diff --git a/app/controllers/api/v1/widget/labels_controller.rb b/app/controllers/api/v1/widget/labels_controller.rb index c6435da4b..564fec8fc 100644 --- a/app/controllers/api/v1/widget/labels_controller.rb +++ b/app/controllers/api/v1/widget/labels_controller.rb @@ -1,6 +1,6 @@ class Api::V1::Widget::LabelsController < Api::V1::Widget::BaseController def create - if conversation.present? + if conversation.present? && label_defined_in_account? conversation.label_list.add(permitted_params[:label]) conversation.save! end @@ -19,6 +19,11 @@ class Api::V1::Widget::LabelsController < Api::V1::Widget::BaseController private + def label_defined_in_account? + label = @account.labels.find_by(title: permitted_params[:label]) + label.present? + end + def permitted_params params.permit(:id, :label, :website_token) end diff --git a/spec/controllers/api/v1/widget/labels_controller_spec.rb b/spec/controllers/api/v1/widget/labels_controller_spec.rb index 13ee6f18e..bdd47f9c9 100644 --- a/spec/controllers/api/v1/widget/labels_controller_spec.rb +++ b/spec/controllers/api/v1/widget/labels_controller_spec.rb @@ -12,8 +12,24 @@ RSpec.describe '/api/v1/widget/labels', type: :request do describe 'POST /api/v1/widget/labels' do let(:params) { { website_token: web_widget.website_token, label: 'customer-support' } } - context 'with correct website token' do - it 'returns the list of labels' do + context 'with correct website token and undefined label' do + it 'does not add the label' do + post '/api/v1/widget/labels', + params: params, + headers: { 'X-Auth-Token' => token }, + as: :json + + expect(response).to have_http_status(:success) + expect(conversation.reload.label_list.count).to eq 0 + end + end + + context 'with correct website token and a defined label' do + before do + account.labels.create(title: 'customer-support') + end + + it 'add the label to the conversation' do post '/api/v1/widget/labels', params: params, headers: { 'X-Auth-Token' => token },