Merge pull request #1116 from code-corps/fix-issues-with-policies

Fixes create policies and refactors tests to be more explicit

Author: joshsmith

lib/code_corps/policy/policy.ex

@@ -23,71 +23,127 @@ defmodule CodeCorps.Policy do
   end
 
   @spec can?(User.t, atom, struct, map) :: boolean
+
+  # Category
   defp can?(%User{} = current_user, :create, %Category{}, %{}), do: Policy.Category.create?(current_user)
   defp can?(%User{} = current_user, :update, %Category{}, %{}), do: Policy.Category.update?(current_user)
+
+  # Comment
   defp can?(%User{} = current_user, :create, %Comment{}, %{} = params), do: Policy.Comment.create?(current_user, params)
   defp can?(%User{} = current_user, :update, %Comment{} = comment, %{}), do: Policy.Comment.update?(current_user, comment)
+
+  # DonationGoal
   defp can?(%User{} = current_user, :create, %DonationGoal{}, %{} = params), do: Policy.DonationGoal.create?(current_user, params)
   defp can?(%User{} = current_user, :update, %DonationGoal{} = donation_goal, %{}), do: Policy.DonationGoal.update?(current_user, donation_goal)
   defp can?(%User{} = current_user, :delete, %DonationGoal{} = donation_goal, %{}), do: Policy.DonationGoal.delete?(current_user, donation_goal)
+
+  # GithubAppInstallation
   defp can?(%User{} = current_user, :create, %GithubAppInstallation{}, %{} = params), do: Policy.GithubAppInstallation.create?(current_user, params)
+
+  # Organization
   defp can?(%User{} = current_user, :create, %Organization{}, %{}), do: Policy.Organization.create?(current_user)
   defp can?(%User{} = current_user, :update, %Organization{} = organization, %{}), do: Policy.Organization.update?(current_user, organization)
+
+  # OrganizationGithubAppInstallation
+  defp can?(%User{} = current_user, :create, %OrganizationGithubAppInstallation{}, %{} = params), do: Policy.OrganizationGithubAppInstallation.create?(current_user, params)
   defp can?(%User{} = current_user, :delete, %OrganizationGithubAppInstallation{} = organization_github_app_installation, %{}),
     do: Policy.OrganizationGithubAppInstallation.delete?(current_user, organization_github_app_installation)
-  defp can?(%User{} = current_user, :create, %OrganizationGithubAppInstallation{}, %{} = params), do: Policy.OrganizationGithubAppInstallation.create?(current_user, params)
+
+  # OrganizationInvite
   defp can?(%User{} = current_user, :create, %OrganizationInvite{}, %{}), do: Policy.OrganizationInvite.create?(current_user)
   defp can?(%User{} = current_user, :update, %OrganizationInvite{}, %{}), do: Policy.OrganizationInvite.update?(current_user)
+
+  # Preview
   defp can?(%User{} = current_user, :create, %Preview{}, %{} = params), do: Policy.Preview.create?(current_user, params)
+
+  # Project
   defp can?(%User{} = current_user, :create, %Project{}, %{} = params), do: Policy.Project.create?(current_user, params)
   defp can?(%User{} = current_user, :update, %Project{} = project, %{}), do: Policy.Project.update?(current_user, project)
+
+  # ProjectCategory
   defp can?(%User{} = current_user, :create, %ProjectCategory{}, %{} = params), do: Policy.ProjectCategory.create?(current_user, params)
   defp can?(%User{} = current_user, :delete, %ProjectCategory{} = project_category, %{}), do: Policy.ProjectCategory.delete?(current_user, project_category)
+
+  # ProjectGithubRepo
   defp can?(%User{} = current_user, :create, %ProjectGithubRepo{}, %{} = params), do: Policy.ProjectGithubRepo.create?(current_user, params)
   defp can?(%User{} = current_user, :delete, %ProjectGithubRepo{} = project_github_repo, %{}),
     do: Policy.ProjectGithubRepo.delete?(current_user, project_github_repo)
+
+  # ProjectSkill
   defp can?(%User{} = current_user, :create, %ProjectSkill{}, %{} = params), do: Policy.ProjectSkill.create?(current_user, params)
   defp can?(%User{} = current_user, :delete, %ProjectSkill{} = project_skill, %{}), do: Policy.ProjectSkill.delete?(current_user, project_skill)
+
+  # ProjectUser
   defp can?(%User{} = current_user, :create, %ProjectUser{}, %{} = params), do: Policy.ProjectUser.create?(current_user, params)
   defp can?(%User{} = current_user, :update, %ProjectUser{} = project_user, %{} = params), do: Policy.ProjectUser.update?(current_user, project_user, params)
   defp can?(%User{} = current_user, :delete, %ProjectUser{} = project_user, %{}), do: Policy.ProjectUser.delete?(current_user, project_user)
+
+  # Role
   defp can?(%User{} = current_user, :create, %Role{}, %{}), do: Policy.Role.create?(current_user)
+
