diff --git a/engines/dfc_provider/app/controllers/dfc_provider/api/people_controller.rb b/engines/dfc_provider/app/controllers/dfc_provider/api/people_controller.rb new file mode 100644 index 0000000000..02852ec084 --- /dev/null +++ b/engines/dfc_provider/app/controllers/dfc_provider/api/people_controller.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Controller used to provide the People API for the DFC application +module DfcProvider + module Api + class PeopleController < BaseController + skip_before_filter :check_enterprise + + before_filter :find_user, :check_user_accessibility + + def show + render json: @user, serializer: DfcProvider::PersonSerializer + end + + private + + def find_user + @retrieved_user = Spree::User.find(params[:id]) + end + + def check_user_accessibility + return if @user == @retrieved_user + + not_found + end + end + end +end diff --git a/engines/dfc_provider/app/serializers/dfc_provider/person_serializer.rb b/engines/dfc_provider/app/serializers/dfc_provider/person_serializer.rb index ed59b41298..8ee3df99c0 100644 --- a/engines/dfc_provider/app/serializers/dfc_provider/person_serializer.rb +++ b/engines/dfc_provider/app/serializers/dfc_provider/person_serializer.rb @@ -26,7 +26,10 @@ module DfcProvider end def id - "/personId/#{object.id}" + dfc_provider_routes.api_dfc_provider_person_url( + id: object.id, + host: root_url + ) end def type @@ -42,5 +45,11 @@ module DfcProvider def affiliates object.enterprises end + + private + + def dfc_provider_routes + DfcProvider::Engine.routes.url_helpers + end end end diff --git a/engines/dfc_provider/config/routes.rb b/engines/dfc_provider/config/routes.rb index fe7f004c90..1bca54f06b 100644 --- a/engines/dfc_provider/config/routes.rb +++ b/engines/dfc_provider/config/routes.rb @@ -7,6 +7,7 @@ DfcProvider::Engine.routes.draw do resources :catalog_items, only: [:index, :show] resources :supplied_products, only: [:show] end + resources :people, only: [:show] end end end diff --git a/engines/dfc_provider/spec/controllers/dfc_provider/api/people_controller_spec.rb b/engines/dfc_provider/spec/controllers/dfc_provider/api/people_controller_spec.rb new file mode 100644 index 0000000000..95a5610aec --- /dev/null +++ b/engines/dfc_provider/spec/controllers/dfc_provider/api/people_controller_spec.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe DfcProvider::Api::PeopleController, type: :controller do + render_views + + let!(:user) { create(:user) } + + describe('.show') do + context 'with authorization token' do + before do + request.headers['Authorization'] = 'Bearer 123456.abcdef.123456' + end + + context 'with an authenticated user' do + before do + allow_any_instance_of(DfcProvider::AuthorizationControl) + .to receive(:process) + .and_return(user) + end + + context 'given with an accessible id' do + before do + api_get :show, + id: user.id + end + + it 'is successful' do + expect(response.status).to eq 200 + end + + it 'renders the required content' do + expect(response.body).to include('dfc:Person') + end + end + + context 'with an other user id' do + before { api_get :show, id: create(:user).id } + + it 'returns 404' do + expect(response.status).to eq 404 + end + end + end + end + end +end