Merge pull request #18 from alphagov/Accept-fact-check-requests-from-Publisher

AlexRyanShep · web-flow · commit 13215c1a0d13 · 2026-02-05T16:24:22.000Z
Add Agnostic Fact Check Request API
diff --git a/app/controllers/api/requests_controller.rb b/app/controllers/api/requests_controller.rb
@@ -0,0 +1,51 @@
+module Api
+  class RequestsController < ApplicationController
+    # TODO: Implement authentication later
+    # before_action :authenticate_publisher!
+    # TO REMOVE:
+    # protect_from_forgery with: :null_session
+
+    def create
+      if recipients.blank?
+        return render json: { errors: ["At least one recipient email is required"] }, status: :bad_request
+      end
+
+      fact_check_request = Request.new(request_params.except(:recipients))
+
+      recipients.each do |email|
+        user = User.find_or_create_by!(email: email) do |u|
+          u.name = email.split("@").first
+          u.uid = SecureRandom.uuid
+        end
+
+        fact_check_request.collaborations.build(user: user, role: "fact_checker")
+      end
+
+      if fact_check_request.save
+        render json: { id: fact_check_request.id, source_id: fact_check_request.source_id }, status: :created
+      else
+        render json: { errors: fact_check_request.errors.full_messages }, status: :bad_request
+      end
+    end
+
+  private
+
+    def request_params
+      params.require(:request).permit(
+        :source_app,
+        :source_id,
+        :source_url, # optional
+        :source_title, # optional
+        :requester_name,
+        :requester_email,
+        :current_content,
+        :previous_content, # optional
+        :deadline, # optional
+      )
+    end
+
+    def recipients
+      params.fetch(:recipients, [])
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -3,4 +3,8 @@
   get "/healthcheck/ready", to: GovukHealthcheck.rack_response
 
   root to: "application#hello_world"
+
+  namespace :api do
+    resources :requests, only: [:create]
+  end
 end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.0].define(version: 2026_02_04_143415) do
+ActiveRecord::Schema[8.0].define(version: 2026_02_05_161332) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pg_catalog.plpgsql"
   enable_extension "pgcrypto"
@@ -30,7 +30,7 @@
     t.uuid "source_id", null: false
     t.string "requester_name", null: false
     t.string "requester_email", null: false
-    t.string "status", default: "in_progress", null: false
+    t.string "status", default: "new", null: false
     t.text "previous_content"
     t.text "current_content", null: false
     t.datetime "deadline"
diff --git a/spec/requests/api/requests_spec.rb b/spec/requests/api/requests_spec.rb
@@ -0,0 +1,76 @@
+require "rails_helper"
+
+RSpec.describe "POST /api/requests", type: :request do
+  let!(:user) do
+    User.create!(
+      name: "FCM User",
+      email: "fcm-user@example.com",
+      uid: "test-uid",
+    )
+  end
+
+  let(:valid_payload) do
+    {
+      source_app: "Mainstream",
+      source_id: SecureRandom.uuid,
+      source_url: "",
+      source_title: "",
+      requester_name: "GDS Content Designer",
+      requester_email: "gds-content-designer@example.com",
+      current_content: "<p>Test HTML</p>",
+      previous_content: "",
+      deadline: 1.week.from_now.iso8601,
+      recipients: ["recipient1@example.com", "recipient2@example.com"],
+    }
+  end
+
+  context "with a valid payload" do
+    it "creates a new Request with collaborations" do
+      expect {
+        post "/api/requests", params: valid_payload, as: :json
+      }.to change(Request, :count).by(1)
+       .and change(Collaboration, :count).by(2)
+
+      expect(response).to have_http_status(:created)
+
+      json = JSON.parse(response.body)
+      expect(json).to include("id")
+
+      request = Request.last
+      expect(request.source_app).to eq("Mainstream")
+      expect(request.source_id).to be_present
+      expect(request.current_content).to eq("<p>Test HTML</p>")
+      expect(request.status).to eq("new")
+      expect(request.requester_name).to eq("GDS Content Designer")
+      expect(request.requester_email).to eq("gds-content-designer@example.com")
+    end
+  end
+
+  context "with invalid payload" do
+    it "returns errors for missing required fields" do
+      invalid_payload = { requester_name: "Alice", recipients: ["recipient1@example.com", "recipient2@example.com"] }
+
+      post "/api/requests", params: invalid_payload, as: :json
+
+      expect(response).to have_http_status(:bad_request)
+      json = JSON.parse(response.body)
+      expect(json["errors"]).to include(
+        "Source can't be blank",
+        "Requester email can't be blank",
+      )
+    end
+  end
+
+  context "without recipients" do
+    it "returns a 400 error" do
+      payload = valid_payload
+      payload.delete(:recipients)
+
+      post "/api/requests", params: payload, as: :json
+
+      expect(response).to have_http_status(:bad_request)
+      expect(JSON.parse(response.body)["errors"])
+        .to include("At least one recipient email is required")
+    end
+  end
+end