+  # RoleSkill
   defp can?(%User{} = current_user, :create, %RoleSkill{}, %{}), do: Policy.RoleSkill.create?(current_user)
   defp can?(%User{} = current_user, :delete, %RoleSkill{}, %{}), do: Policy.RoleSkill.delete?(current_user)
+
+  # Skill
   defp can?(%User{} = current_user, :create, %Skill{}, %{}), do: Policy.Skill.create?(current_user)
+
+  # StripeConnectAccount
   defp can?(%User{} = current_user, :show, %StripeConnectAccount{} = stripe_connect_account, %{}),
     do: Policy.StripeConnectAccount.show?(current_user, stripe_connect_account)
   defp can?(%User{} = current_user, :create, %StripeConnectAccount{}, %{} = params),
     do: Policy.StripeConnectAccount.create?(current_user, params)
   defp can?(%User{} = current_user, :update, %StripeConnectAccount{} = stripe_connect_account, %{}),
     do: Policy.StripeConnectAccount.update?(current_user, stripe_connect_account)
+
+  # StripeConnectPlan
   defp can?(%User{} = current_user, :show, %StripeConnectPlan{} = stripe_connect_plan, %{}),
     do: Policy.StripeConnectPlan.show?(current_user, stripe_connect_plan)
   defp can?(%User{} = current_user, :create, %StripeConnectPlan{}, %{} = params),
     do: Policy.StripeConnectPlan.create?(current_user, params)
+
+  # StripeConnectSubscription
   defp can?(%User{} = current_user, :show, %StripeConnectSubscription{} = stripe_connect_subscription, %{}),
     do: Policy.StripeConnectSubscription.show?(current_user, stripe_connect_subscription)
   defp can?(%User{} = current_user, :create, %StripeConnectSubscription{}, %{} = params),
     do: Policy.StripeConnectSubscription.create?(current_user, params)
+
+  # StripePlatformCard
   defp can?(%User{} = current_user, :show, %StripePlatformCard{} = stripe_platform_card, %{}),
     do: Policy.StripePlatformCard.show?(current_user, stripe_platform_card)
   defp can?(%User{} = current_user, :create, %StripePlatformCard{}, %{} = params),
     do: Policy.StripePlatformCard.create?(current_user, params)
+
+  # StripePlatformCustomer
   defp can?(%User{} = current_user, :create, %StripePlatformCustomer{}, %{} = params),
     do: Policy.StripePlatformCustomer.create?(current_user, params)
   defp can?(%User{} = current_user, :show, %StripePlatformCustomer{} = stripe_platform_customer, %{}),
     do: Policy.StripePlatformCustomer.show?(current_user, stripe_platform_customer)
+
+  # Task
   defp can?(%User{} = current_user, :create, %Task{}, %{} = params), do: Policy.Task.create?(current_user, params)
   defp can?(%User{} = current_user, :update, %Task{} = task, %{}), do: Policy.Task.update?(current_user, task)
+
+  # TaskSkill
   defp can?(%User{} = current_user, :create, %TaskSkill{}, %{} = params), do: Policy.TaskSkill.create?(current_user, params)
   defp can?(%User{} = current_user, :delete, %TaskSkill{} = task_skill, %{}), do: Policy.TaskSkill.delete?(current_user, task_skill)
+
+  # User
   defp can?(%User{} = current_user, :update, %User{} = user, %{}), do: Policy.User.update?(current_user, user)
-  defp can?(%User{} = current_user, :create, %UserCategory{} = user_category, %{}), do: Policy.UserCategory.create?(current_user, user_category)
+
+  # UserCategory
+  defp can?(%User{} = current_user, :create, %UserCategory{}, %{} = params), do: Policy.UserCategory.create?(current_user, params)
   defp can?(%User{} = current_user, :delete, %UserCategory{} = user_category, %{}), do: Policy.UserCategory.delete?(current_user, user_category)
-  defp can?(%User{} = current_user, :create, %UserRole{} = user_role, %{}), do: Policy.UserRole.create?(current_user, user_role)
+
+  # UserRole
+  defp can?(%User{} = current_user, :create, %UserRole{}, %{} = params), do: Policy.UserRole.create?(current_user, params)
   defp can?(%User{} = current_user, :delete, %UserRole{} = user_role, %{}), do: Policy.UserRole.delete?(current_user, user_role)
+
+  # UserSkill
   defp can?(%User{} = current_user, :create, %UserSkill{}, %{} = params), do: Policy.UserSkill.create?(current_user, params)
   defp can?(%User{} = current_user, :delete, %UserSkill{} = user_skill, %{}), do: Policy.UserSkill.delete?(current_user, user_skill)
+
+  # UserTask
   defp can?(%User{} = current_user, :create, %UserTask{}, %{} = params), do: Policy.UserTask.create?(current_user, params)
   defp can?(%User{} = current_user, :update, %UserTask{} = user_task, %{}), do: Policy.UserTask.update?(current_user, user_task)
   defp can?(%User{} = current_user, :delete, %UserTask{} = user_task, %{}), do: Policy.UserTask.delete?(current_user, user_task)

