Add ProjectUserController actions and tests

Author: begedin

lib/code_corps/analytics/segment_event_name_builder.ex

@@ -20,6 +20,12 @@ defmodule CodeCorps.Analytics.SegmentEventNameBuilder do
   defp get_event_name(:update, %CodeCorps.OrganizationMembership{}) do
     "Approved Organization Membership"
   end
+  defp get_event_name(:create, %CodeCorps.ProjectUser{}) do
+    "Requested Project Membership"
+  end
+  defp get_event_name(:update, %CodeCorps.ProjectUser{}) do
+    "Approved Project Membership"
+  end
   defp get_event_name(:payment_succeeded, %CodeCorps.StripeInvoice{}) do
     "Processed Subscription Payment"
   end

lib/code_corps/analytics/segment_tracking_support.ex

@@ -13,6 +13,8 @@ defmodule CodeCorps.Analytics.SegmentTrackingSupport do
   def includes?(:update, %CodeCorps.DonationGoal{}), do: true
   def includes?(:create, %CodeCorps.OrganizationMembership{}), do: true
   def includes?(:update, %CodeCorps.OrganizationMembership{}), do: true
+  def includes?(:create, %CodeCorps.ProjectUser{}), do: true
+  def includes?(:update, %CodeCorps.ProjectUser{}), do: true
   def includes?(:create, %CodeCorps.StripeConnectAccount{}), do: true
   def includes?(:create, %CodeCorps.StripeConnectCharge{}), do: true
   def includes?(:create, %CodeCorps.StripeConnectPlan{}), do: true

lib/code_corps/analytics/segment_traits_builder.ex

@@ -38,6 +38,14 @@ defmodule CodeCorps.Analytics.SegmentTraitsBuilder do
     }
   end
 
+  defp traits(record = %CodeCorps.ProjectUser{}) do
+    record = record |> CodeCorps.Repo.preload(:project)
+    %{
+      project: record.project.title,
+      project_id: record.project_id
+    }
+  end
+
   defp traits(charge = %CodeCorps.StripeConnectCharge{}) do
     # NOTE: this only works for some currencies
     revenue = charge.amount / 100

test/controllers/project_user_controller_test.exs

@@ -0,0 +1,136 @@
+defmodule CodeCorps.ProjectUserControllerTest do
+  use CodeCorps.ApiCase, resource_name: :project_user
+
+  @attrs %{role: "contributor"}
+
+  describe "index" do
+    test "lists all resources", %{conn: conn} do
+      [record_1, record_2] = insert_pair(:project_user)
+
+      conn
+      |> request_index
+      |> json_response(200)
+      |> assert_ids_from_response([record_1.id, record_2.id])
+    end
+
+    test "filters resources by record id", %{conn: conn} do
+      [record_1, record_2 | _] = insert_list(3, :project_user)
+
+      path = "project-users/?filter[id]=#{record_1.id},#{record_2.id}"
+
+      conn
+      |> get(path)
+      |> json_response(200)
+      |> assert_ids_from_response([record_1.id, record_2.id])
+    end
+  end
+
+  describe "show" do
+    test "shows chosen resource", %{conn: conn} do
+      record = insert(:project_user)
+      conn
+      |> request_show(record)
+      |> json_response(200)
+      |> Map.get("data")
+      |> assert_result_id(record.id)
+    end
+
+    test "renders 404 when id is nonexistent", %{conn: conn} do
+      assert conn |> request_show(:not_found) |> json_response(404)
+    end
+  end
+
+  describe "create" do
+    @tag :authenticated
+    test "creates and renders resource when data is valid", %{conn: conn, current_user: user} do
+      project = insert(:project)
+      attrs = @attrs |> Map.merge(%{project: project, user: user})
+
+      assert conn |> request_create(attrs) |> json_response(201)
+
+      user_id = user.id
+      tracking_properties = %{
+        project: project.title,
+        project_id: project.id
+      }
+
+      assert_received {:track, ^user_id, "Requested Project Membership", ^tracking_properties}
+    end
+
+    @tag :authenticated
+    test "does not create resource and renders 422 when data is invalid", %{conn: conn, current_user: user} do
+      # only way to trigger a validation error is to provide a non-existant organization
+      # anything else will fail on authorization level
+      project = build(:project)
+      attrs = @attrs |> Map.merge(%{project: project, user: user})
+      assert conn |> request_create(attrs) |> json_response(422)
+    end
+
+    test "does not create resource and renders 401 when not authenticated", %{conn: conn} do
+      assert conn |> request_create |> json_response(401)
+    end
+
+    @tag :authenticated
+    test "does not create resource and renders 403 when not authorized", %{conn: conn} do
+      assert conn |> request_create |> json_response(403)
+    end
+  end
+
+  describe "update" do
+    @tag :authenticated
+    test "updates and renders resource when data is valid", %{conn: conn, current_user: current_user} do
+      project = insert(:project)
+      record = insert(:project_user, project: project, role: "pending")
+      insert(:project_user, project: project, user: current_user, role: "owner")
+
+      assert conn |> request_update(record, @attrs) |> json_response(200)
+
+      user_id = current_user.id
+      tracking_properties = %{
+        project: project.title,
+        project_id: project.id
+      }
+
+      assert_received {:track, ^user_id, "Approved Project Membership", ^tracking_properties}
+    end
+
+    test "doesn't update and renders 401 when unauthenticated", %{conn: conn} do
+      assert conn |> request_update |> json_response(401)
+    end
+
+    @tag :authenticated
+    test "doesn't update and renders 403 when not authorized", %{conn: conn} do
+      assert conn |> request_update |> json_response(403)
+    end
+
+    @tag :authenticated
+    test "renders 404 when id is nonexistent on update", %{conn: conn} do
+      assert conn |> request_update(:not_found) |> json_response(404)
+    end
+  end
+
+  describe "delete" do
+    @tag :authenticated
+    test "deletes resource", %{conn: conn, current_user: current_user} do
+      project = insert(:project)
+      record = insert(:project_user, project: project)
+      insert(:project_user, project: project, user: current_user, role: "owner")
+
+      assert conn |> request_delete(record) |> response(204)
+    end
+
+    test "renders 401 when unauthenticated", %{conn: conn} do
+      assert conn |> request_delete |> json_response(401)
+    end
+
+    @tag :authenticated
+    test "renders 403 when not authorized", %{conn: conn} do
+      assert conn |> request_delete |> json_response(403)
+    end
+
+    @tag :authenticated
+    test "renders 404 when id is nonexistent on delete", %{conn: conn} do
+      assert conn |> request_delete(:not_found) |> json_response(404)
+    end
+  end
+end

