user, params)
     respond_with_model(@teacher, new: true, location: lambda { return api_teacher_detail_url(@teacher.id) })
   end
 
   def update
-    @teacher = Teacher.save_teacher(current_user, params)
+    @teacher = Teacher.save_teacher(@user, params)
     respond_with_model(@teacher)
   end
 
@@ -42,4 +44,22 @@ private
       raise JamPermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
     end
   end
+
+  def auth_user
+    if params[:user_id].present?
+      if params[:user_id]==current_user.id
+        @user=current_user
+      else
+        if current_user.admin
+          @user=User.find(params[:user_id])
+        else
+          # Can't specify other user:
+          raise JamPermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
+        end
+      end
+    else
+      @user=current_user
+    end
+
+  end
 end

web/config/routes.rb

@@ -432,7 +432,7 @@ SampleApp::Application.routes.draw do
 
     # teachers
     match '/teachers' => 'api_teachers#index', :via => :get
-    match '/teachers/:id' => 'api_teachers#show', :via => :get, :as => 'api_teacher_detail'
+    match '/teachers/detail' => 'api_teachers#detail', :via => :get, :as => 'api_teacher_detail'
     match '/teachers' => 'api_teachers#create', :via => :post
     match '/teachers/:id' => 'api_teachers#update', :via => :post
     match '/teachers/:id' => 'api_teachers#delete', :via => :delete

web/spec/controllers/api_teachers_controller_spec.rb

@@ -77,6 +77,41 @@ describe ApiTeachersController do
     end
   end
 
+  describe "gets details" do
+    before :each do
+      @teacher = Teacher.save_teacher(
+        user,
+        years_teaching: 21,
+        biography: BIO
+      )
+      @teacher.should_not be_nil
+      @teacher.id.should_not be_nil
+    end
+
+    it "by teacher id" do
+      get :detail, {:format => 'json', teacher_id: @teacher.id}
+      response.should be_success
+      json = JSON.parse(response.body)
+      json["biography"].should==BIO
+    end
+
+    it "by current user" do
+      get :detail, {:format => 'json'}
+      response.should be_success
+
+      json = JSON.parse(response.body)
+      json["biography"].should==BIO
+    end
+
+    it "no teacher" do
+      user2 = FactoryGirl.create(:user)
+      controller.current_user = user2
+      get :detail, {:format => 'json'}
+      response.status.should eq(404)
+    end
+
+  end
+
   describe "to existing" do
     before :each do
       @teacher = Teacher.save_teacher(
@@ -192,7 +227,7 @@ describe ApiTeachersController do
       json = JSON.parse(response.body)
       json['errors'].should have_key('offer_pricing')
       json['errors'].should_not have_key('offer_duration')
-      #puts "JSON.pretty_generate(json): #{JSON.pretty_generate(json)}"      
+      #puts "JSON.pretty_generate(json): #{JSON.pretty_generate(json)}"
     end
   end
 end