added user creation for groups

app/controllers/user_groups_controller.rb

@@ -4,11 +4,15 @@ class UserGroupsController < ApplicationController
   before_action :set_user_group,
                 only: [:update,
                        :remove_member,
+                       :invite_member,
+                       :create_member,
                        :add_member,
                        :destroy]
   before_action :authorize_group_admin,
                 only: [:update,
                        :remove_member,
+                       :invite_member,
+                       :create_member,
                        :add_member,
                        :destroy]
 
@@ -41,6 +45,32 @@ class UserGroupsController < ApplicationController
     render :show, status: @service.success? ? :ok : :unprocessable_entity
   end
 
+  # PATCH/PUT /user_groups/1/create_member.json
+  def create_member
+    @service = StubService.new
+    user = User.new(user_params)
+    unless user.save
+      @service.errors = user.errors.full_messages
+      render :show, status: :unprocessable_entity
+      return
+    end
+    @user_group.users << user
+    @service.add_notice('created user')
+    render :show
+  end
+
+  # PATCH/PUT /user_groups/1/invite_member.json
+  def invite_member
+    @service = InviteUser.new
+    @service.run(params[:email])
+    if @service.success?
+      @user_group.users << @service.user
+      render :show
+    else
+      render :show, status: :unprocessable_entity
+    end
+  end
+
   # PATCH/PUT /user_groups/1/remove_member.json
   def remove_member
     @service = RemoveGroupMember.new
@@ -79,6 +109,11 @@ class UserGroupsController < ApplicationController
     params.permit(:name, :description)
   end
 
+  def user_params
+    params.permit(:first_name, :last_name, :email,
+                  :password, :password_confirmation)
+  end
+
   def authorize_group_admin
     head :unauthorized unless @user_group.owner == current_user
   end

app/controllers/users_controller.rb

@@ -6,4 +6,22 @@ class UsersController < ApplicationController
     @users = User.confirmed
   end
 
+  # note: update is handled by devise
+
+  # POST /users.json
+  def create
+    @service = StubService.new
+  end
+
+  private
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def nilm_params
+    params.permit(:first_name,
+                  :last_name,
+                  :email,
+                  :password,
+                  :password_confirmation)
+  end
+
 end

config/routes.rb

@@ -13,7 +13,9 @@ Rails.application.routes.draw do
   resources :users, only: [:index, :create, :destroy]
   resources :user_groups, only: [:index, :update, :create, :destroy] do
     member do
+      put 'create_member'
       put 'add_member'
+      put 'invite_member'
       put 'remove_member'
     end
   end

spec/controllers/user_groups_controller_spec.rb

@@ -112,6 +112,73 @@ end
     end
   end
 
+  describe 'PUT create_member' do
+    context 'with owner' do
+      it 'creates a user and adds him to the group' do
+        members = group.users.length
+        @auth_headers = owner.create_new_auth_token
+        put "/user_groups/#{group.id}/create_member.json",
+          params: {first_name: 'bill', last_name: 'will',
+                   email: 'valid@url.com', password: 'poorchoice',
+                   password_confirmation: 'poorchoice'},
+          headers: @auth_headers
+        expect(response).to have_http_status(:ok)
+        expect(User.find_by_email('valid@url.com')).to_not be nil
+        expect(response).to have_notice_message
+        #make sure response contains the new user
+        expect(response.header['Content-Type']).to include('application/json')
+        body = JSON.parse(response.body)
+        expect(body["data"]["members"].length).to eq(members+1)
+      end
+      it 'returns error message if user has errors' do
+        @auth_headers = owner.create_new_auth_token
+        put "/user_groups/#{group.id}/create_member.json",
+          params: {first_name: 'bill', last_name: 'will',
+                   email: 'valid@url.com', password: 'poorchoice',
+                   password_confirmation: 'nomatch'},
+          headers: @auth_headers
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(User.find_by_email('valid@url.com')).to be nil
+        expect(response).to have_error_message
+      end
+    end
+    context 'with anyone else' do
+      it 'returns unauthorized' do
+        @auth_headers = member1.create_new_auth_token
+        put "/user_groups/#{group.id}/create_member.json",
+          params: {first_name: 'bill', last_name: 'will',
+                   email: 'valid@url.com', password: 'poorchoice',
+                   password_confirmation: 'poorchoice'},
+          headers: @auth_headers
+        expect(response).to have_http_status(:unauthorized)
+        expect(User.find_by_email('valid@url.com')).to be nil
+      end
+    end
+    context 'without sigin' do
+      it 'returns unauthorized' do
+        put "/user_groups/#{group.id}/create_member.json",
+          params: {first_name: 'bill', last_name: 'will',
+                   email: 'valid@url.com', password: 'poorchoice',
+                   password_confirmation: 'poorchoice'}
+        expect(response).to have_http_status(:unauthorized)
+        expect(User.find_by_email('valid@url.com')).to be nil
+      end
+    end
+  end
+
+  describe 'PUT invite_member' do
+    context 'with owner' do
+      it 'invites a user and adds him to the group'
+      it 'adds existing members to the group'
+    end
+    context 'with anyone else' do
+      it 'returns unauthorized'
+    end
+    context 'without sigin' do
+      it 'returns unauthorized'
+    end
+  end
+
   describe 'PUT remove_member' do
     context 'with owner' do
       it 'removes a member' do