5 files changed, 37 insertions, 8 deletions

diff --git a/app/controllers/api/v1/iboo_controller.rb b/app/controllers/api/v1/iboo_controller.rb
index 7ea4cc22e..4db9e9007 100644
--- a/app/controllers/api/v1/iboo_controller.rb
+++ b/app/controllers/api/v1/iboo_controller.rb
@@ -7,13 +7,10 @@ class Api::V1::IbooController < Api::V1::ChouetteController
   private
   def authenticate
     authenticate_with_http_basic do |code, token|
-      api_key = Api::V1::ApiKey.find_by(token: token)
-      organisation = Organisation.find_by(code: code)
-
-      return unless api_key && organisation
-
-      if api_key.organisation == organisation
-        @current_organisation = organisation
+      if organisation = Organisation.find_by(code: code)
+        if organisation.api_keys.exists?(token: token)
+          @current_organisation = organisation
+        end
       end
     end
 
diff --git a/app/controllers/api/v1/imports_controller.rb b/app/controllers/api/v1/imports_controller.rb
index ac2ec4516..6050418d8 100644
--- a/app/controllers/api/v1/imports_controller.rb
+++ b/app/controllers/api/v1/imports_controller.rb
@@ -1,4 +1,15 @@
 class Api::V1::ImportsController < Api::V1::IbooController
-  defaults :resource_class => Api::V1::ApiKey
+  defaults :resource_class => WorkbenchImport
   belongs_to :workbench
+
+  def create
+    args    = workbench_import_params.merge(creator: 'Webservice')
+    @import = parent.workbench_imports.create(args)
+    create!
+  end
+
+  private
+  def workbench_import_params
+    params.require(:workbench_import).permit(:file, :name)
+  end
 end
diff --git a/spec/controllers/api/v1/imports_controller_spec.rb b/spec/controllers/api/v1/imports_controller_spec.rb
index 52fbf8e9b..f9593df99 100644
--- a/spec/controllers/api/v1/imports_controller_spec.rb
+++ b/spec/controllers/api/v1/imports_controller_spec.rb
@@ -4,6 +4,8 @@ RSpec.describe Api::V1::ImportsController, type: :controller do
   let(:workbench) { create :workbench, organisation: organisation }
 
   context 'unauthenticated' do
+    include_context 'iboo wrong authorisation api user'
+
     describe 'GET #index' do
       it 'should not be successful' do
         get :index, workbench_id: workbench.id
@@ -21,5 +23,14 @@ RSpec.describe Api::V1::ImportsController, type: :controller do
         expect(response).to be_success
       end
     end
+
+    describe 'POST #create' do
+      let(:file) { fixture_file_upload('multiple_references_import.zip') }
+
+      it 'should be successful' do
+        post :create, workbench_id: workbench.id, workbench_import: {file: file, creator: 'test'}, format: :json
+        expect(response).to be_success
+      end
+    end
   end
 end
diff --git a/spec/controllers/api/v1/workbenches_controller_spec.rb b/spec/controllers/api/v1/workbenches_controller_spec.rb
index dc05c3926..7780da142 100644
--- a/spec/controllers/api/v1/workbenches_controller_spec.rb
+++ b/spec/controllers/api/v1/workbenches_controller_spec.rb
@@ -2,6 +2,8 @@ require 'rails_helper'
 
 RSpec.describe Api::V1::WorkbenchesController, type: :controller do
   context 'unauthenticated' do
+    include_context 'iboo wrong authorisation api user'
+
     describe 'GET #index' do
       it 'should not be successful' do
         get :index
diff --git a/spec/support/shared_context.rb b/spec/support/shared_context.rb
index e7416f2f1..e9b0025a2 100644
--- a/spec/support/shared_context.rb
+++ b/spec/support/shared_context.rb
@@ -5,3 +5,11 @@ shared_context 'iboo authenticated api user' do
     request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(api_key.organisation.code, api_key.token)
   end
 end
+
+shared_context 'iboo wrong authorisation api user' do
+  let(:api_key) { create(:api_key, organisation: organisation) }
+
+  before do
+    request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('fake code', api_key.token)
+  end
+end