require 'spec_helper' describe "Join Request API", :type => :api do let(:user) { FactoryGirl.create(:single_user_session) } let(:other) { FactoryGirl.create(:user) } let(:other2) { FactoryGirl.create(:user) } before(:each) do end def login(user) # login as fan post '/api/auth_session.json', { :email => user.email, :password => user.password }.to_json, "CONTENT_TYPE" => 'application/json' last_response.status.should == 200 JSON.parse(last_response.body).should == { "success" => true } end it "create join_request" do login(other) post '/api/join_requests.json', { :music_session => user.music_sessions[0].id, :text => "lemme in" }.to_json, "CONTENT_TYPE" => 'application/json' last_response.status.should == 201 get last_response.headers["Location"] + '.json', "CONTENT_TYPE" => 'application/json' last_response.status.should == 200 join_request = JSON.parse(last_response.body) join_request["id"].should_not be_nil join_request["text"].should == "lemme in" join_request["user"]["id"].should == other.id # verify that fetching the music session by the requesting user (isn't in the session!) doesn't show any join_requests # that's right--they don't even see their own join_requset via searching for sessions # if a user wants to see their outstanding join_requests, they should fetch GET /api/join_requests get "/api/sessions/#{user.music_sessions[0].id}.json", "CONTENT_TYPE" => 'application/json' music_session = JSON.parse(last_response.body) music_session["join_requests"].should be_nil # verify that the user can see their own join_requests with the listing of join_requests get '/api/join_requests', "CONTENT_TYPE" => 'application/json' join_requests = JSON.parse(last_response.body) join_requests.length.should == 1 join_requests[0]["id"].should == join_request["id"] # verify that fetching the music session reflects the join_request by a user *in the session* login(user) get "/api/sessions/#{user.music_sessions[0].id}.json", "CONTENT_TYPE" => 'application/json' music_session = JSON.parse(last_response.body) music_session["join_requests"].length.should == 1 music_session["join_requests"][0]["id"].should == join_request["id"] # verify that the user in the session can see it when queried directly get "/api/join_requests/#{join_request["id"]}.json", "CONTENT_TYPE" => 'application/json' last_response.status.should == 200 JSON.parse(last_response.body).should == join_request # verify that the random user can't access it login(other2) get "/api/join_requests/#{join_request["id"]}.json", "CONTENT_TYPE" => 'application/json' last_response.status.should == 404 end it "delete join_request" do login(other) post '/api/join_requests.json', { :music_session => user.music_sessions[0].id, :text => "lemme in" }.to_json, "CONTENT_TYPE" => 'application/json' last_response.status.should == 201 join_request = JSON.parse(last_response.body) # delete it; should work since this user created it delete "/api/join_requests/#{join_request["id"]}.json", "CONTENT_TYPE" => 'application/json' last_response.status.should == 204 # check that we now get a 404 get "/api/join_requests/#{join_request["id"]}.json", "CONTENT_TYPE" => 'application/json' last_response.status.should == 404 end it "can't create duplicate join_request" do login(other) post '/api/join_requests.json', { :music_session => user.music_sessions[0].id, :text => "lemme in" }.to_json, "CONTENT_TYPE" => 'application/json' last_response.status.should == 201 join_request = JSON.parse(last_response.body) post '/api/join_requests.json', { :music_session => user.music_sessions[0].id, :text => "lemme in" }.to_json, "CONTENT_TYPE" => 'application/json' last_response.status.should == 422 join_request = JSON.parse(last_response.body) join_request["errors"]["user_id"].should == ["has already been taken"] end end