app/controllers/api/v0/manifests_controller.rb from 18F/e-manifest

app/controllers/api/v0/manifests_controller.rb
Summary

Maintainability

25 mins
Test Coverage

Issues
class Api::V0::ManifestsController < ApiController
  include SearchParams

  rescue_from ActiveRecord::RecordNotFound, with: :manifest_not_found_error

  def search
    if !params[:q] && !params[:aq]
      render json: {message: 'Missing q or aq param'}, status: 400
    else
      render json: ManifestSearchSerializer.new(Manifest.authorized_search(params)[:es_response]).to_json
    end
  end

  def validate
    manifest_content = read_body_as_json
    unless performed?
      if validate_manifest(manifest_content)
        render json: {message: "Manifest structure is valid"}, status: 200
      end
    end
  end

  def create
    authenticate_user!
    unless performed?
      manifest_content = read_body_as_json
    end

    unless performed?
      if validate_manifest(manifest_content)
        @manifest = Manifest.new(content: manifest_content, user: current_user)
        authorize @manifest, :can_create?
        create_manifest(@manifest)
      end
    end
  end

  def show
    manifest = find_manifest
    if has_permission_to_view?(manifest)
      unless performed?
        render json: ManifestSerializer.new(manifest).to_json
      end
    else
      unless performed?
        render json: {
          message: "Permission denied",
          errors: "You do not have permission to view this manifest."
        }, status: 403
      end
    end
  end

  def update
    manifest = find_manifest
    if has_permission_to_update?(manifest)
      if (patch = read_body_as_json)
        patch_json = patch.to_json
        manifest_content_json = manifest[:content].to_json
        new_json = JSON.patch(manifest_content_json, patch_json)

        manifest.update_column(:content, new_json)

        render json: ManifestSerializer.new(manifest).to_json
      end
    else
      render json: {
        message: "Permission denied",
        errors: "You do not have permission to update this manifest."
      }, status: 403
    end
  end

  private

  def create_manifest(manifest)
    if manifest.save
      manifest.reload
      render json: {
        message: "Manifest #{manifest.tracking_number} submitted successfully.",
        location: api_v0_manifest_url(manifest.uuid)
      }, status: 201
    else
      render json: {
        message: "Validation failed",
        errors: manifest.errors.full_messages.to_sentence
      }, status: 422
    end
  end

  def validate_manifest(content)
    run_validator(ManifestValidator.new(content))
  end

  def has_permission_to_update?(manifest)
    if !authenticated?
      false
    else
      authorize manifest, :can_update?
    end
  end

  def has_permission_to_view?(manifest)
    if manifest.is_public?
      true
    elsif authenticated?
      authorize manifest, :can_view?
    else
      false
    end
  end
end