added tests for permissions

app/controllers/permissions_controller.rb

@@ -8,15 +8,15 @@ class PermissionsController < ApplicationController
   # GET /permissions.json
   def index
     # return permissions for nilm specified by nilm_id
-    @permissions = Permission.find_by_nilm(@nilm)
+    @permissions = @nilm.permissions
   end
 
   # POST /permissions
   # POST /permissions.json
   def create
     # create permission for nilm specified by nilm_id
-    @service = PermissionService.new
-    @service.run(@nilm, params[:role], params[:type], params[:target_id])
+    @service = CreatePermission.new
+    @service.run(@nilm, params[:role], params[:target], params[:target_id])
     @permission = @service.permission
     render status: @service.success? ? :ok : :unprocessable_entity
   end
@@ -25,20 +25,21 @@ class PermissionsController < ApplicationController
   # DELETE /permissions/1.json
   def destroy
     # remove permission from nilm specified by nilm_id
-    @service = ServiceStub.new
-    @service.add_notice("Removed permission")
-    @nilm.permissions.find(params[:id]).destroy
+    @service = DestroyPermission.new
+    @service.run(@nilm, current_user, params[:id])
+    render status: @service.success? ? :ok : :unprocessable_entity
   end
 
   private
 
   def set_nilm
-    @nilm = Nilm.find(params[:nilm_id])
+    @nilm = Nilm.find_by_id(params[:nilm_id])
+    head :not_found unless @nilm
   end
 
   # authorization based on nilms
-  def authorize_owner
-    head :unauthorized  unless current_user.owns_nilm?(@nilm)
+  def authorize_admin
+    head :unauthorized  unless current_user.admins_nilm?(@nilm)
   end
 
 end

app/services/perimssion/create_permission.rb

+# frozen_string_literal: true
+
+# Handles changing DbStream attributes
+class CreatePermission
+  include ServiceStatus
+
+  def run(nilm, role, type, target_id)
+    # create [role] perimssion on [nilm] for
+    # the user or group specified
+    # [type]: user|group
+    # [target_id]: user_id or user_group_id value
+    #
+    @permission = Permission.create(nilm: nilm, role: role)
+    case type
+    when 'user'
+      if nilm.permissions.find_by_user_id(target_id)
+        add_error('user already has permissions on this nilm')
+        return self
+      end
+      @permission.user = User.find(target_id)
+    when 'group'
+      if nilm.permissions.find_by_user_groupe_id(target_id)
+        add_error('group already has permissions on this nilm')
+        return self
+      end
+      @permission.user_group = UserGroup.find(target_id)
+    else
+      add_error('invalid target_id')
+      return self
+    end
+    unless @permission.save
+      add_error(permission.errors.full_messages)
+      return self
+    end
+    set_notice('Created permission')
+    self
+  end
+end

app/services/permission/create_permission.rb

 # frozen_string_literal: true
 
-# Handles changing DbStream attributes
+# Handles permission creation
 class CreatePermission
   include ServiceStatus
   attr_reader :permission

app/services/permission/destroy_permission.rb

+# frozen_string_literal: true
+
+# Handles permission removal
+class DestroyPermission
+  include ServiceStatus
+
+  def run(nilm, requester, id)
+    # remove permission [id] from nilm
+    # do not allow [requester] to remove his permission
+    @permission = nilm.permissions.find_by_id(id)
+    if @permission.nil?
+      add_error 'invalid permission id'
+      return self
+    elsif(@permission.user == requester)
+      add_error 'cannot remove your own permission'
+      return self
+    else
+      @permission.destroy
+      add_notice 'removed permission'
+      return self
+    end
+  end
+end

app/views/permissions/create.json.jbuilder

+json.data do
+  json.extract! @permission, *Permission.json_keys
+  json.name @permission.target_name
+end
+
+json.partial! "helpers/messages", service: @service

app/views/permissions/destroy.json.jbuilder

+json.partial! "helpers/messages", service: @service

app/views/permissions/index.json.jbuilder

-json.array! @permissions, partial: 'permissions/permission', as: :permission
\ No newline at end of file
+json.array!(@permissions) do |permission|
+  json.extract! permission, *Permission.json_keys
+  json.name permission.target_name
+end

app/views/permissions/show.json.jbuilder

-json.partial! "permissions/permission", permission: @permission
\ No newline at end of file

spec/services/permission/destroy_permission_spec.rb

+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'DestroyPermission service' do
+
+  let(:requester){ create(:user)}
+  let(:viewer){ create(:user)}
+  let(:group){ create(:user_group)}
+  let(:nilm){ create(:nilm,
+                     admins:[requester],
+                     viewers:[viewer, group])}
+
+  it 'removes specified user permission from nilm' do
+    expect(viewer.views_nilm?(nilm)).to be true
+    service = DestroyPermission.new
+    p = nilm.permissions.where(user: viewer).first
+    service.run(nilm,requester,p.id)
+    expect(service.success?).to be true
+    expect(viewer.views_nilm?(nilm)).to be false
+  end
+  it 'removes specified group permission from nilm' do
+    expect(group.permissions).to be_empty
+    service = DestroyPermission.new
+    p = nilm.permissions.where(user_group: group).first
+    service.run(nilm,requester,p.id)
+    expect(service.success?).to be true
+    expect(group.permissions).to be_empty
+  end
+  it 'returns error if permission is not on nilm' do
+    nilm2 = create(:nilm, admins: [viewer])
+    p2 = nilm2.permissions.first
+    service = DestroyPermission.new
+    service.run(nilm,requester,p2.id)
+    expect(service.success?).to be false
+    expect(Permission.find(p2.id)).to be_present
+  end
+  it 'does not allow requester to delete himself' do
+    service = DestroyPermission.new
+    p = nilm.permissions.where(user: requester).first
+    service.run(nilm,requester,p.id)
+    expect(service.success?).to be false
+    expect(requester.admins_nilm?(nilm)).to be true
+  end
+end