From c7e843343d42d0d57174118a98190a8b6a486bad Mon Sep 17 00:00:00 2001
From: Mimis Chlympatsos <mimis.chlympatsos@mail.utoronto.ca>
Date: Mon, 18 Dec 2023 09:26:12 -0500
Subject: [PATCH] Add API routes for section create/destroy (#6873)

Co-authored-by: Bruce Liu <liuxb904@gmail.com>
---
 Changelog.md                                  |  1 +
 app/controllers/api/sections_controller.rb    | 35 +++++++++++++
 config/routes.rb                              |  1 +
 .../api/sections_controller_spec.rb           | 51 +++++++++++++++++++
 4 files changed, 88 insertions(+)
 create mode 100644 app/controllers/api/sections_controller.rb
 create mode 100644 spec/controllers/api/sections_controller_spec.rb

diff --git a/Changelog.md b/Changelog.md
index 9e55e8c9c1..81a3a5df34 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -3,6 +3,7 @@
 ## [unreleased]
 - Allow inactive groups in the graders table to be toggled for display (#6778)
 - Enable plotly rendering for jupyter notebooks (#6871)
+- Added new API routes for the `create` and `destroy` actions of SectionsController (#6873)
 
 ## [v2.4.1]
 - Internal changes only
diff --git a/app/controllers/api/sections_controller.rb b/app/controllers/api/sections_controller.rb
new file mode 100644
index 0000000000..2304f3f592
--- /dev/null
+++ b/app/controllers/api/sections_controller.rb
@@ -0,0 +1,35 @@
+module Api
+  # Api controller responsible for CRUD operations for the Section model
+  class SectionsController < MainApiController
+    def create
+      section = current_course.sections.new(section_params)
+      if section.save
+        render 'shared/http_status',
+               locals: { code: '201', message: HttpStatusHelper::ERROR_CODE['message']['201'] }, status: :created
+      else
+        render 'shared/http_status', locals: { code: '422', message:
+          HttpStatusHelper::ERROR_CODE['message']['422'] }, status: :unprocessable_entity
+      end
+    end
+
+    def destroy
+      @section = record
+
+      if @section.has_students?
+        render 'shared/http_status',
+               locals: { code: :conflict, message: t('sections.destroy.not_empty') },
+               status: :conflict
+      else
+        @section.assessment_section_properties.each(&:destroy)
+        @section.destroy
+        render 'shared/http_status',
+               locals: { code: '200', message: t('sections.destroy.success') },
+               status: :ok
+      end
+    end
+
+    def section_params
+      params.require(:section).permit(:name)
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index fca7dd7522..f6f1705bdd 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -85,6 +85,7 @@
           get 'download_entries'
         end
       end
+      resources :sections, only: [:create, :destroy]
     end
     # Return a 404 when no route is match
     match '*path', controller: 'main_api', action: 'page_not_found', via: :all
diff --git a/spec/controllers/api/sections_controller_spec.rb b/spec/controllers/api/sections_controller_spec.rb
new file mode 100644
index 0000000000..10e580b5fd
--- /dev/null
+++ b/spec/controllers/api/sections_controller_spec.rb
@@ -0,0 +1,51 @@
+describe Api::SectionsController do
+  include AutomatedTestsHelper
+
+  let(:section) { create :section }
+  let(:instructor) { create :instructor }
+  let(:course) { section.course }
+
+  context 'An unauthorized attempt' do
+    it 'fails to delete section' do
+      delete :destroy, params: { course_id: course.id, id: section }
+      expect(response).to have_http_status(403)
+      expect(course.sections.exists?(section.id)).to be_truthy
+    end
+  end
+
+  context 'An authorized attempt' do
+    before :each do
+      instructor.reset_api_key
+      request.env['HTTP_AUTHORIZATION'] = "MarkUsAuth #{instructor.api_key.strip}"
+    end
+
+    context 'POST create' do
+      it 'should create a new section when given the correct params' do
+        post :create, params: { course_id: course.id, section: { name: 'LEC0301' } }
+        expect(response).to have_http_status(201)
+        expect(course.sections.find_by(name: 'LEC0301').name).to eq('LEC0301')
+      end
+
+      it 'should throw a 422 error and not create a section with when given an invalid param' do
+        post :create, params: { course_id: course.id, section: { name: '' } }
+        expect(response).to have_http_status(422)
+        expect(course.sections.find_by(name: '')).to be_nil
+      end
+    end
+
+    context 'DELETE destroy' do
+      it 'successfully deletes section' do
+        delete :destroy, params: { course_id: course.id, id: section }
+        expect(response).to have_http_status(:ok)
+        expect(course.sections.exists?(section.id)).to be_falsey
+      end
+      it 'does not delete section because the section is non-empty (has students), with 403 code' do
+        student = create(:student)
+        section.students = [student]
+        delete :destroy, params: { course_id: course.id, id: section }
+        expect(response).to have_http_status(:conflict)
+        expect(course.sections.exists?(section.id)).to be_truthy
+      end
+    end
+  end
+end