Add scope and index

joshsmith · joshsmith · commit 0ba3ab941c1e · 2017-12-14T20:44:59.000-08:00
diff --git a/lib/code_corps/messages/messages.ex b/lib/code_corps/messages/messages.ex
@@ -36,6 +36,14 @@ defmodule CodeCorps.Messages do
     |> Repo.all()
   end
 
+  @doc ~S"""
+  Lists pre-scoped `CodeCorps.ConversationPart` records filtered by parameters
+  """
+  @spec list_parts(Queryable.t, map) :: list(Conversation.t)
+  def list_parts(scope, %{} = _params) do
+    scope |> Repo.all()
+  end
+
   @doc ~S"""
   Gets a `CodeCorps.Conversation` record
   """
diff --git a/lib/code_corps/policy/conversation_part.ex b/lib/code_corps/policy/conversation_part.ex
@@ -8,8 +8,23 @@ defmodule CodeCorps.Policy.ConversationPart do
     only: [
       administered_by?: 2, get_conversation: 1, get_message: 1, get_project: 1
     ]
-
-  alias CodeCorps.{Conversation, ConversationPart, User}
+  import Ecto.Query
+
+  alias CodeCorps.{Conversation, ConversationPart, Policy, Repo, User}
+
+  @spec scope(Ecto.Queryable.t, User.t) :: Ecto.Queryable.t
+  def scope(queryable, %User{admin: true}), do: queryable
+  def scope(queryable, %User{id: id} = current_user) do
+    scoped_conversation_ids =
+      Conversation
+      |> Policy.Conversation.scope(current_user)
+      |> select([c], c.id)
+      |> Repo.all()
+
+    queryable
+    |> where(author_id: ^id)
+    |> or_where([cp], cp.conversation_id in ^scoped_conversation_ids)
+  end
 
   def create?(%User{} = user, %{"conversation_id" => _} = params) do
     authorize(user, params)
diff --git a/lib/code_corps/policy/policy.ex b/lib/code_corps/policy/policy.ex
@@ -61,6 +61,7 @@ defmodule CodeCorps.Policy do
   @spec scope(module, User.t) :: Ecto.Queryable.t
   def scope(Message, %User{} = current_user), do: Message |> Policy.Message.scope(current_user)
   def scope(Conversation, %User{} = current_user), do: Conversation |> Policy.Conversation.scope(current_user)
+  def scope(ConversationPart, %User{} = current_user), do: ConversationPart |> Policy.ConversationPart.scope(current_user)
 
   @spec can?(User.t, atom, struct, map) :: boolean
 
diff --git a/lib/code_corps_web/controllers/conversation_part_controller.ex b/lib/code_corps_web/controllers/conversation_part_controller.ex
@@ -12,6 +12,14 @@ defmodule CodeCorpsWeb.ConversationPartController do
   plug CodeCorpsWeb.Plug.DataToAttributes
   plug CodeCorpsWeb.Plug.IdsToIntegers
 
+  @spec index(Conn.t, map) :: Conn.t
+  def index(%Conn{} = conn, %{} = params) do
+    with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource,
+         conversation_parts <- ConversationPart |> Policy.scope(current_user) |> Messages.list_parts(params) do
+      conn |> render("index.json-api", data: conversation_parts)
+    end
+  end
+
   @spec create(Plug.Conn.t, map) :: Conn.t
   def create(%Conn{} = conn, %{} = params) do
     with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource,
diff --git a/lib/code_corps_web/router.ex b/lib/code_corps_web/router.ex
@@ -72,7 +72,7 @@ defmodule CodeCorpsWeb.Router do
     resources "/categories", CategoryController, only: [:create, :update]
     resources "/comments", CommentController, only: [:create, :update]
     resources "/conversations", ConversationController, only: [:index, :show]
-    resources "/conversation-parts", ConversationPartController, only: [:create, :show]
+    resources "/conversation-parts", ConversationPartController, only: [:index, :show, :create]
     resources "/donation-goals", DonationGoalController, only: [:create, :update, :delete]
     post "/oauth/github", UserController, :github_oauth
     resources "/github-app-installations", GithubAppInstallationController, only: [:create]
diff --git a/test/lib/code_corps/messages/messages_test.exs b/test/lib/code_corps/messages/messages_test.exs
@@ -283,6 +283,13 @@ defmodule CodeCorps.MessagesTest do
     end
   end
 
