add route to update infohash of learning_object attachments

app/controllers/v1/learning_objects/attachment_controller.rb

@@ -19,7 +19,9 @@
 
 class V1::LearningObjects::AttachmentController < ApplicationController
   before_action :set_objects
-  before_action :authorize!
+  before_action :authenticate_user!, only: :update
+  before_action :authorize!, only: :destroy
+  before_action :authorize_update_attachment!, only: :update
 
   # DELETE /learning_objects/:learning_object_id/attachments/:id
   def destroy
@@ -30,6 +32,16 @@ class V1::LearningObjects::AttachmentController < ApplicationController
 
     render status: :ok
   end
+  
+  # PUT /learning_objects/:learning_object_id/attachments/:id
+  def update
+    return render status: :not_found if @learning_object.nil? || @attachment.nil?
+    if @attachment.update(infohash: infohash_params[:infohash])
+      render status: :ok
+    else
+      render status: :unprocessable_entity
+    end
+  end
 
   private
 
@@ -37,6 +49,10 @@ class V1::LearningObjects::AttachmentController < ApplicationController
     params.permit(:learning_object_id, :id)
   end
 
+  def infohash_params
+    params.permit(:infohash)
+  end
+
   def set_objects
     @learning_object = LearningObject.find(attachment_params[:learning_object_id])
     @attachment = LearningObject::Attachment.find(attachment_params[:id])
@@ -47,4 +63,11 @@ class V1::LearningObjects::AttachmentController < ApplicationController
 
     authorize(@learning_object, :destroy?)
   end
+
+  def authorize_update_attachment!
+    return render status: :unauthorized unless @learning_object.attachments.include? @attachment
+
+    authorize(@learning_object, :add_infohash?)
+  end
+
 end

app/policies/learning_object_policy.rb

@@ -61,6 +61,10 @@ class LearningObjectPolicy < ApplicationPolicy
     record if owns?
   end
 
+  def add_infohash?
+    record if user.is_admin?
+  end
+
   def show?
     return record if record.published? || ( !user.nil? && user_can_edit? )
     return record if user == record.publisher