test/lib/code_corps/analytics/segment_event_name_builder_test.exs

@@ -18,6 +18,11 @@ defmodule CodeCorps.Analytics.SegmentEventNameBuilderTest do
       assert SegmentEventNameBuilder.build(:update, build(:organization_membership)) == "Approved Organization Membership"
     end
 
+    test "with project_user" do
+      assert SegmentEventNameBuilder.build(:create, build(:project_user)) == "Requested Project Membership"
+      assert SegmentEventNameBuilder.build(:update, build(:project_user)) == "Approved Project Membership"
+    end
+
     test "with task" do
       assert SegmentEventNameBuilder.build(:create, build(:task)) == "Created Task"
       assert SegmentEventNameBuilder.build(:update, build(:task)) == "Edited Task"

test/models/project_user_test.exs

@@ -67,19 +67,19 @@ defmodule CodeCorps.ProjectUserTest do
     end
   end
 
-  describe "create_pending_changeset/2" do
+  describe "create_changeset/2" do
     @attributes ~w(project_id user_id role)
 
     test "casts #{@attributes}, with role cast to 'pending'" do
       attrs = %{foo: "bar", project_id: 1, user_id: 2}
-      changeset = ProjectUser.create_pending_changeset(%ProjectUser{}, attrs)
+      changeset = ProjectUser.create_changeset(%ProjectUser{}, attrs)
       assert changeset.changes == %{project_id: 1, user_id: 2, role: "pending"}
     end
 
     test "ensures user record exists" do
       project = insert(:project)
       attrs = %{project_id: project.id, user_id: -1}
-      changeset = ProjectUser.create_pending_changeset(%ProjectUser{}, attrs)
+      changeset = ProjectUser.create_changeset(%ProjectUser{}, attrs)
 
       {:error, invalid_changeset} = changeset |> Repo.insert
       refute invalid_changeset.valid?
@@ -90,7 +90,7 @@ defmodule CodeCorps.ProjectUserTest do
     test "ensures project record exists" do
       user = insert(:user)
       attrs = %{project_id: -1, user_id: user.id}
-      changeset = ProjectUser.create_pending_changeset(%ProjectUser{}, attrs)
+      changeset = ProjectUser.create_changeset(%ProjectUser{}, attrs)
 
       {:error, invalid_changeset} = changeset |> Repo.insert
       refute invalid_changeset.valid?

