support user_id for token creation as admin #5

Author: jkraemer

app/controllers/expo_push_tokens_controller.rb

@@ -3,7 +3,8 @@ class ExpoPushTokensController < ApplicationController
   accept_api_auth :create, :destroy_all
 
   def create
-    @token = ExpoPushToken.new user: User.current, token: params[:token]
+    user_id = user_id_from_params_or_current
+    @token = ExpoPushToken.new user_id: user_id, token: params[:token]
     if @token.save
       respond_to do |format|
         format.api { head :created }
@@ -16,8 +17,7 @@ def create
   end
 
   def destroy_all
-    user_id = params[:user_id].to_i if User.current.admin? and params[:user_id].present?
-    user_id ||= User.current.id
+    user_id = user_id_from_params_or_current
     ExpoPushToken.where(user_id: user_id).delete_all
     respond_to do |format|
       format.api { head :ok }
@@ -29,4 +29,11 @@ def destroy_all
       }
     end
   end
+
+  private
+
+  def user_id_from_params_or_current
+    user_id = params[:user_id].to_i if User.current.admin? and params[:user_id].present?
+    return user_id || User.current.id
+  end
 end

test/integration/expo_push_tokens_test.rb

@@ -8,10 +8,16 @@ class ExpoPushTokensTest < Redmine::ApiTest::Base
     @jsmith = User.find_by_login 'jsmith'
 
     @creds = { 'X-Redmine-API-Key' => @user.api_key }
+    @jsmith_creds = { 'X-Redmine-API-Key' => @jsmith.api_key }
+    @admin_creds = { 'X-Redmine-API-Key' => User.find_by_login('admin').api_key }
     @payload = <<-JSON
     { "token": "asdf1234" }
     JSON
 
+    @user_id_payload = <<-JSON
+    { "token": "asdf1234", "user_id": "#{@user.id}" }
+    JSON
+
     @t1 = ExpoPushToken.create! user: @user, token: "asdf.1234"
     @t2 = ExpoPushToken.create! user: User.find_by_login('jsmith'), token: "asdf.1234"
   end
@@ -99,4 +105,26 @@ class ExpoPushTokensTest < Redmine::ApiTest::Base
     end
     @t1.reload
   end
+
+
+  test 'admin should be able to create token with optional user id' do
+    assert_difference "ExpoPushToken.count" do
+      post "/expo_push_tokens.json",
+        params: @user_id_payload,
+        headers: {"CONTENT_TYPE" => 'application/json'}.merge(@admin_creds)
+      assert_response 201
+    end
+    assert_equal @user.id, ExpoPushToken.last.user_id
+  end
+
+  test 'non-admin should not able to create token with optional user id' do
+    assert_difference "ExpoPushToken.count" do
+      post "/expo_push_tokens.json",
+        params: @user_id_payload,
+        headers: {"CONTENT_TYPE" => 'application/json'}.merge(@jsmith_creds)
+      assert_response 201
+    end
+    assert_equal @jsmith.id, ExpoPushToken.last.user_id
+  end
+
 end