added end point for to create a user with permissions

9d33dd1d · John Doe · 7a7621f9 · 9d33dd1d · 9d33dd1d · 9d33dd1d
Commit 9d33dd1d authored Mar 09, 2017 by John Doe
Showing with 102 additions and 5 deletions
app/controllers/permissions_controller.rb
app/views/helpers/empty_response.json.jbuilder
config/routes.rb
spec/controllers/permissions_controller_spec.rb
--- a/app/controllers/permissions_controller.rb
+++ b/app/controllers/permissions_controller.rb
@@ -30,6 +30,23 @@ class PermissionsController < ApplicationController
    render status: @service.success? ? :ok : :unprocessable_entity
  end

+  # PUT /permissions/create_user.json
+  def create_user
+    @service = StubService.new
+    user = User.new(user_params)
+    unless user.save
+      @service.errors = user.errors.full_messages
+      render 'helpers/empty_response', status: :unprocessable_entity
+      return
+    end
+    @service = CreatePermission.new
+    @service.run(@nilm, params[:role], 'user', user.id)
+    @permission = @service.permission
+    @service.add_notice('created user')
+    render :create, status: @service.success? ? :ok : :unprocessable_entity
+  end
+
+
  private

  def set_nilm
@@ -37,6 +54,11 @@ class PermissionsController < ApplicationController
    head :not_found unless @nilm
  end

+  def user_params
+    params.permit(:first_name, :last_name, :email,
+                  :password, :password_confirmation)
+  end
+
  # authorization based on nilms
  def authorize_admin
    head :unauthorized  unless current_user.admins_nilm?(@nilm)

--- a/app/views/helpers/empty_response.json.jbuilder
+++ b/app/views/helpers/empty_response.json.jbuilder
+json.data do
+  #nothing
+end
+
+json.partial! "helpers/messages", service: @service
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -19,5 +19,10 @@ Rails.application.routes.draw do
      put 'remove_member'
    end
  end
-  resources :permissions, only: [:index, :create, :destroy]
+  resources :permissions, only: [:index, :create, :destroy] do
+    collection do
+      put 'create_user'
+      put 'invite_user'
+    end
+  end
 end
--- a/spec/controllers/permissions_controller_spec.rb
+++ b/spec/controllers/permissions_controller_spec.rb
 require 'rails_helper'

 RSpec.describe PermissionsController, type: :request do
-  let(:john) { create(:user, first_name: 'John') }
-  let(:nicky) { create(:user, first_name: 'Nicky')}
-  let(:steve) { create(:user, first_name: 'Steve') }
-  let(:pete) { create(:user, first_name: 'Pete') }
+  let(:john) { create(:confirmed_user, first_name: 'John') }
+  let(:nicky) { create(:confirmed_user, first_name: 'Nicky')}
+  let(:steve) { create(:confirmed_user, first_name: 'Steve') }
+  let(:pete) { create(:confirmed_user, first_name: 'Pete') }
  let(:john_nilm) { create(:nilm, name: "John's NILM",
                                  admins: [john],
                                  owners: [nicky],
@@ -102,6 +102,71 @@ RSpec.describe PermissionsController, type: :request do
    end
  end

+  describe 'PUT #create_user' do
+    context 'with admin privileges' do
+      it 'creates user with specified permission' do
+        @auth_headers = john.create_new_auth_token
+        put "/permissions/create_user.json",
+          params: {nilm_id: john_nilm.id,
+                   role: 'viewer',
+                   first_name: 'bill', last_name: 'will',
+                   email: 'valid@url.com', password: 'poorchoice',
+                   password_confirmation: 'poorchoice'},
+          headers: @auth_headers
+        expect(response).to have_http_status(:ok)
+        expect(response).to have_notice_message
+        user = User.find_by_email('valid@url.com')
+        expect(user.views_nilm?(john_nilm)).to be true
+      end
+      it 'returns error if user cannot be created' do
+        #password does not match confirmation
+        @auth_headers = john.create_new_auth_token
+        put "/permissions/create_user.json",
+          params: {nilm_id: john_nilm.id,
+                   role: 'viewer',
+                   first_name: 'bill', last_name: 'will',
+                   email: 'valid@url.com', password: 'poorchoice',
+                   password_confirmation: 'error'},
+          headers: @auth_headers
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response).to have_error_message
+        user = User.find_by_email('valid@url.com')
+        expect(user).to be nil
+      end
+    end
+    context 'with anyone else' do
+      it 'returns unauthorized' do
+        #password does not match confirmation
+        @auth_headers = steve.create_new_auth_token
+        put "/permissions/create_user.json",
+          params: {nilm_id: john_nilm.id,
+                   role: 'viewer',
+                   first_name: 'bill', last_name: 'will',
+                   email: 'valid@url.com', password: 'poorchoice',
+                   password_confirmation: 'error'},
+          headers: @auth_headers
+        expect(response).to have_http_status(:unauthorized)
+        user = User.find_by_email('valid@url.com')
+        expect(user).to be nil
+      end
+    end
+    context 'without signin' do
+      it 'returns unauthorized' do
+        #password does not match confirmation
+        put "/permissions/create_user.json",
+          params: {nilm_id: john_nilm.id,
+                   role: 'viewer',
+                   first_name: 'bill', last_name: 'will',
+                   email: 'valid@url.com', password: 'poorchoice',
+                   password_confirmation: 'error'}
+        expect(response).to have_http_status(:unauthorized)
+        user = User.find_by_email('valid@url.com')
+        expect(user).to be nil
+      end
+    end
+  end
+
+
  describe 'DELETE #destroy' do
    # removes specified permission from nilm
    context 'with admin privileges' do