Merge pull request #1271 from Crown-Commercial-Service/feature/nrmi-2-get-submissions-endpoint

reemi1510 · web-flow · commit 49287ed48a35 · 2026-04-29T13:04:51.000+01:00
Feature/nrmi 2 get submissions endpoint
diff --git a/app/controllers/v2/submissions_controller.rb b/app/controllers/v2/submissions_controller.rb
@@ -0,0 +1,14 @@
+class V2::SubmissionsController < ActionController::API
+  include ApiKeyAuthenticatable
+
+  def index
+    @submissions = Submission.all
+    if params[:updated_at].present?
+      @submissions = @submissions.where(updated_at: Time.zone.parse(params[:updated_at])..Time.zone.now)
+    end
+
+    render json: @submissions
+  rescue ArgumentError
+    render json: { error: 'updated_at must be a valid date or datetime' }, status: :bad_request
+  end
+end
diff --git a/app/controllers/v2/tasks_controller.rb b/app/controllers/v2/tasks_controller.rb
@@ -0,0 +1,14 @@
+class V2::TasksController < ActionController::API
+  include ApiKeyAuthenticatable
+
+  def index
+    @tasks = Task.all
+    if params[:updated_at].present?
+      @tasks = @tasks.where(updated_at: Time.zone.parse(params[:updated_at])..Time.zone.now)
+    end
+
+    render json: @tasks
+  rescue ArgumentError
+    render json: { error: 'updated_at must be a valid date or datetime' }, status: :bad_request
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -80,6 +80,8 @@
     resources :frameworks, only: :index
     resources :framework_lots, only: :index
     resources :agreement_framework_lots, only: :index
+    resources :tasks, only: :index
+    resources :submissions, only: :index
   end
 
   namespace :admin do
diff --git a/spec/requests/v2/submissions_spec.rb b/spec/requests/v2/submissions_spec.rb
@@ -0,0 +1,50 @@
+require 'rails_helper'
+
+RSpec.describe 'V2::Submissions', type: :request do
+  let(:valid_api_key) { create(:api_key) }
+  let(:invalid_api_key) { 'invalid_key' }
+
+  describe 'GET /v2/submissions' do
+    context 'with valid API key' do
+      before do
+        create_list(:submission, 3)
+        get v2_submissions_path, headers: { 'API-Key' => valid_api_key.key }
+      end
+
+      it 'returns all submissions when updated_at is not provided' do
+        expect(response).to have_http_status(:ok)
+        expect(JSON.parse(response.body).size).to eq(3)
+      end
+
+      it 'returns submissions updated since the provided date' do
+        old_submission = create(:submission, updated_at: 3.days.ago)
+        recent_submission = create(:submission, updated_at: 1.hour.ago)
+
+        get v2_submissions_path, params: { updated_at: 2.days.ago.iso8601 }, headers: { 'API-Key' => valid_api_key.key }
+        submission_ids = JSON.parse(response.body).pluck('id')
+
+        expect(response).to have_http_status(:ok)
+        expect(submission_ids).to include(recent_submission.id)
+        expect(submission_ids).not_to include(old_submission.id)
+      end
+    end
+
+    context 'with missing API key' do
+      before { get v2_submissions_path }
+
+      it 'returns unauthorized status' do
+        expect(response).to have_http_status(:unauthorized)
+        expect(JSON.parse(response.body)['error']).to eq('API key is missing')
+      end
+    end
+
+    context 'with invalid API key' do
+      before { get v2_submissions_path, headers: { 'API-Key' => invalid_api_key } }
+
+      it 'returns unauthorized status' do
+        expect(response).to have_http_status(:unauthorized)
+        expect(JSON.parse(response.body)['error']).to eq('API key is invalid')
+      end
+    end
+  end
+end
diff --git a/spec/requests/v2/tasks_spec.rb b/spec/requests/v2/tasks_spec.rb
@@ -0,0 +1,50 @@
+require 'rails_helper'
+
+RSpec.describe 'V2::Tasks', type: :request do
+  let(:valid_api_key) { create(:api_key) }
+  let(:invalid_api_key) { 'invalid_key' }
+
+  describe 'GET /v2/tasks' do
+    context 'with valid API key' do
+      before do
+        create_list(:task, 3)
+        get v2_tasks_path, headers: { 'API-Key' => valid_api_key.key }
+      end
+
+      it 'returns all tasks when updated_at is not provided' do
+        expect(response).to have_http_status(:ok)
+        expect(JSON.parse(response.body).size).to eq(3)
+      end
+
+      it 'returns tasks updated since the provided date' do
+        old_task = create(:task, updated_at: 3.days.ago)
+        recent_task = create(:task, updated_at: 1.hour.ago)
+
+        get v2_tasks_path, params: { updated_at: 2.days.ago.iso8601 }, headers: { 'API-Key' => valid_api_key.key }
+        task_ids = JSON.parse(response.body).pluck('id')
+
+        expect(response).to have_http_status(:ok)
+        expect(task_ids).to include(recent_task.id)
+        expect(task_ids).not_to include(old_task.id)
+      end
+    end
+
+    context 'with missing API key' do
+      before { get v2_tasks_path }
+
+      it 'returns unauthorized status' do
+        expect(response).to have_http_status(:unauthorized)
+        expect(JSON.parse(response.body)['error']).to eq('API key is missing')
+      end
+    end
+
+    context 'with invalid API key' do
+      before { get v2_tasks_path, headers: { 'API-Key' => invalid_api_key } }
+
+      it 'returns unauthorized status' do
+        expect(response).to have_http_status(:unauthorized)
+        expect(JSON.parse(response.body)['error']).to eq('API key is invalid')
+      end
+    end
+  end
+end
