allow changing a collection from private to public

test plan: create a private collection, then use the api to update it to
public. verify it can't go back to private, right now.

Change-Id: Ic11dcb3c60e8130304b9fa1c9c7482461f5b6cdd
Reviewed-on: https://gerrit.instructure.com/11368
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>

app/controllers/collections_controller.rb

@@ -158,6 +158,9 @@ class CollectionsController < ApplicationController
   # Collection visibility cannot be modified once the collection is created.
   #
   # @argument name
+  # @argument visibility The visibility of a "private" collection can be
+  #     changed to "public". However, a "public" collection cannot be made
+  #     "private" again.
   #
   # @example_request
   #     curl -H 'Authorization: Bearer <token>' \ 

app/models/collection.rb

@@ -25,7 +25,7 @@ class Collection < ActiveRecord::Base
   has_many :following_user_follows, :class_name => 'UserFollow', :as => :followed_item
 
   attr_accessible :name, :visibility
-  validates_as_readonly :visibility
+  validates_allowed_transitions :visibility, "private" => "public"
 
   validates_inclusion_of :visibility, :in => %w(public private)
 

app/models/group.rb

@@ -22,7 +22,7 @@ class Group < ActiveRecord::Base
   include CustomValidations
 
   attr_accessible :name, :context, :max_membership, :group_category, :join_level, :default_view, :description, :is_public, :avatar_attachment
-  validates_only_false_to_true :is_public
+  validates_allowed_transitions :is_public, false => true
 
   has_many :group_memberships, :dependent => :destroy, :conditions => ['group_memberships.workflow_state != ?', 'deleted']
   has_many :users, :through => :group_memberships, :conditions => ['users.workflow_state != ?', 'deleted']

lib/custom_validations.rb

@@ -52,15 +52,18 @@ module CustomValidations
       end
     end
 
-    # only allow false -> true type changes
-    def validates_only_false_to_true(*fields)
-      validates_each(fields) do |record, attr, value|
-        if !record.new_record? && record.send("#{attr}_changed?") && !!record.send("#{attr}_was") && !value
-          record.errors.add attr, "cannot be changed back to false"
+    # alloweds is a hash of old_value => [new_value]
+    # on update, only those transitions will be allowed for the given field
+    def validates_allowed_transitions(field, alloweds)
+      validates_each(field) do |record, attr, value|
+        if !record.new_record? && record.send("#{attr}_changed?")
+          old_val = record.send("#{attr}_was")
+          unless alloweds.any? { |old,news| old_val == old && Array(news).include?(value) }
+            record.errors.add attr, "cannot be changed to that value"
+          end
         end
       end
     end
-
   end
 
   def self.included(klass)

spec/apis/v1/collections_spec.rb

@@ -53,13 +53,21 @@ describe "Collections API", :type => :integration do
       @c1.reload.name.should == "test1 edited"
     end
 
-    it "should not allow changing visibility" do
+    it "should allow changing private to public but not the reverse" do
       json = api_call(:put, "/api/v1/collections/#{@c1.id}", { :controller => "collections", :collection_id => @c1.to_param, :action => "update", :format => "json" }, {
         :name => "test1 edited",
         :visibility => "public",
+      })
+      @c1.reload
+      @c1.name.should == "test1 edited"
+      @c1.visibility.should == "public"
+
+      json = api_call(:put, "/api/v1/collections/#{@c1.id}", { :controller => "collections", :collection_id => @c1.to_param, :action => "update", :format => "json" }, {
+        :visibility => "private",
       }, {}, :expected_status => 400)
-      @c1.name.should == "test1"
-      @c1.visibility.should == "private"
+      @c1.reload
+      @c1.name.should == "test1 edited"
+      @c1.visibility.should == "public"
     end
 
     it "should allow deleting a collection" do