Merge pull request #671 from code-corps/670-task-skill-model-policies-endpoints

TaskSkill model, policies and endpoints

Author: begedin

lib/code_corps/helpers/policy.ex

@@ -6,7 +6,11 @@ defmodule CodeCorps.Helpers.Policy do
 
   import Ecto.Query
 
-  alias CodeCorps.{Organization, OrganizationMembership, Project, Repo, StripeConnectAccount, User}
+  alias CodeCorps.{
+    Organization, OrganizationMembership,
+    Project, Repo, StripeConnectAccount,
+    TaskSkill, Task, User, UserTask
+  }
   alias Ecto.Changeset
 
   @doc """
@@ -15,6 +19,7 @@ defmodule CodeCorps.Helpers.Policy do
 
   Returns `CodeCorps.OrganizationMembership`
   """
+  @spec get_membership(nil | Changeset.t | Project.t | Organization.t | StripeConnectAccount.t, User.t) :: nil | OrganizationMembership.t
   def get_membership(nil, %User{}), do: nil
   def get_membership(%Changeset{changes: %{organization_id: organization_id}}, %User{id: user_id}), do: do_get_membership(organization_id, user_id)
   def get_membership(%Project{organization_id: organization_id}, %User{id: user_id}), do: do_get_membership(organization_id, user_id)
@@ -31,6 +36,7 @@ defmodule CodeCorps.Helpers.Policy do
 
   Returns `CodeCorps.Project`
   """
+  @spec get_project(struct | Changeset.t | any) :: Project.t
   def get_project(%{project_id: project_id}), do: Project |> Repo.get(project_id)
   def get_project(%Changeset{changes: %{project_id: project_id}}), do: Project |> Repo.get(project_id)
   def get_project(_), do: nil
@@ -40,25 +46,45 @@ defmodule CodeCorps.Helpers.Policy do
 
   Returns `:string`
   """
+  @spec get_role(nil | OrganizationMembership.t | Changeset.t) :: String.t
   def get_role(nil), do: nil
   def get_role(%OrganizationMembership{role: role}), do: role
   def get_role(%Changeset{} = changeset), do: changeset |> Changeset.get_field(:role)
 
   @doc """
   Determines if provided string is equal to "owner"
   """
+  @spec owner?(String.t) :: boolean
   def owner?("owner"), do: true
   def owner?(_), do: false
 
   @doc """
   Determines if provided string is equal to one of `["admin", "owner"]`
   """
+  @spec admin_or_higher?(String.t) :: boolean
   def admin_or_higher?(role) when role in ["admin", "owner"], do: true
   def admin_or_higher?(_), do: false
 
   @doc """
   Determines if provided string is equal to one of `["contributor", "admin", "owner"]`
   """
+  @spec contributor_or_higher?(String.t) :: boolean
   def contributor_or_higher?(role) when role in ["contributor", "admin", "owner"], do: true
   def contributor_or_higher?(_), do: false
+
+  @doc """
+  Retrieves task from associated record
+  """
+  @spec get_task(Changeset.t | TaskSkill.t | UserTask.t) :: Task.t
+  def get_task(%TaskSkill{task_id: task_id}), do: Repo.get(Task, task_id)
+  def get_task(%UserTask{task_id: task_id}), do: Repo.get(Task, task_id)
+  def get_task(%Changeset{changes: %{task_id: task_id}}), do: Repo.get(Task, task_id)
+
+  @doc """
+  Determines if the provided task was authored by the provided user
+  """
+  @spec task_authored_by?(Task.t, User.t) :: boolean
+  def task_authored_by?(%Task{user_id: author_id}, %User{id: user_id}), do: user_id == author_id
+
+
 end

priv/repo/migrations/20170131234029_create_task_skill.exs

@@ -0,0 +1,16 @@
+defmodule CodeCorps.Repo.Migrations.CreateTaskSkill do
+  @moduledoc false
+
+  use Ecto.Migration
+
+  def change do
+    create table(:task_skills) do
+      add :skill_id, references(:skills), null: false
+      add :task_id, references(:tasks), null: false
+
+      timestamps()
+    end
+
+    create index :task_skills, [:task_id, :skill_id], unique: true
+  end
+end

