Skip to content

wattsworth / lumen-api

Go to a project
Commit 9d33dd1d by John Doe
Options

added end point for to create a user with permissions

parent 7a7621f9
Inline Side-by-side
Showing with 102 additions and 5 deletions
app/controllers/permissions_controller.rb
...@@ -30,6 +30,23 @@ class PermissionsController < ApplicationController ...@@ -30,6 +30,23 @@ class PermissionsController < ApplicationController
render status: @service.success? ? :ok : :unprocessable_entity render status: @service.success? ? :ok : :unprocessable_entity
end end
# PUT /permissions/create_user.json
def create_user
@service = StubService.new
user = User.new(user_params)
unless user.save
@service.errors = user.errors.full_messages
render 'helpers/empty_response', status: :unprocessable_entity
return
end
@service = CreatePermission.new
@service.run(@nilm, params[:role], 'user', user.id)
@permission = @service.permission
@service.add_notice('created user')
render :create, status: @service.success? ? :ok : :unprocessable_entity
end
private private
def set_nilm def set_nilm
...@@ -37,6 +54,11 @@ class PermissionsController < ApplicationController ...@@ -37,6 +54,11 @@ class PermissionsController < ApplicationController
head :not_found unless @nilm head :not_found unless @nilm
end end
def user_params
params.permit(:first_name, :last_name, :email,
:password, :password_confirmation)
end
# authorization based on nilms # authorization based on nilms
def authorize_admin def authorize_admin
head :unauthorized unless current_user.admins_nilm?(@nilm) head :unauthorized unless current_user.admins_nilm?(@nilm)
......
app/views/helpers/empty_response.json.jbuilder 0 → 100644
json.data do
#nothing
end
json.partial! "helpers/messages", service: @service
config/routes.rb
...@@ -19,5 +19,10 @@ Rails.application.routes.draw do ...@@ -19,5 +19,10 @@ Rails.application.routes.draw do
put 'remove_member' put 'remove_member'
end end
end end
resources :permissions, only: [:index, :create, :destroy] resources :permissions, only: [:index, :create, :destroy] do
collection do
put 'create_user'
put 'invite_user'
end
end
end end
spec/controllers/permissions_controller_spec.rb
require 'rails_helper' require 'rails_helper'
RSpec.describe PermissionsController, type: :request do RSpec.describe PermissionsController, type: :request do
let(:john) { create(:user, first_name: 'John') } let(:john) { create(:confirmed_user, first_name: 'John') }
let(:nicky) { create(:user, first_name: 'Nicky')} let(:nicky) { create(:confirmed_user, first_name: 'Nicky')}
let(:steve) { create(:user, first_name: 'Steve') } let(:steve) { create(:confirmed_user, first_name: 'Steve') }
let(:pete) { create(:user, first_name: 'Pete') } let(:pete) { create(:confirmed_user, first_name: 'Pete') }
let(:john_nilm) { create(:nilm, name: "John's NILM", let(:john_nilm) { create(:nilm, name: "John's NILM",
admins: [john], admins: [john],
owners: [nicky], owners: [nicky],
...@@ -102,6 +102,71 @@ RSpec.describe PermissionsController, type: :request do ...@@ -102,6 +102,71 @@ RSpec.describe PermissionsController, type: :request do
end end
end end
describe 'PUT #create_user' do
context 'with admin privileges' do
it 'creates user with specified permission' do
@auth_headers = john.create_new_auth_token
put "/permissions/create_user.json",
params: {nilm_id: john_nilm.id,
role: 'viewer',
first_name: 'bill', last_name: 'will',
email: 'valid@url.com', password: 'poorchoice',
password_confirmation: 'poorchoice'},
headers: @auth_headers
expect(response).to have_http_status(:ok)
expect(response).to have_notice_message
user = User.find_by_email('valid@url.com')
expect(user.views_nilm?(john_nilm)).to be true
end
it 'returns error if user cannot be created' do
#password does not match confirmation
@auth_headers = john.create_new_auth_token
put "/permissions/create_user.json",
params: {nilm_id: john_nilm.id,
role: 'viewer',
first_name: 'bill', last_name: 'will',
email: 'valid@url.com', password: 'poorchoice',
password_confirmation: 'error'},
headers: @auth_headers
expect(response).to have_http_status(:unprocessable_entity)
expect(response).to have_error_message
user = User.find_by_email('valid@url.com')
expect(user).to be nil
end
end
context 'with anyone else' do
it 'returns unauthorized' do
#password does not match confirmation
@auth_headers = steve.create_new_auth_token
put "/permissions/create_user.json",
params: {nilm_id: john_nilm.id,
role: 'viewer',
first_name: 'bill', last_name: 'will',
email: 'valid@url.com', password: 'poorchoice',
password_confirmation: 'error'},
headers: @auth_headers
expect(response).to have_http_status(:unauthorized)
user = User.find_by_email('valid@url.com')
expect(user).to be nil
end
end
context 'without signin' do
it 'returns unauthorized' do
#password does not match confirmation
put "/permissions/create_user.json",
params: {nilm_id: john_nilm.id,
role: 'viewer',
first_name: 'bill', last_name: 'will',
email: 'valid@url.com', password: 'poorchoice',
password_confirmation: 'error'}
expect(response).to have_http_status(:unauthorized)
user = User.find_by_email('valid@url.com')
expect(user).to be nil
end
end
end
describe 'DELETE #destroy' do describe 'DELETE #destroy' do
# removes specified permission from nilm # removes specified permission from nilm
context 'with admin privileges' do context 'with admin privileges' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment