From 200c282683006c020ad0ece22e0a9f5ca24d9b2b Mon Sep 17 00:00:00 2001
From: Oleksii Kriuchykhin <okriuchykhin@biosistemika.com>
Date: Tue, 4 Jan 2022 21:05:59 +0100
Subject: [PATCH] Add handling of archiving/restoring inventory items to API
 [SCI-5584]

---
 .../api/v1/inventory_items_controller.rb      | 28 +++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/v1/inventory_items_controller.rb b/app/controllers/api/v1/inventory_items_controller.rb
index 5e85ec8ec..1eddecd3f 100644
--- a/app/controllers/api/v1/inventory_items_controller.rb
+++ b/app/controllers/api/v1/inventory_items_controller.rb
@@ -8,7 +8,8 @@ module Api
       before_action only: %i(show update destroy) do
         load_inventory_item(:id)
       end
-      before_action :check_manage_permissions, only: %i(create update destroy)
+      before_action :check_manage_permissions, only: %i(create update)
+      before_action :check_delete_permissions, only: :destroy
 
       def index
         items = @inventory.repository_rows
@@ -77,6 +78,15 @@ module Api
         @inventory_item.attributes = update_inventory_item_params
         item_changed = true if @inventory_item.changed?
         if item_changed
+          if @inventory_item.archived_changed?
+            if @inventory_item.archived?
+              check_archive_permissions
+              @inventory_item.archived_by = current_user
+            else
+              check_restore_permissions
+              @inventory_item.restored_by = current_user
+            end
+          end
           @inventory_item.last_modified_by = current_user
           @inventory_item.save!
           render jsonapi: @inventory_item,
@@ -98,12 +108,26 @@ module Api
         raise PermissionError.new(RepositoryItem, :manage) unless can_manage_repository_rows?(@inventory)
       end
 
+      def check_delete_permissions
+        unless can_delete_repository_rows?(@inventory) && @inventory_item.archived?
+          raise PermissionError.new(RepositoryItem, :delete)
+        end
+      end
+
+      def check_archive_permissions
+        raise PermissionError.new(RepositoryItem, :archive) unless can_delete_repository_rows?(@inventory)
+      end
+
+      def check_restore_permissions
+        raise PermissionError.new(RepositoryItem, :restore) unless can_delete_repository_rows?(@inventory)
+      end
+
       def inventory_item_params
         unless params.require(:data).require(:type) == 'inventory_items'
           raise TypeError
         end
         params.require(:data).require(:attributes)
-        params.permit(data: { attributes: :name })[:data]
+        params.permit(data: { attributes: %i(name archived) })[:data]
       end
 
       def update_inventory_item_params