From b3d254245ef3df39a53499dc581f512c01d180ca Mon Sep 17 00:00:00 2001
From: Adam Grare <adam@grare.com>
Date: Tue, 20 Jun 2023 14:03:39 -0400
Subject: [PATCH] Add support for edit configuration_script_payloads

---
 config/api.yml                                | 12 +++-
 .../configuration_script_payloads_spec.rb     | 69 ++++++++++++++++++-
 2 files changed, 79 insertions(+), 2 deletions(-)

diff --git a/config/api.yml b/config/api.yml
index 5b78ff167f..6dae46ce9d 100644
--- a/config/api.yml
+++ b/config/api.yml
@@ -986,7 +986,11 @@
     :options:
     - :collection
     - :subcollection
-    :verbs: *g
+    :verbs:
+    - :get
+    - :put
+    - :post
+    - :patch
     :klass: ConfigurationScriptPayload
     :subcollections:
     - :authentications
@@ -994,10 +998,16 @@
       :get:
       - :name: read
         :identifier: embedded_configuration_script_payload_view
+      :post:
+      - :name: edit
+        :identifier: embedded_configuration_script_payload_edit
     :resource_actions:
       :get:
       - :name: read
         :identifier: embedded_configuration_script_payload_view
+      :post:
+      - :name: edit
+        :identifier: embedded_configuration_script_payload_edit
     :subcollection_actions:
       :get:
       - :name: read
diff --git a/spec/requests/configuration_script_payloads_spec.rb b/spec/requests/configuration_script_payloads_spec.rb
index 2c7aa34f5e..ff43c17c02 100644
--- a/spec/requests/configuration_script_payloads_spec.rb
+++ b/spec/requests/configuration_script_payloads_spec.rb
@@ -49,8 +49,75 @@
     end
   end
 
+  describe 'POST /api/configuration_script_payloads' do
+    let(:script_payload) { FactoryBot.create(:configuration_script_payload) }
+
+    context "edit" do
+      it 'forbids edit of a configuration_script_payload without an appropriate role' do
+        api_basic_authorize
+
+        post(api_configuration_script_payloads_url, :params => {:action => 'edit', :name => 'foo'})
+        expect(response).to have_http_status(:forbidden)
+      end
+
+      it 'can edit a configuration_script_payload' do
+        api_basic_authorize collection_action_identifier(:configuration_script_payloads, :edit, :post)
+
+        post(api_configuration_script_payloads_url, :params => {:action => 'edit', :resources => [{:id => script_payload.id, :name => 'foo'}]})
+
+        expect(response).to have_http_status(:ok)
+        expect(response.parsed_body).to include('results' => [a_hash_including('name' => 'foo')])
+        expect(script_payload.reload.name).to eq('foo')
+      end
+    end
+  end
+
+  describe 'PUT /api/configuration_script_payloads/:id' do
+    let(:script_payload) { FactoryBot.create(:configuration_script_payload) }
+
+    it 'forbids put on a configuration_script_payload without an appropriate role' do
+      api_basic_authorize
+
+      put(api_configuration_script_payload_url(nil, script_payload), :params => {:name => 'foo'})
+
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it 'can update a configuration_script_payload' do
+      api_basic_authorize action_identifier(:configuration_script_payloads, :edit)
+
+      put(api_configuration_script_payload_url(nil, script_payload), :params => {:name => 'foo'})
+
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include('name' => 'foo')
+      expect(script_payload.reload.name).to eq('foo')
+    end
+  end
+
+  describe 'PATCH /api/configuration_script_payloads/:id' do
+    let(:script_payload) { FactoryBot.create(:configuration_script_payload) }
+
+    it 'forbids put on a configuration_script_payload without an appropriate role' do
+      api_basic_authorize
+
+      patch(api_configuration_script_payload_url(nil, script_payload), :params => {:name => 'foo'})
+
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it 'can update a configuration_script_payload' do
+      api_basic_authorize action_identifier(:configuration_script_payloads, :edit)
+
+      patch(api_configuration_script_payload_url(nil, script_payload), :params => {:name => 'foo'})
+
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include('name' => 'foo')
+      expect(script_payload.reload.name).to eq('foo')
+    end
+  end
+
   describe 'GET /api/configuration_script_payloads/:id/authentications' do
-    it 'returns the configuration script sources authentications' do
+    it 'returns the configuration script payloads authentications' do
       authentication = FactoryBot.create(:authentication)
       playbook = FactoryBot.create(:configuration_script_payload, :authentications => [authentication])
       api_basic_authorize subcollection_action_identifier(:configuration_script_payloads, :authentications, :read, :get)