added tests for permissions

app/controllers/permissions_controller.rb

@@ -8,15 +8,15 @@ class PermissionsController < ApplicationController
   # GET /permissions.json
   def index
     # return permissions for nilm specified by nilm_id
-    @permissions = Permission.find_by_nilm(@nilm)
+    @permissions = @nilm.permissions
   end
 
   # POST /permissions
   # POST /permissions.json
   def create
     # create permission for nilm specified by nilm_id
-    @service = PermissionService.new
-    @service.run(@nilm, params[:role], params[:type], params[:target_id])
+    @service = CreatePermission.new
+    @service.run(@nilm, params[:role], params[:target], params[:target_id])
     @permission = @service.permission
     render status: @service.success? ? :ok : :unprocessable_entity
   end
@@ -25,20 +25,21 @@ class PermissionsController < ApplicationController
   # DELETE /permissions/1.json
   def destroy
     # remove permission from nilm specified by nilm_id
-    @service = ServiceStub.new
-    @service.add_notice("Removed permission")
-    @nilm.permissions.find(params[:id]).destroy
+    @service = DestroyPermission.new
+    @service.run(@nilm, current_user, params[:id])
+    render status: @service.success? ? :ok : :unprocessable_entity
   end
 
   private
 
   def set_nilm
-    @nilm = Nilm.find(params[:nilm_id])
+    @nilm = Nilm.find_by_id(params[:nilm_id])
+    head :not_found unless @nilm
   end
 
   # authorization based on nilms
-  def authorize_owner
-    head :unauthorized  unless current_user.owns_nilm?(@nilm)
+  def authorize_admin
+    head :unauthorized  unless current_user.admins_nilm?(@nilm)
   end
 
 end

app/services/perimssion/create_permission.rb

+# frozen_string_literal: true
+
+# Handles changing DbStream attributes
+class CreatePermission
+  include ServiceStatus
+
+  def run(nilm, role, type, target_id)
+    # create [role] perimssion on [nilm] for
+    # the user or group specified
+    # [type]: user|group
+    # [target_id]: user_id or user_group_id value
+    #
+    @permission = Permission.create(nilm: nilm, role: role)
+    case type
+    when 'user'
+      if nilm.permissions.find_by_user_id(target_id)
+        add_error('user already has permissions on this nilm')
+        return self
+      end
+      @permission.user = User.find(target_id)
+    when 'group'
+      if nilm.permissions.find_by_user_groupe_id(target_id)
+        add_error('group already has permissions on this nilm')
+        return self
+      end
+      @permission.user_group = UserGroup.find(target_id)
+    else
+      add_error('invalid target_id')
+      return self
+    end
+    unless @permission.save
+      add_error(permission.errors.full_messages)
+      return self
+    end
+    set_notice('Created permission')
+    self
+  end
+end

app/services/permission/create_permission.rb

 # frozen_string_literal: true
 
-# Handles changing DbStream attributes
+# Handles permission creation
 class CreatePermission
   include ServiceStatus
   attr_reader :permission

app/services/permission/destroy_permission.rb

+# frozen_string_literal: true
+
+# Handles permission removal
+class DestroyPermission
+  include ServiceStatus
+
+  def run(nilm, requester, id)
+    # remove permission [id] from nilm
+    # do not allow [requester] to remove his permission
+    @permission = nilm.permissions.find_by_id(id)
+    if @permission.nil?
+      add_error 'invalid permission id'
+      return self
+    elsif(@permission.user == requester)
+      add_error 'cannot remove your own permission'
+      return self
+    else
+      @permission.destroy
+      add_notice 'removed permission'
+      return self
+    end
+  end
+end

app/views/permissions/create.json.jbuilder

+json.data do
+  json.extract! @permission, *Permission.json_keys
+  json.name @permission.target_name
+end
+
+json.partial! "helpers/messages", service: @service

app/views/permissions/destroy.json.jbuilder

+json.partial! "helpers/messages", service: @service

app/views/permissions/index.json.jbuilder

-json.array! @permissions, partial: 'permissions/permission', as: :permission
\ No newline at end of file
+json.array!(@permissions) do |permission|
+  json.extract! permission, *Permission.json_keys
+  json.name permission.target_name
+end

app/views/permissions/show.json.jbuilder

-json.partial! "permissions/permission", permission: @permission
\ No newline at end of file

spec/controllers/permissions_controller_spec.rb

 require 'rails_helper'
 