+  describe "list_parts/2" do
+    test "returns all records by default" do
+      insert_list(3, :conversation_part)
+      assert ConversationPart |> Messages.list_parts(%{}) |> Enum.count == 3
+    end
+  end
+
   describe "get_conversation/1" do
     test "gets a single conversation" do
       conversation = insert(:conversation)
diff --git a/test/lib/code_corps/policy/conversation_part_test.exs b/test/lib/code_corps/policy/conversation_part_test.exs
@@ -1,7 +1,9 @@
 defmodule CodeCorps.Policy.ConversationPartTest do
   use CodeCorps.PolicyCase
 
-  import CodeCorps.Policy.ConversationPart, only: [create?: 2, show?: 2]
+  import CodeCorps.Policy.ConversationPart, only: [create?: 2, scope: 2, show?: 2]
+
+  alias CodeCorps.{ConversationPart, Repo}
 
   defp params(user, conversation) do
     %{
@@ -11,6 +13,80 @@ defmodule CodeCorps.Policy.ConversationPartTest do
     }
   end
 
+  describe "scope" do
+    test "returns all records for admin user" do
+      insert_list(3, :conversation_part)
+      user = insert(:user, admin: true)
+
+      assert ConversationPart |> scope(user) |> Repo.all |> Enum.count == 3
+    end
+
+    test "returns records where user is the author or they administer the project" do
+      user = insert(:user, admin: false)
+
+      %{project: project_user_applied_to} =
+        insert(:project_user, user: user, role: "pending")
+
+      %{project: project_user_contributes_to} =
+        insert(:project_user, user: user, role: "contributor")
+
+      %{project: project_user_administers} =
+        insert(:project_user, user: user, role: "admin")
+
+      %{project: project_user_owns} =
+        insert(:project_user, user: user, role: "owner")
+
+      message_in_project_applied_to =
+        insert(:message, project: project_user_applied_to)
+
+      message_in_contributing_project =
+        insert(:message, project: project_user_contributes_to)
+
+      message_in_administered_project =
+        insert(:message, project: project_user_administers)
+
+      message_in_owned_project =
+        insert(:message, project: project_user_owns)
+
+      conversation_when_target = insert(:conversation, user: user)
+      conversation_when_pending =
+        insert(:conversation, message: message_in_project_applied_to)
+      conversation_when_contributor =
+        insert(:conversation, message: message_in_contributing_project)
+      conversation_when_admin =
+        insert(:conversation, message: message_in_administered_project)
+      conversation_when_owner =
+        insert(:conversation, message: message_in_owned_project)
+      some_other_conversation = insert(:conversation)
+
+      part_in_conversation_when_target =
+        insert(:conversation_part, conversation: conversation_when_target)
+      part_in_project_applied_to =
+        insert(:conversation_part, conversation: conversation_when_pending)
+      part_in_contributing_project =
+        insert(:conversation_part, conversation: conversation_when_contributor)
+      part_in_administered_project =
+        insert(:conversation_part, conversation: conversation_when_admin)
+      part_in_owned_project =
+        insert(:conversation_part, conversation: conversation_when_owner)
+      part_in_some_other_conversation =
+        insert(:conversation_part, conversation: some_other_conversation)
+
+      result_ids =
+        ConversationPart
+        |> scope(user)
+        |> Repo.all
+        |> Enum.map(&Map.get(&1, :id))
+
+      assert part_in_conversation_when_target.id in result_ids
+      refute part_in_project_applied_to.id in result_ids
+      refute part_in_contributing_project.id in result_ids
+      assert part_in_administered_project.id in result_ids
+      assert part_in_owned_project.id in result_ids
+      refute part_in_some_other_conversation.id in result_ids
+    end
+  end
+
   describe "create?" do
     test "returns true when user is the target" do
       user = insert(:user)
diff --git a/test/lib/code_corps_web/controllers/conversation_part_controller_test.exs b/test/lib/code_corps_web/controllers/conversation_part_controller_test.exs
@@ -9,33 +9,41 @@ defmodule CodeCorpsWeb.ConversationPartControllerTest do
     body: nil
   }
 