test/policies/project_user_policy_test.exs

@@ -2,21 +2,21 @@ defmodule CodeCorps.ProjectUserPolicyTest do
   use CodeCorps.PolicyCase
 
   import CodeCorps.ProjectUserPolicy, only: [create?: 2, update?: 2, delete?: 2]
-  import CodeCorps.ProjectUser, only: [create_pending_changeset: 2, update_changeset: 2]
+  import CodeCorps.ProjectUser, only: [create_changeset: 2, update_changeset: 2]
 
   alias CodeCorps.ProjectUser
 
   describe "create?/2" do
     test "returns true when user is creating their own membership" do
       user = insert(:user)
-      changeset = %ProjectUser{} |> create_pending_changeset(%{user_id: user.id})
+      changeset = %ProjectUser{} |> create_changeset(%{user_id: user.id})
 
       assert create?(user, changeset)
     end
 
     test "returns false for normal user, creating someone else's membership" do
       user = insert(:user)
-      changeset = %ProjectUser{} |> create_pending_changeset(%{user_id: "someone_else"})
+      changeset = %ProjectUser{} |> create_changeset(%{user_id: "someone_else"})
 
       refute create?(user, changeset)
     end

web/controllers/project_user_controller.ex

@@ -0,0 +1,30 @@
+defmodule CodeCorps.ProjectUserController do
+  use CodeCorps.Web, :controller
+  use JaResource
+
+  import CodeCorps.Helpers.Query, only: [id_filter: 2]
+
+  alias CodeCorps.ProjectUser
+
+  @preloads [:project, :user]
+
+  plug :load_resource, model: ProjectUser, only: [:show], preload: @preloads
+  plug :load_and_authorize_resource, model: ProjectUser, only: [:delete]
+  plug :load_and_authorize_changeset, model: ProjectUser, only: [:create, :update], preload: @preloads
+  plug JaResource
+
+  @spec filter(Plug.Conn.t, Ecto.Query.t, String.t, String.t) :: Ecto.Query.t
+  def filter(_conn, query, "id", id_list) do
+    query |> id_filter(id_list)
+  end
+
+  @spec handle_create(Plug.Conn.t, map) :: Ecto.Changeset.t
+  def handle_create(_conn, attributes) do
+    %ProjectUser{} |> ProjectUser.create_changeset(attributes)
+  end
+
+  @spec handle_update(Plug.Conn.t, ProjectUser.t, map) :: Ecto.Changeset.t
+  def handle_update(_conn, model, attributes) do
+    model |> ProjectUser.update_changeset(attributes)
+  end
+end

web/models/abilities.ex

@@ -8,6 +8,7 @@ defmodule Canary.Abilities do
   alias CodeCorps.Project
   alias CodeCorps.ProjectCategory
   alias CodeCorps.ProjectSkill
+  alias CodeCorps.ProjectUser
   alias CodeCorps.Role
   alias CodeCorps.RoleSkill
   alias CodeCorps.Skill
@@ -33,6 +34,7 @@ defmodule Canary.Abilities do
   alias CodeCorps.ProjectPolicy
   alias CodeCorps.ProjectCategoryPolicy
   alias CodeCorps.ProjectSkillPolicy
+  alias CodeCorps.ProjectUserPolicy
   alias CodeCorps.RolePolicy
   alias CodeCorps.RoleSkillPolicy
   alias CodeCorps.SkillPolicy
@@ -91,6 +93,10 @@ defmodule Canary.Abilities do
     def can?(%User{} = user, :create, %Changeset{data: %ProjectSkill{}} = changeset), do: ProjectSkillPolicy.create?(user, changeset)
     def can?(%User{} = user, :delete, %ProjectSkill{} = project_skill), do: ProjectSkillPolicy.delete?(user, project_skill)
 
+    def can?(%User{} = user, :create, %Changeset{data: %ProjectUser{}} = changeset), do: ProjectUserPolicy.create?(user, changeset)
+    def can?(%User{} = user, :update, %Changeset{data: %ProjectUser{}} = changeset), do: ProjectUserPolicy.update?(user, changeset)
+    def can?(%User{} = user, :delete, %ProjectUser{} = record), do: ProjectUserPolicy.delete?(user, record)
+
     def can?(%User{} = user, :create, Role), do: RolePolicy.create?(user)
 
     def can?(%User{} = user, :create, RoleSkill), do: RoleSkillPolicy.create?(user)

web/models/project_user.ex

@@ -20,9 +20,9 @@ defmodule CodeCorps.ProjectUser do
   @doc """
   Builds a changeset to create a pending membership
   """
-  def create_pending_changeset(struct, params \\ %{}) do
+  def create_changeset(struct, params \\ %{}) do
     struct
-    |> create_changeset(params)
+    |> changeset(params)
     |> put_change(:role, "pending")
   end
 
@@ -31,14 +31,12 @@ defmodule CodeCorps.ProjectUser do
   """
   def create_owner_changeset(struct, params \\ %{}) do
     struct
-    |> create_changeset(params)
+    |> changeset(params)
     |> put_change(:role, "owner")
   end
 
-  @doc """
-  Builds a changeset for inserting a new record into the database
-  """
-  defp create_changeset(struct, params \\ %{}) do
+  # Builds a base changeset for inserting a new record into the database
+  defp changeset(struct, params) do
     struct
     |> cast(params, [:user_id, :project_id])
     |> validate_required([:user_id, :project_id])