-# This spec was generated by rspec-rails when you ran the scaffold generator.
-# It demonstrates how one might use RSpec to specify the controller code that
-# was generated by Rails when you ran the scaffold generator.
-#
-# It assumes that the implementation code is generated by the rails scaffold
-# generator.  If you are using any extension libraries to generate different
-# controller code, this generated spec may or may not pass.
-#
-# It only uses APIs available in rails and/or rspec-rails.  There are a number
-# of tools you can use to make these specs even more expressive, but we're
-# sticking to rails and rspec-rails APIs to keep things simple and stable.
-#
-# Compared to earlier versions of this generator, there is very limited use of
-# stubs and message expectations in this spec.  Stubs are only used when there
-# is no simpler way to get a handle on the object needed for the example.
-# Message expectations are only used when there is no simpler way to specify
-# that an instance is receiving a specific message.
-
-RSpec.describe PermissionsController, type: :controller, broken: true do
-
-  # This should return the minimal set of attributes required to create a valid
-  # Permission. As you add validations to Permission, be sure to
-  # adjust the attributes here as well.
-  let(:valid_attributes) {
-    skip("Add a hash of attributes valid for your model")
-  }
-
-  let(:invalid_attributes) {
-    skip("Add a hash of attributes invalid for your model")
-  }
-
-  # This should return the minimal set of values that should be in the session
-  # in order to pass any filters (e.g. authentication) defined in
-  # PermissionsController. Be sure to keep this updated too.
-  let(:valid_session) { {} }
-
-  describe "GET #index" do
-    it "assigns all permissions as @permissions" do
-      permission = Permission.create! valid_attributes
-      get :index, params: {}, session: valid_session
-      expect(assigns(:permissions)).to eq([permission])
-    end
-  end
-
-  describe "GET #show" do
-    it "assigns the requested permission as @permission" do
-      permission = Permission.create! valid_attributes
-      get :show, params: {id: permission.to_param}, session: valid_session
-      expect(assigns(:permission)).to eq(permission)
-    end
-  end
-
-  describe "GET #new" do
-    it "assigns a new permission as @permission" do
-      get :new, params: {}, session: valid_session
-      expect(assigns(:permission)).to be_a_new(Permission)
-    end
-  end
-
-  describe "GET #edit" do
-    it "assigns the requested permission as @permission" do
-      permission = Permission.create! valid_attributes
-      get :edit, params: {id: permission.to_param}, session: valid_session
-      expect(assigns(:permission)).to eq(permission)
-    end
-  end
-
-  describe "POST #create" do
-    context "with valid params" do
-      it "creates a new Permission" do
-        expect {
-          post :create, params: {permission: valid_attributes}, session: valid_session
-        }.to change(Permission, :count).by(1)
-      end
-
-      it "assigns a newly created permission as @permission" do
-        post :create, params: {permission: valid_attributes}, session: valid_session
-        expect(assigns(:permission)).to be_a(Permission)
-        expect(assigns(:permission)).to be_persisted
-      end
-
-      it "redirects to the created permission" do
-        post :create, params: {permission: valid_attributes}, session: valid_session
-        expect(response).to redirect_to(Permission.last)
+RSpec.describe PermissionsController, type: :request do
+  let(:john) { create(:user, first_name: 'John') }
+  let(:nicky) { create(:user, first_name: 'Nicky')}
+  let(:steve) { create(:user, first_name: 'Steve') }
+  let(:pete) { create(:user, first_name: 'Pete') }
+  let(:john_nilm) { create(:nilm, name: "John's NILM",
+                                  admins: [john],
+                                  owners: [nicky],
+                                  viewers: [steve]) }
+
+  describe 'GET #index' do
+    # list permissions by nilm
+    context 'with admin privileges' do
+      it 'returns nilm permissions' do
+        @auth_headers = john.create_new_auth_token
+        get "/permissions.json",
+          params: {nilm_id: john_nilm.id},
+          headers: @auth_headers
+        expect(response).to have_http_status(:ok)
+        expect(response.header['Content-Type']).to include('application/json')
+        permissions = JSON.parse(response.body)
+        expect(permissions.count).to eq(3)
+      end
+    end
+    context 'without admin privileges' do
+      it 'returns unauthorized' do
+        [nicky,steve].each do |user|
+          @auth_headers = user.create_new_auth_token
+          get "/permissions.json",
+              params: {nilm_id: john_nilm.id},
+              headers: @auth_headers
+              expect(response).to have_http_status(:unauthorized)
+        end
+      end
+      it 'returns not found on bad nilm id' do
+        # nilm 99 does not exist
+        @auth_headers = steve.create_new_auth_token
+        get "/permissions.json",
+            params: {nilm_id: 99},
+            headers: @auth_headers
+            expect(response).to have_http_status(:not_found)
+      end
+    end
+    context 'without sign-in' do
+      it 'returns unauthorized' do
+        #  no headers: nobody is signed in, deny all
+        get "/permissions.json"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+
+  describe 'POST #create' do
+    # add permissions to specified nilm
+    context 'with admin privileges' do
+      it 'adds new permission' do
+        @auth_headers = john.create_new_auth_token
+        post "/permissions.json",
+          params: {nilm_id: john_nilm.id,
+                   role: 'viewer',
+                   target: 'user',
+                   target_id: pete.id},
+          headers: @auth_headers
+        expect(response).to have_http_status(:ok)
+        expect(response.header['Content-Type']).to include('application/json')
+        expect(response).to have_notice_message
+        expect(pete.views_nilm?(john_nilm)).to be true
+      end
+      it 'returns errors on invalid request' do
+        # steve already has permissions on this nilm
+        @auth_headers = john.create_new_auth_token
+        post "/permissions.json",
+          params: {nilm_id: john_nilm.id,
+                   role: 'owner',
+                   target: 'user',
+                   target_id: steve.id},
+          headers: @auth_headers
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response.header['Content-Type']).to include('application/json')
+        expect(response).to have_error_message
+      end
+    end
+    context 'without admin privileges' do
+      it 'returns unauthorized' do
+        [nicky,steve].each do |user|
+          @auth_headers = user.create_new_auth_token
+          post "/permissions.json",
+              params: {nilm_id: john_nilm.id},
+              headers: @auth_headers
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+    end
+    context 'without sign-in' do
+      it 'returns unauthorized' do
+        #  no headers: nobody is signed in, deny all
+        post "/permissions.json"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+
+  describe 'DELETE #destroy' do
+    # removes specified permission from nilm
+    context 'with admin privileges' do
+      it 'removes permission' do
+        p = Permission.where(nilm: john_nilm, user: steve).first
+        expect(steve.views_nilm?(john_nilm)).to be true
+        @auth_headers = john.create_new_auth_token
+        delete "/permissions/#{p.id}.json",
+          params: {nilm_id: john_nilm.id},
+          headers: @auth_headers
+        expect(response).to have_http_status(:ok)
+        expect(response.header['Content-Type']).to include('application/json')
+        expect(response).to have_notice_message
+        expect(steve.views_nilm?(john_nilm)).to be false
+      end
+      it 'returns error on invalid request' do
+        # cannot remove your own permission
+        p = Permission.where(nilm: john_nilm, user: john).first
+        @auth_headers = john.create_new_auth_token
+        delete "/permissions/#{p.id}.json",
+          params: {nilm_id: john_nilm.id},
+          headers: @auth_headers
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response.header['Content-Type']).to include('application/json')
+        expect(response).to have_error_message
+        expect(john.admins_nilm?(john_nilm)).to be true
+      end
+    end
+    context 'without admin privileges' do
+      it 'returns unauthorized' do
+        [nicky,steve].each do |user|
+          @auth_headers = user.create_new_auth_token
+          delete "/permissions/99.json",
+              params: {nilm_id: john_nilm.id},
+              headers: @auth_headers
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
     end
+    context 'without sign-in' do
+      it 'returns unauthorized' do
+        #  no headers: nobody is signed in, deny all
+        delete "/permissions/99.json"
+        expect(response).to have_http_status(:unauthorized)
       end
-
-    context "with invalid params" do
-      it "assigns a newly created but unsaved permission as @permission" do
-        post :create, params: {permission: invalid_attributes}, session: valid_session
-        expect(assigns(:permission)).to be_a_new(Permission)
-      end
-
-      it "re-renders the 'new' template" do
-        post :create, params: {permission: invalid_attributes}, session: valid_session
-        expect(response).to render_template("new")
     end
-    end
-  end
-
-  describe "PUT #update" do
-    context "with valid params" do
-      let(:new_attributes) {
-        skip("Add a hash of attributes valid for your model")
-      }
 
