Commit 7a7621f9 by John Doe

added user creation for groups

parent 66c231f1
...@@ -4,11 +4,15 @@ class UserGroupsController < ApplicationController ...@@ -4,11 +4,15 @@ class UserGroupsController < ApplicationController
before_action :set_user_group, before_action :set_user_group,
only: [:update, only: [:update,
:remove_member, :remove_member,
:invite_member,
:create_member,
:add_member, :add_member,
:destroy] :destroy]
before_action :authorize_group_admin, before_action :authorize_group_admin,
only: [:update, only: [:update,
:remove_member, :remove_member,
:invite_member,
:create_member,
:add_member, :add_member,
:destroy] :destroy]
...@@ -41,6 +45,32 @@ class UserGroupsController < ApplicationController ...@@ -41,6 +45,32 @@ class UserGroupsController < ApplicationController
render :show, status: @service.success? ? :ok : :unprocessable_entity render :show, status: @service.success? ? :ok : :unprocessable_entity
end end
# PATCH/PUT /user_groups/1/create_member.json
def create_member
@service = StubService.new
user = User.new(user_params)
unless user.save
@service.errors = user.errors.full_messages
render :show, status: :unprocessable_entity
return
end
@user_group.users << user
@service.add_notice('created user')
render :show
end
# PATCH/PUT /user_groups/1/invite_member.json
def invite_member
@service = InviteUser.new
@service.run(params[:email])
if @service.success?
@user_group.users << @service.user
render :show
else
render :show, status: :unprocessable_entity
end
end
# PATCH/PUT /user_groups/1/remove_member.json # PATCH/PUT /user_groups/1/remove_member.json
def remove_member def remove_member
@service = RemoveGroupMember.new @service = RemoveGroupMember.new
...@@ -79,6 +109,11 @@ class UserGroupsController < ApplicationController ...@@ -79,6 +109,11 @@ class UserGroupsController < ApplicationController
params.permit(:name, :description) params.permit(:name, :description)
end end
def user_params
params.permit(:first_name, :last_name, :email,
:password, :password_confirmation)
end
def authorize_group_admin def authorize_group_admin
head :unauthorized unless @user_group.owner == current_user head :unauthorized unless @user_group.owner == current_user
end end
......
...@@ -6,4 +6,22 @@ class UsersController < ApplicationController ...@@ -6,4 +6,22 @@ class UsersController < ApplicationController
@users = User.confirmed @users = User.confirmed
end end
# note: update is handled by devise
# POST /users.json
def create
@service = StubService.new
end
private
# Never trust parameters from the scary internet, only allow the white list through.
def nilm_params
params.permit(:first_name,
:last_name,
:email,
:password,
:password_confirmation)
end
end end
...@@ -13,7 +13,9 @@ Rails.application.routes.draw do ...@@ -13,7 +13,9 @@ Rails.application.routes.draw do
resources :users, only: [:index, :create, :destroy] resources :users, only: [:index, :create, :destroy]
resources :user_groups, only: [:index, :update, :create, :destroy] do resources :user_groups, only: [:index, :update, :create, :destroy] do
member do member do
put 'create_member'
put 'add_member' put 'add_member'
put 'invite_member'
put 'remove_member' put 'remove_member'
end end
end end
......
...@@ -112,6 +112,73 @@ end ...@@ -112,6 +112,73 @@ end
end end
end end
describe 'PUT create_member' do
context 'with owner' do
it 'creates a user and adds him to the group' do
members = group.users.length
@auth_headers = owner.create_new_auth_token
put "/user_groups/#{group.id}/create_member.json",
params: {first_name: 'bill', last_name: 'will',
email: 'valid@url.com', password: 'poorchoice',
password_confirmation: 'poorchoice'},
headers: @auth_headers
expect(response).to have_http_status(:ok)
expect(User.find_by_email('valid@url.com')).to_not be nil
expect(response).to have_notice_message
#make sure response contains the new user
expect(response.header['Content-Type']).to include('application/json')
body = JSON.parse(response.body)
expect(body["data"]["members"].length).to eq(members+1)
end
it 'returns error message if user has errors' do
@auth_headers = owner.create_new_auth_token
put "/user_groups/#{group.id}/create_member.json",
params: {first_name: 'bill', last_name: 'will',
email: 'valid@url.com', password: 'poorchoice',
password_confirmation: 'nomatch'},
headers: @auth_headers
expect(response).to have_http_status(:unprocessable_entity)
expect(User.find_by_email('valid@url.com')).to be nil
expect(response).to have_error_message
end
end
context 'with anyone else' do
it 'returns unauthorized' do
@auth_headers = member1.create_new_auth_token
put "/user_groups/#{group.id}/create_member.json",
params: {first_name: 'bill', last_name: 'will',
email: 'valid@url.com', password: 'poorchoice',
password_confirmation: 'poorchoice'},
headers: @auth_headers
expect(response).to have_http_status(:unauthorized)
expect(User.find_by_email('valid@url.com')).to be nil
end
end
context 'without sigin' do
it 'returns unauthorized' do
put "/user_groups/#{group.id}/create_member.json",
params: {first_name: 'bill', last_name: 'will',
email: 'valid@url.com', password: 'poorchoice',
password_confirmation: 'poorchoice'}
expect(response).to have_http_status(:unauthorized)
expect(User.find_by_email('valid@url.com')).to be nil
end
end
end
describe 'PUT invite_member' do
context 'with owner' do
it 'invites a user and adds him to the group'
it 'adds existing members to the group'
end
context 'with anyone else' do
it 'returns unauthorized'
end
context 'without sigin' do
it 'returns unauthorized'
end
end
describe 'PUT remove_member' do describe 'PUT remove_member' do
context 'with owner' do context 'with owner' do
it 'removes a member' do it 'removes a member' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment