From 15e91120ee4c236a217c9006a2a7119c41cedd87 Mon Sep 17 00:00:00 2001 From: Martin Meyerhoff Date: Sat, 27 Mar 2021 11:12:57 +0100 Subject: [PATCH] Join to page version in PagesController When accessing an unpublished page as an admin, the previous code would result in the API returning a 200 response and a page with no elements. It is more correct to return a 404. By joining the pages to their version, we make sure this happens. --- app/controllers/alchemy/json_api/pages_controller.rb | 4 ++-- spec/requests/alchemy/json_api/layout_pages_spec.rb | 8 ++++---- spec/requests/alchemy/json_api/pages_spec.rb | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/app/controllers/alchemy/json_api/pages_controller.rb b/app/controllers/alchemy/json_api/pages_controller.rb index 72f61ca..1902d75 100644 --- a/app/controllers/alchemy/json_api/pages_controller.rb +++ b/app/controllers/alchemy/json_api/pages_controller.rb @@ -79,9 +79,9 @@ def api_page(page) def base_page_scope # cancancan is not able to merge our complex AR scopes for logged in users if can?(:edit_content, ::Alchemy::Page) - Alchemy::Page.all + Alchemy::Page.all.joins(page_version) else - Alchemy::Page.published + Alchemy::Page.published.joins(page_version) end end diff --git a/spec/requests/alchemy/json_api/layout_pages_spec.rb b/spec/requests/alchemy/json_api/layout_pages_spec.rb index 654f037..7d949a8 100644 --- a/spec/requests/alchemy/json_api/layout_pages_spec.rb +++ b/spec/requests/alchemy/json_api/layout_pages_spec.rb @@ -70,9 +70,9 @@ end end - it "finds the page" do + it "does not find the page" do get alchemy_json_api.layout_page_path(page.urlname) - expect(response).to have_http_status(200) + expect(response).to have_http_status(404) end end end @@ -101,11 +101,11 @@ end end - it "returns all layout pages" do + it "returns all published layout pages" do get alchemy_json_api.layout_pages_path document = JSON.parse(response.body) expect(document["data"]).to include(have_id(layoutpage.id.to_s)) - expect(document["data"]).to include(have_id(non_public_layout_page.id.to_s)) + expect(document["data"]).not_to include(have_id(non_public_layout_page.id.to_s)) expect(document["data"]).not_to include(have_id(public_page.id.to_s)) end end diff --git a/spec/requests/alchemy/json_api/pages_spec.rb b/spec/requests/alchemy/json_api/pages_spec.rb index 06501c4..0e37578 100644 --- a/spec/requests/alchemy/json_api/pages_spec.rb +++ b/spec/requests/alchemy/json_api/pages_spec.rb @@ -90,9 +90,9 @@ end end - it "finds the page" do + it "does not find the page" do get alchemy_json_api.page_path(page.urlname) - expect(response).to have_http_status(200) + expect(response).to have_http_status(404) end end end @@ -121,11 +121,11 @@ end end - it "returns all content pages" do + it "returns all published content pages" do get alchemy_json_api.pages_path document = JSON.parse(response.body) expect(document["data"]).not_to include(have_id(layoutpage.id.to_s)) - expect(document["data"]).to include(have_id(non_public_page.id.to_s)) + expect(document["data"]).not_to include(have_id(non_public_page.id.to_s)) expect(document["data"]).to include(have_id(public_page.id.to_s)) end end