From 77674a4e78af2627e0106a30fa9c6b06a9cd6dc9 Mon Sep 17 00:00:00 2001
From: Josue Kouka <jkouka@entrouvert.com>
Date: Tue, 25 Oct 2016 15:36:13 +0200
Subject: [PATCH 2/2] add simple subscription API (#13284)

---
 corbo/api_urls.py  |  4 +++-
 corbo/api_views.py | 18 ++++++++++++++++++
 tests/test_api.py  | 30 ++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/corbo/api_urls.py b/corbo/api_urls.py
index a6feaa8..ceddfd4 100644
--- a/corbo/api_urls.py
+++ b/corbo/api_urls.py
@@ -16,9 +16,11 @@
 
 from django.conf.urls import patterns, url
 
-from .api_views import NewslettersView, SubscriptionsView
+from .api_views import NewslettersView, SubscriptionsView, SubscribeView
+
 
 urlpatterns = patterns('',
             url(r'^newsletters/', NewslettersView.as_view(), name='newsletters'),
             url(r'^subscriptions/', SubscriptionsView.as_view(), name='subscriptions'),
+            url(r'^subscribe/', SubscribeView.as_view(), name='subscribe'),
 )
diff --git a/corbo/api_views.py b/corbo/api_views.py
index 9eb14b7..34af784 100644
--- a/corbo/api_views.py
+++ b/corbo/api_views.py
@@ -106,3 +106,21 @@ class SubscriptionsView(APIView):
         for subscription in self.get_subscriptions(email):
             self.update_subscriptions(subscription['id'], [], email, uuid)
         return Response({'data': True})
+
+
+class SubscribeView(SubscriptionsView):
+    http_method_names = ['post']
+
+    def post(self, request):
+        email = request.GET.get('email')
+        uuid = request.GET.get('uuid')
+        if not email:
+            raise PermissionDenied('Email parameter required')
+        data = json.loads(request.body)
+
+        category_id = data['category_id']
+        transport = ('mailto',)
+
+        self.update_subscriptions(category_id, transport, email, uuid)
+
+        return Response({'data': True})
diff --git a/tests/test_api.py b/tests/test_api.py
index 31c0510..633a8ce 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -111,3 +111,33 @@ def test_delete_subscriptions(app, categories, announces, user):
     if resp.json['data']:
         resp = app.get(subscriptions_url)
         assert resp.json['data'] == []
+
+
+def test_simple_subscription(app, categories, user):
+    payload = {'category_id': 1}
+    url = '/api/subscribe/?email=john@example.net'
+
+    # anonymous
+    resp = app.post_json(url, payload, status=403)
+    assert resp.json['detail'] == 'Authentication credentials were not provided.'
+
+    # authenticated
+    app.authorization = ('Basic', ('john.doe', 'password'))
+    resp = app.post_json(url, payload, status=200)
+    assert resp.json['data'] is True
+
+    # with wrong method
+    resp = app.get('/api/subscribe/?email=john@example.net', status=405)
+    assert resp.json['detail'] == 'Method "GET" not allowed.'
+
+    # right method on right url
+    resp = app.get('/api/subscriptions/?email=john@example.net', status=200)
+
+    data = resp.json['data']
+    assert len(data) == 1
+    assert data[0]['id'] == '1'
+    assert data[0]['text'] == 'Alerts'
+    assert len(data[0]['transports']) == 1
+    transport = data[0]['transports'][0]
+    assert transport['id'] == 'mailto'
+    assert transport['text'] == 'mailto'
-- 
2.9.3