test/controllers/task_skill_controller_test.exs

@@ -0,0 +1,101 @@
+defmodule CodeCorps.TaskSkillControllerTest do
+  @moduledoc false
+
+  use CodeCorps.ApiCase, resource_name: :task_skill
+
+  describe "index" do
+    test "lists all entries on index", %{conn: conn} do
+      [task_skill_1, task_skill_2] = insert_pair(:task_skill)
+
+      conn
+      |> request_index
+      |> json_response(200)
+      |> assert_ids_from_response([task_skill_1.id, task_skill_2.id])
+    end
+
+    test "filters resources on index", %{conn: conn} do
+      [task_skill_1, task_skill_2 | _] = insert_list(3, :task_skill)
+
+      path = "task-skills/?filter[id]=#{task_skill_1.id},#{task_skill_2.id}"
+
+      conn
+      |> get(path)
+      |> json_response(200)
+      |> assert_ids_from_response([task_skill_1.id, task_skill_2.id])
+    end
+  end
+
+  describe "show" do
+    test "shows chosen resource", %{conn: conn} do
+      skill = insert(:skill)
+      task = insert(:task)
+      task_skill = insert(:task_skill, task: task, skill: skill)
+
+      conn
+      |> request_show(task_skill)
+      |> json_response(200)
+      |> Map.get("data")
+      |> assert_result_id(task_skill.id)
+    end
+
+    test "renders 404 error when id is nonexistent", %{conn: conn} do
+      assert conn |> request_show(:not_found) |> json_response(404)
+    end
+  end
+
+  describe "create" do
+    @tag :authenticated
+    test "creates and renders resource when data is valid", %{conn: conn, current_user: current_user} do
+      task = insert(:task, user: current_user)
+      skill = insert(:skill)
+
+      attrs = %{task: task, skill: skill}
+      assert conn |> request_create(attrs) |> json_response(201)
+    end
+
+    @tag :authenticated
+    test "renders 422 error when data is invalid", %{conn: conn, current_user: current_user} do
+      task = insert(:task, user: current_user)
+
+      invalid_attrs = %{task: task, skill: nil}
+      assert conn |> request_create(invalid_attrs) |> json_response(422)
+    end
+
+    test "renders 401 when unauthenticated", %{conn: conn} do
+      assert conn |> request_create |> json_response(401)
+    end
+
+    @tag :authenticated
+    test "renders 403 when not authorized", %{conn: conn} do
+      task = insert(:task)
+      skill = insert(:skill)
+      attrs = %{task: task, skill: skill}
+
+      assert conn |> request_create(attrs) |> json_response(403)
+    end
+  end
+
+  describe "delete" do
+    @tag :authenticated
+    test "deletes chosen resource", %{conn: conn, current_user: current_user} do
+      task = insert(:task, user: current_user)
+      task_skill = insert(:task_skill, task: task)
+
+      assert conn |> request_delete(task_skill) |> response(204)
+    end
+
+    test "renders 401 when unauthenticated", %{conn: conn} do
+      assert conn |> request_delete |> json_response(401)
+    end
+
+    @tag :authenticated
+    test "renders 403 when not authorized", %{conn: conn} do
+      assert conn |> request_delete |> json_response(403)
+    end
+
+    @tag :authenticated
+    test "renders 404 when id is nonexistent on delete", %{conn: conn} do
+      assert conn |> request_delete(:not_found) |> json_response(404)
+    end
+  end
+end

test/models/task_skill_test.exs

@@ -0,0 +1,43 @@
+defmodule CodeCorps.TaskSkillTest do
+  @moduledoc false
+
+  use CodeCorps.ModelCase
+
+  alias CodeCorps.TaskSkill
+
+  describe "create_changeset/2" do
+    @required_attrs ~w(task_id skill_id)
+
+    test "requires #{@required_attrs}" do
+      changeset = TaskSkill.create_changeset(%TaskSkill{}, %{})
+
+      assert_validation_triggered(changeset, :task_id, :required)
+      assert_validation_triggered(changeset, :skill_id, :required)
+    end
+
+    test "ensures associated Task record exists" do
+      skill = insert(:skill)
+      changeset = TaskSkill.create_changeset(%TaskSkill{}, %{task_id: -1, skill_id: skill.id})
+
+      {:error, response_changeset} = Repo.insert(changeset)
+      assert_error_message(response_changeset, :task, "does not exist")
+    end
+
+    test "ensures associated Skill record exists" do
+      task = insert(:task)
+      changeset = TaskSkill.create_changeset(%TaskSkill{}, %{task_id: task.id, skill_id: -1})
+
+      {:error, response_changeset} = Repo.insert(changeset)
+      assert_error_message(response_changeset, :skill, "does not exist")
+    end
+
+    test "ensures uniqueness of Skill/Task combination" do
+      task_skill = insert(:task_skill)
+
+      changeset = TaskSkill.create_changeset(%TaskSkill{}, %{task_id: task_skill.task_id, skill_id: task_skill.skill_id})
+
+      {:error, response_changeset} = Repo.insert(changeset)
+      assert_error_message(response_changeset, :skill, "has already been taken")
+    end
+  end
+end

