diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index 7eeaa37056eb6c3bba0d2b09197c466b141005a6..764c567644d66ebd14a832419d3c8f4ea884f158 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -24,11 +24,11 @@ class V1::UsersController < ApplicationController
include ::PublisherController
include ::SubjectableController
- before_action :set_user, only: [:show, :update, :destroy, :following, :own_reviews, :received_reviews, :followers, :approve_request]
+ before_action :set_user, only: [:show, :update, :destroy, :following, :own_reviews, :received_reviews, :followers, :approve_request, :add_submitter]
before_action :set_new_user, only: [:upload_requests]
before_action :authenticate_user!, only: [:create, :update, :destroy, :following,
- :own_reviews, :received_reviews, :followers, :submitter_request, :upload_requests, :approve_request]
- before_action :authorize_user, only: [:own_reviews, :received_reviews, :update, :destroy, :upload_requests, :approve_request]
+ :own_reviews, :received_reviews, :followers, :submitter_request, :upload_requests, :approve_request, :add_submitter]
+ before_action :authorize_user, only: [:own_reviews, :received_reviews, :update, :destroy, :upload_requests, :approve_request, :add_submitter]
# GET /v1/users
# GET /v1/users.json
@@ -97,6 +97,25 @@ class V1::UsersController < ApplicationController
render json: users
end
+ # POST /v1/users/:id/add_submitter
+ # POST /v1/users/:id/add_submitter.json
+ def add_submitter
+ if !approve_params.to_s.blank?
+ if approve_params
+ @user.submitter_request = User.submitter_requests[:accepted]
+ @user.roles << Role.where(name: "submitter")
+ @user.save
+ render status: :ok
+ else
+ @user.update(submitter_request: User.submitter_requests[:rejected])
+ render status: :ok
+ end
+ else
+ render status: :forbidden
+ end
+ end
+
+
# POST /v1/users/:id/approve_request
# POST /v1/users/:id/approve_request.json
def approve_request
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 25eb87c915769e033d655c80888d7abeaab6d194..fbe97e37f0d906a9f3d54d8f1bf8cf56e68c19e3 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -55,6 +55,10 @@ class UserPolicy < ApplicationPolicy
record if user.is_supervisor?
end
+ def add_submitter?
+ record if user.is_supervisor?
+ end
+
def authorized_user?
return false if ( record.is_admin? && !user.is_admin? )
if ( record.is_editor? )
diff --git a/config/routes.rb b/config/routes.rb
index c7e50d570b0f00d1b994c9805acea966eef1b0f3..3a0d2f608a008b35eb4092826bbfcf78534704eb 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -139,6 +139,7 @@ Rails.application.routes.draw do
get 'reviews/own', to: 'users#own_reviews'
get 'reviews/received', to: 'users#received_reviews'
post 'approve_request', to: 'users#approve_request'
+ post 'add_submitter', to: 'users#add_submitter'
end
collection do
get 'upload_requests'
diff --git a/spec/acceptance/users_spec.rb b/spec/acceptance/users_spec.rb
index d376f130caba2ce0350fed4a7c55f5d2771654cb..e381d1b1400963e79233ece6798b7cd0483f7f3d 100644
--- a/spec/acceptance/users_spec.rb
+++ b/spec/acceptance/users_spec.rb
@@ -372,8 +372,8 @@ resource 'Users' do
let(:raw_post) {params.to_json}
before do
- @user = create(:user, )
- @user.update(submitter_request: User.submitter_requests[:requested])
+ @user = create(:user)
+ @user.update(submitter_request: User.submitter_requests[:requested])
end
example 'Approve a submitter request' do
@@ -381,4 +381,24 @@ resource 'Users' do
expect(status).to eq(200)
end
end
+
+ post '/v1/users/:id/add_submitter' do
+ include_context "authenticate_user_supervisor"
+
+ parameter :id, 'The id of the user who asked to be a submitter'
+ parameter :approves, 'If the user can be a submitter or not'
+
+ let(:id) {@user.id}
+ let(:approves) { true }
+ let(:raw_post) {params.to_json}
+
+ before do
+ @user = create(:user)
+ end
+
+ example 'Add an user submitter' do
+ do_request
+ expect(status).to eq(200)
+ end
+ end
end