URL

Purpose of this test is to check that notes can't be acccess with URL modifications (invalid project ID). To test, we need a note:

Response: HTTP 200, application/json (Hide)
POST /projects/1/notes

Payload:

1
2
3
4
{
    "name": "Test Document",
    "body": "Text"
}

Response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{
    "single": {
        "id": 1,
        "class": "Note",
        "url_path": "\/projects\/1\/notes\/1",
        "name": "Test Document",
        "comments_count": 0,
        "attachments": [],
        "is_trashed": false,
        "trashed_on": null,
        "trashed_by_id": 0,
        "project_id": 1,
        "is_hidden_from_clients": false,
        "body": "Text",
        "body_formatted": "Text",
        "body_plain_text": "Text",
        "created_on": 1430164242,
        "created_by_id": 1,
        "updated_on": 1430164242,
        "updated_by_id": 1,
        "note_id": 0,
        "is_subnote": false,
        "subnotes_count": 0,
        "is_in_collection": false,
        "position": 0,
        "contributor_ids": [
            1
        ]
    },
    "subscribers": [
        1
    ],
    "comments": [],
    "subnotes": []
}

It is accessible through the valid project URL:

Response: HTTP 200, application/json (Hide)
GET /projects/1/notes/1

Response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{
    "single": {
        "id": 1,
        "class": "Note",
        "url_path": "\/projects\/1\/notes\/1",
        "name": "Test Document",
        "comments_count": 0,
        "attachments": [],
        "is_trashed": false,
        "trashed_on": null,
        "trashed_by_id": 0,
        "project_id": 1,
        "is_hidden_from_clients": false,
        "body": "Text",
        "body_formatted": "Text",
        "body_plain_text": "Text",
        "created_on": 1430164242,
        "created_by_id": 1,
        "updated_on": 1430164242,
        "updated_by_id": 1,
        "note_id": 0,
        "is_subnote": false,
        "subnotes_count": 0,
        "is_in_collection": false,
        "position": 0,
        "contributor_ids": [
            1
        ]
    },
    "subscribers": [
        1
    ],
    "comments": [],
    "subnotes": []
}

But not if we insert an incorrect project ID in the URL:

Response: HTTP 404, text/html
GET /projects/2/notes/1