test/policies/task_skill_policy_test.exs

@@ -0,0 +1,131 @@
+defmodule CodeCorps.TaskSkillPolicyTest do
+  @moduledoc false
+
+  use CodeCorps.PolicyCase
+
+  import CodeCorps.TaskSkillPolicy, only: [create?: 2, delete?: 2]
+  import CodeCorps.TaskSkill, only: [create_changeset: 2]
+
+  alias CodeCorps.TaskSkill
+
+  defp generate_data_for(role) do
+    {user, project} = insert_user_and_project(role)
+
+    task = case role do
+      "author" -> insert(:task, project: project, user: user)
+      _ -> insert(:task, project: project)
+    end
+
+    {user, task}
+  end
+
+  defp insert_user_and_project(role) do
+    user = insert(:user)
+    organization = insert(:organization)
+    project = insert(:project, organization: organization)
+
+    insert_membership(user, organization, role)
+
+    {user, project}
+  end
+
+  defp insert_membership(_, _, role) when role in ~w(non-member author), do: nil
+  defp insert_membership(user, organization, role) do
+    insert(:organization_membership, organization: organization, member: user, role: role)
+  end
+
+  describe "create?" do
+    test "returns false when user is not member of organization" do
+      {user, task} = generate_data_for("non-member")
+
+      changeset = %TaskSkill{} |> create_changeset(%{task_id: task.id})
+      refute create?(user, changeset)
+    end
+
+    test "returns false when user is pending member of organization" do
+      {user, task} = generate_data_for("pending")
+
+      changeset = %TaskSkill{} |> create_changeset(%{task_id: task.id})
+      refute create?(user, changeset)
+    end
+
+    test "returns true when user is contributor of organization" do
+      {user, task} = generate_data_for("contributor")
+
+      changeset = %TaskSkill{} |> create_changeset(%{task_id: task.id})
+      assert create?(user, changeset)
+    end
+
+    test "returns true when user is admin of organization" do
+      {user, task} = generate_data_for("admin")
+
+      changeset = %TaskSkill{} |> create_changeset(%{task_id: task.id})
+      assert create?(user, changeset)
+    end
+
+    test "returns true when user is owner of organization" do
+      {user, task} = generate_data_for("owner")
+
+      changeset = %TaskSkill{} |> create_changeset(%{task_id: task.id})
+      assert create?(user, changeset)
+    end
+
+    test "returns true when user is author of task" do
+      {user, task} = generate_data_for("author")
+
+      changeset = %TaskSkill{} |> create_changeset(%{task_id: task.id})
+
+      assert create?(user, changeset)
+    end
+  end
+
+  describe "delete?" do
+    test "returns false when user is not member of organization" do
+      {user, task} = generate_data_for("non-member")
+
+      task_skill = insert(:task_skill, task: task)
+
+      refute delete?(user, task_skill)
+    end
+
+    test "returns false when user is pending member of organization" do
+      {user, task} = generate_data_for("pending")
+
+      task_skill = insert(:task_skill, task: task)
+
+      refute delete?(user, task_skill)
+    end
+
+    test "returns true when user is contributor of organization" do
+      {user, task} = generate_data_for("contributor")
+
+      task_skill = insert(:task_skill, task: task)
+
+      assert delete?(user, task_skill)
+    end
+
+    test "returns true when user is admin of organization" do
+      {user, task} = generate_data_for("admin")
+
+      task_skill = insert(:task_skill, task: task)
+
+      assert delete?(user, task_skill)
+    end
+
+    test "returns true when user is owner of organization" do
+      {user, task} = generate_data_for("owner")
+
+      task_skill = insert(:task_skill, task: task)
+
+      assert delete?(user, task_skill)
+    end
+
+    test "returns true when user is author of task" do
+      {user, task} = generate_data_for("author")
+
+      task_skill = insert(:task_skill, task: task)
+
+      assert delete?(user, task_skill)
+    end
+  end
+end

test/support/factories.ex

@@ -1,4 +1,6 @@
 defmodule CodeCorps.Factories do
+  @moduledoc false
+
   # with Ecto
   use ExMachina.Ecto, repo: CodeCorps.Repo
 
@@ -64,6 +66,13 @@ defmodule CodeCorps.Factories do
     }
   end
 
+  def task_skill_factory do
+    %CodeCorps.TaskSkill{
+      skill: build(:skill),
+      task: build(:task)
+    }
+  end
+
   def project_factory do
     %CodeCorps.Project{
       title: sequence(:title, &"Project #{&1}"),
@@ -94,6 +103,7 @@ defmodule CodeCorps.Factories do
     }
   end
 
+  @spec set_password(CodeCorps.User.t, String.t) :: CodeCorps.User.t
   def set_password(user, password) do
     hashed_password = Comeonin.Bcrypt.hashpwsalt(password)
     %{user | encrypted_password: hashed_password}