Add Api::PublicProjectsController#update

We want to allow experience-cs admins to update "public" projects via
experience-cs administrate UI [1]. When I say "public" projects, I mean
those that are accessible to all users, because `Project#user_id` is set
to `nil`.

Public projects for Python & HTML are currently updated via the
`GithubWebhooksController#github_push` [2] action and/or via the
(possibly defunct) `projects:create_all` rake task [3] both of which
make use of `ProjectImporter` [4]. However, these mechanisms are not
suitable for our use case.

This commit introduces a new `Api::PublicProjectsController#update`
action which is somewhat based on `Api::ProjectsController#update`.

I've tried to roughly follow the existing conventions however much I
disagree with them, e.g. I've introduced a `PublicProject::Update` class
in `lib/concepts/public_project/operations/update.rb` along the same
lines as `Project::Update` in
`lib/concepts/project/operations/update.rb`.

This is just a skeletal starting point - I plan to flesh it out in
subsequent commits.

Note that I've had to limit the `restrict_project_type` before action to
just the create action, because it relies on the `project.project_type`
param which will not be accepted by the `update` action.

[1]: https://github.com/RaspberryPiFoundation/experience-cs/issues/405
[2]: https://github.com/RaspberryPiFoundation/editor-api/blob/f348dfc92fdd8b19fbfd5434e7751340f33b4093/app/controllers/github_webhooks_controller.rb#L6-L8
[3]: https://github.com/RaspberryPiFoundation/editor-api/blob/f348dfc92fdd8b19fbfd5434e7751340f33b4093/lib/tasks/projects.rake#L4-L7
[4]: https://github.com/RaspberryPiFoundation/editor-api/blob/f348dfc92fdd8b19fbfd5434e7751340f33b4093/lib/project_importer.rb

Author: floehopper

app/controllers/api/public_projects_controller.rb

@@ -3,7 +3,8 @@
 module Api
   class PublicProjectsController < ApiController
     before_action :authorize_user
-    before_action :restrict_project_type
+    before_action :restrict_project_type, only: %i[create]
+    before_action :load_project, only: %i[update]
 
     def create
       authorize! :create, :public_project
@@ -17,12 +18,31 @@ def create
       end
     end
 
+    def update
+      result = PublicProject::Update.call(project: @project, update_hash: update_params)
+
+      if result.success?
+        @project = result[:project]
+        render 'api/projects/show', formats: [:json]
+      else
+        render json: { error: result[:error] }, status: :unprocessable_entity
+      end
+    end
+
     private
 
+    def load_project
+      @project = Project.find_by!(identifier: params[:id])
+    end
+
     def create_params
       params.require(:project).permit(:identifier, :locale, :project_type, :name)
     end
 
+    def update_params
+      params.require(:project).permit(:name)
+    end
+
     def restrict_project_type
       project_type = create_params[:project_type]
       return if project_type == Project::Types::SCRATCH

config/routes.rb

@@ -41,7 +41,7 @@
       resource :images, only: %i[show create], controller: 'projects/images'
     end
 
-    resources :public_projects, only: %i[create]
+    resources :public_projects, only: %i[create update]
 
     resource :project_errors, only: %i[create]
 

lib/concepts/public_project/operations/update.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class PublicProject
+  class Update
+    class << self
+      def call(project:, update_hash:)
+        response = OperationResponse.new
+
+        project.assign_attributes(update_hash)
+        project.save!
+
+        response[:project] = project
+        response
+      rescue StandardError => e
+        Sentry.capture_exception(e)
+        response[:error] = "Error updating project: #{e}"
+        response
+      end
+    end
+  end
+end

spec/concepts/public_project/update_spec.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe PublicProject::Update, type: :unit do
+  describe '.call' do
+    subject(:update_project) { described_class.call(project:, update_hash:) }
+
+    let(:identifier) { 'foo-bar-baz' }
+    let!(:project) { create(:project, identifier:) }
+    let(:update_hash) { { name: 'New name' } }
+
+    context 'with valid content' do
+      it 'returns success' do
+        expect(update_project.success?).to be(true)
+      end
+
+      it 'returns project with identifier' do
+        updated_project = update_project[:project]
+        expect(updated_project.identifier).to eq(identifier)
+      end
+    end
+
+    context 'when update fails' do
+      before do
+        allow(project).to receive(:save!).and_raise('Some error')
+        allow(Sentry).to receive(:capture_exception)
+      end
+
+      it 'returns failure' do
+        expect(update_project.failure?).to be(true)
+      end
+
+      it 'sent the exception to Sentry' do
+        update_project
+        expect(Sentry).to have_received(:capture_exception).with(kind_of(StandardError))
+      end
+    end
+  end
+end

spec/features/public_project/updating_a_public_project_spec.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Updating a public project', type: :request do
+  let(:creator) { build(:user) }
+  let(:project) { create(:project) }
+  let(:headers) { { Authorization: UserProfileMock::TOKEN } }
+  let(:params) { { project: { name: 'New name' } } }
+
+  before do
+    authenticated_in_hydra_as(creator)
+  end
+
+  it 'responds 200 OK' do
+    put("/api/public_projects/#{project.identifier}", headers:, params:)
+    expect(response).to have_http_status(:success)
+  end
+
+  it 'responds with the project JSON' do
+    put("/api/public_projects/#{project.identifier}", headers:, params:)
+    data = JSON.parse(response.body, symbolize_names: true)
+
+    expect(data).to include(name: 'New name')
+  end
+
+  it 'responds 400 Bad Request when params are malformed' do
+    put("/api/public_projects/#{project.identifier}", headers:, params: {})
+    expect(response).to have_http_status(:bad_request)
+  end
+
+  it 'responds 401 Unauthorized when no token is given' do
+    put("/api/public_projects/#{project.identifier}", params:)
+    expect(response).to have_http_status(:unauthorized)
+  end
+
+  it 'responds 404 Not Found when project is not found' do
+    put('/api/public_projects/another-identifier', headers:, params:)
+    expect(response).to have_http_status(:not_found)
+  end
+end

spec/requests/public_projects/update_spec.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Update public project requests' do
+  let(:project) { create(:project) }
+  let(:creator) { build(:user) }
+  let(:params) { { project: { name: 'New name' } } }
+
+  context 'when auth is correct' do
+    let(:headers) { { Authorization: UserProfileMock::TOKEN } }
+
+    context 'when updating project is successful' do
+      before do
+        authenticated_in_hydra_as(creator)
+
+        response = OperationResponse.new
+        response[:project] = project
+        allow(PublicProject::Update).to receive(:call).and_return(response)
+      end
+
+      it 'returns success' do
+        put("/api/public_projects/#{project.identifier}", headers:, params:)
+
+        expect(response).to have_http_status(:success)
+      end
+    end
+
+    context 'when updating project fails' do
+      before do
+        authenticated_in_hydra_as(creator)
+
+        response = OperationResponse.new
+        response[:error] = 'Error updating project'
+        allow(PublicProject::Update).to receive(:call).and_return(response)
+      end
+
+      it 'returns error' do
+        put("/api/public_projects/#{project.identifier}", headers:, params:)
+
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
+    end
+  end
+
+  context 'when no token is given' do
+    it 'returns unauthorized' do
+      put("/api/public_projects/#{project.identifier}", headers:, params:)
+
+      expect(response).to have_http_status(:unauthorized)
+    end
+  end
+end