diff --git a/lib/api/errors/error_base.rb b/lib/api/errors/error_base.rb index 88d7f65565..1b11b48efa 100644 --- a/lib/api/errors/error_base.rb +++ b/lib/api/errors/error_base.rb @@ -33,9 +33,11 @@ module API attr_reader :code, :message, :details, :errors def self.create(errors) - [:error_unauthorized, :error_conflict, :error_readonly].each do |key| + [:error_not_found, :error_unauthorized, :error_conflict, :error_readonly].each do |key| if errors.has_key?(key) case key + when :error_not_found + return ::API::Errors::NotFound.new(errors[key].join(' ')) when :error_unauthorized return ::API::Errors::Unauthorized when :error_conflict diff --git a/lib/api/v3/work_packages/form/form_api.rb b/lib/api/v3/work_packages/form/form_api.rb index 9a7cef6709..2b88a3aa97 100644 --- a/lib/api/v3/work_packages/form/form_api.rb +++ b/lib/api/v3/work_packages/form/form_api.rb @@ -31,8 +31,33 @@ module API module WorkPackages module Form class FormAPI < Grape::API + helpers do + def process_form_request + if form_post_request_body + # enforces availibility validation of lock_version + @representer.represented.lock_version = nil + @representer.from_json(patch_request_body) + + patch_request_valid? + end + + error = ::API::Errors::ErrorBase.create(@representer.represented.errors) + + if error.is_a? ::API::Errors::Validation + status 200 + FormRepresenter.new(@representer.represented, current_user: current_user) + else + fail error + end + end + + def form_post_request_body + env['api.request.body'] + end + end + post '/form' do - FormRepresenter.new(@work_package, current_user: current_user) + process_form_request end end end diff --git a/lib/api/v3/work_packages/work_package_contract.rb b/lib/api/v3/work_packages/work_package_contract.rb index 6189d8115d..37392f7a4d 100644 --- a/lib/api/v3/work_packages/work_package_contract.rb +++ b/lib/api/v3/work_packages/work_package_contract.rb @@ -43,9 +43,10 @@ module API @can = WorkPackagePolicy.new(user) end + validate :user_allowed_to_access validate :user_allowed_to_edit validate :user_allowed_to_edit_parent - validate :lock_version_set + validate :lock_version_valid validate :readonly_attributes_unchanged extend Reform::Form::ActiveModel::ModelValidations @@ -53,6 +54,13 @@ module API private + def user_allowed_to_access + unless ::WorkPackage.visible(@user).exists?(model) + message = "Couldn't find WorkPackage with id=#{model.id}" + errors.add :error_not_found, message + end + end + def user_allowed_to_edit errors.add :error_unauthorized, '' unless @can.allowed?(model, :edit) end @@ -63,8 +71,8 @@ module API end end - def lock_version_set - errors.add :error_conflict, '' if model.lock_version.nil? + def lock_version_valid + errors.add :error_conflict, '' if model.lock_version.nil? || model.lock_version_changed? end def readonly_attributes_unchanged