chore: Endpoint to purge portal logo (#8365)

2023-11-17 11:43:22 -08:00
parent 04dd65687b
commit 0e19a4196b
4 changed files with 43 additions and 0 deletions
--- a/app/controllers/api/v1/accounts/portals_controller.rb
+++ b/app/controllers/api/v1/accounts/portals_controller.rb
@@ -47,6 +47,11 @@ class Api::V1::Accounts::PortalsController < Api::V1::Accounts::BaseController
    head :ok
  end

+  def logo
+    @portal.logo.purge if @portal.logo.attached?
+    head :ok
+  end
+
  def process_attached_logo
    blob_id = params[:blob_id]
    blob = ActiveStorage::Blob.find_by(id: blob_id)
--- a/app/policies/portal_policy.rb
+++ b/app/policies/portal_policy.rb
@@ -27,6 +27,10 @@ class PortalPolicy < ApplicationPolicy
    @account_user.administrator?
  end

+  def logo?
+    @account_user.administrator?
+  end
+
  private

  def portal_member?
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -217,6 +217,7 @@ Rails.application.routes.draw do
            member do
              patch :archive
              put :add_members
+              delete :logo
            end
            resources :categories
            resources :articles do
--- a/spec/controllers/api/v1/accounts/portals_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/portals_controller_spec.rb
@@ -210,4 +210,37 @@ RSpec.describe 'Api::V1::Accounts::Portals', type: :request do
      end
    end
  end
+
+  describe 'DELETE /api/v1/accounts/{account.id}/portals/{portal.slug}/logo' do
+    context 'when it is an unauthenticated user' do
+      it 'returns unauthorized' do
+        delete "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/logo"
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated user' do
+      before do
+        portal.logo.attach(io: Rails.root.join('spec/assets/avatar.png').open, filename: 'avatar.png', content_type: 'image/png')
+      end
+
+      it 'throw error if agent' do
+        delete "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/logo",
+               headers: agent.create_new_auth_token,
+               as: :json
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'delete portal logo if admin' do
+        delete "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/logo",
+               headers: admin.create_new_auth_token,
+               as: :json
+
+        expect { portal.logo.attachment.reload }.to raise_error(ActiveRecord::RecordNotFound)
+        expect(response).to have_http_status(:success)
+      end
+    end
+  end
 end