-      it "updates the requested permission" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: new_attributes}, session: valid_session
-        permission.reload
-        skip("Add assertions for updated state")
-      end
-
-      it "assigns the requested permission as @permission" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: valid_attributes}, session: valid_session
-        expect(assigns(:permission)).to eq(permission)
-      end
-
-      it "redirects to the permission" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: valid_attributes}, session: valid_session
-        expect(response).to redirect_to(permission)
-      end
   end
 
-    context "with invalid params" do
-      it "assigns the permission as @permission" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: invalid_attributes}, session: valid_session
-        expect(assigns(:permission)).to eq(permission)
-      end
-
-      it "re-renders the 'edit' template" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: invalid_attributes}, session: valid_session
-        expect(response).to render_template("edit")
-      end
-    end
-  end
-
-  describe "DELETE #destroy" do
-    it "destroys the requested permission" do
-      permission = Permission.create! valid_attributes
-      expect {
-        delete :destroy, params: {id: permission.to_param}, session: valid_session
-      }.to change(Permission, :count).by(-1)
-    end
-
-    it "redirects to the permissions list" do
-      permission = Permission.create! valid_attributes
-      delete :destroy, params: {id: permission.to_param}, session: valid_session
-      expect(response).to redirect_to(permissions_url)
-    end
-  end
 
 end

spec/services/permission/destroy_permission_spec.rb

+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'DestroyPermission service' do
+
+  let(:requester){ create(:user)}
+  let(:viewer){ create(:user)}
+  let(:group){ create(:user_group)}
+  let(:nilm){ create(:nilm,
+                     admins:[requester],
+                     viewers:[viewer, group])}
+
+  it 'removes specified user permission from nilm' do
+    expect(viewer.views_nilm?(nilm)).to be true
+    service = DestroyPermission.new
+    p = nilm.permissions.where(user: viewer).first
+    service.run(nilm,requester,p.id)
+    expect(service.success?).to be true
+    expect(viewer.views_nilm?(nilm)).to be false
+  end
+  it 'removes specified group permission from nilm' do
+    expect(group.permissions).to be_empty
+    service = DestroyPermission.new
+    p = nilm.permissions.where(user_group: group).first
+    service.run(nilm,requester,p.id)
+    expect(service.success?).to be true
+    expect(group.permissions).to be_empty
+  end
+  it 'returns error if permission is not on nilm' do
+    nilm2 = create(:nilm, admins: [viewer])
+    p2 = nilm2.permissions.first
+    service = DestroyPermission.new
+    service.run(nilm,requester,p2.id)
+    expect(service.success?).to be false
+    expect(Permission.find(p2.id)).to be_present
+  end
+  it 'does not allow requester to delete himself' do
+    service = DestroyPermission.new
+    p = nilm.permissions.where(user: requester).first
+    service.run(nilm,requester,p.id)
+    expect(service.success?).to be false
+    expect(requester.admins_nilm?(nilm)).to be true
+  end
+end