-  describe "create" do
+  describe "index" do
     @tag :authenticated
-    test "creates and renders resource when data is valid", %{conn: conn, current_user: user} do
-      conversation = insert(:conversation, user: user)
-      attrs = @valid_attrs |> Map.merge(%{author_id: user.id, conversation_id: conversation.id})
+    test "lists all entries user is authorized to view", %{conn: conn, current_user: user} do
+      %{project: project} = insert(:project_user, role: "admin", user: user)
+      message_on_user_administered_project = insert(:message, project: project)
 
-      assert conn |> request_create(attrs) |> json_response(201)
-    end
+      conversation_on_user_administered_project =
+        insert(:conversation, message: message_on_user_administered_project)
+      conversation_part_in_project =
+        insert(:conversation_part, conversation: conversation_on_user_administered_project)
 
-    @tag :authenticated
-    test "does not create resource and renders 422 when data is invalid", %{
-      conn: conn,
-      current_user: user
-    } do
-      conversation = insert(:conversation, user: user)
-      attrs = @invalid_attrs |> Map.merge(%{author_id: user.id, conversation_id: conversation.id})
+      conversation_by_user = insert(:conversation, user: user)
+      conversation_part_from_user =
+        insert(:conversation_part, conversation: conversation_by_user)
 
-      assert conn |> request_create(attrs) |> json_response(422)
-    end
+      other_conversation = insert(:conversation)
+      _other_part = insert(:conversation_part, conversation: other_conversation)
 
-    test "does not create resource and renders 401 when not authenticated", %{conn: conn} do
-      assert conn |> request_create |> json_response(401)
+      conn
+      |> request_index
+      |> json_response(200)
+      |> assert_ids_from_response([
+        conversation_part_in_project.id,
+        conversation_part_from_user.id
+      ])
     end
 
-    @tag :authenticated
-    test "renders 403 when not authorized", %{conn: conn} do
-      assert conn |> request_create |> json_response(403)
+    @tag authenticated: :admin
+    test "lists all entries if user is admin", %{conn: conn} do
+      [part_1, part_2] = insert_pair(:conversation_part)
+
+      conn
+      |> request_index
+      |> json_response(200)
+      |> assert_ids_from_response([part_1.id, part_2.id])
     end
   end
 
@@ -62,4 +70,34 @@ defmodule CodeCorpsWeb.ConversationPartControllerTest do
       assert conn |> request_show(conversation_part) |> json_response(403)
     end
   end
+
+  describe "create" do
+    @tag :authenticated
+    test "creates and renders resource when data is valid", %{conn: conn, current_user: user} do
+      conversation = insert(:conversation, user: user)
+      attrs = @valid_attrs |> Map.merge(%{author_id: user.id, conversation_id: conversation.id})
+
+      assert conn |> request_create(attrs) |> json_response(201)
+    end
+
+    @tag :authenticated
+    test "does not create resource and renders 422 when data is invalid", %{
+      conn: conn,
+      current_user: user
+    } do
+      conversation = insert(:conversation, user: user)
+      attrs = @invalid_attrs |> Map.merge(%{author_id: user.id, conversation_id: conversation.id})
+
+      assert conn |> request_create(attrs) |> json_response(422)
+    end
+
+    test "does not create resource and renders 401 when not authenticated", %{conn: conn} do
+      assert conn |> request_create |> json_response(401)
+    end
+
+    @tag :authenticated
+    test "renders 403 when not authorized", %{conn: conn} do
+      assert conn |> request_create |> json_response(403)
+    end
+  end
 end