priv/repo/structure.sql

@@ -2,7 +2,7 @@
 -- PostgreSQL database dump
 --
 
--- Dumped from database version 10.0
+-- Dumped from database version 9.5.9
 -- Dumped by pg_dump version 10.0
 
 SET statement_timeout = 0;

test/lib/code_corps_web/controllers/user_category_controller_test.exs

@@ -38,11 +38,10 @@ defmodule CodeCorpsWeb.UserCategoryControllerTest do
   end
 
   describe "create" do
-    @tag authenticated: :admin
+    @tag :authenticated
     test "creates and renders resource when data is valid", %{conn: conn, current_user: current_user} do
-      user = insert(:user)
       category = insert(:category)
-      attrs = (%{user: user, category: category})
+      attrs = (%{user: current_user, category: category})
       assert conn |> request_create(attrs) |> json_response(201)
 
       user_id = current_user.id
@@ -53,9 +52,11 @@ defmodule CodeCorpsWeb.UserCategoryControllerTest do
       assert_received {:track, ^user_id, "Added User Category", ^tracking_properties}
     end
 
-    @tag authenticated: :admin
-    test "renders 422 when data is invalid", %{conn: conn} do
-      assert conn |> request_create |> json_response(422)
+    @tag :authenticated
+    test "renders 422 when data is invalid", %{conn: conn, current_user: current_user} do
+      category = build(:category)
+      invalid_attrs = %{category: category, user: current_user}
+      assert conn |> request_create(invalid_attrs) |> json_response(422)
     end
 
     test "renders 401 when unauthenticated", %{conn: conn} do
@@ -64,7 +65,11 @@ defmodule CodeCorpsWeb.UserCategoryControllerTest do
 
     @tag :authenticated
     test "renders 403 when not authorized", %{conn: conn} do
-      assert conn |> request_create |> json_response(403)
+      category = insert(:category)
+      user = insert(:user)
+      attrs = %{category: category, user: user}
+
+      assert conn |> request_create(attrs) |> json_response(403)
     end
   end
 

test/lib/code_corps_web/controllers/user_role_controller_test.exs

@@ -38,11 +38,10 @@ defmodule CodeCorpsWeb.UserRoleControllerTest do
   end
 
   describe "create" do
-    @tag authenticated: :admin
+    @tag :authenticated
     test "creates and renders resource when data is valid", %{conn: conn, current_user: current_user} do
-      user = insert(:user)
       role = insert(:role)
-      attrs = (%{user: user, role: role})
+      attrs = (%{user: current_user, role: role})
       assert conn |> request_create(attrs) |> json_response(201)
 
       user_id = current_user.id
@@ -53,19 +52,24 @@ defmodule CodeCorpsWeb.UserRoleControllerTest do
       assert_received {:track, ^user_id, "Added User Role", ^tracking_properties}
     end
 
-    @tag authenticated: :admin
-    test "does not create resource and renders 422 when data is invalid", %{conn: conn} do
-      invalid_attrs = %{}
+    @tag :authenticated
+    test "renders 422 when data is invalid", %{conn: conn, current_user: current_user} do
+      role = build(:role)
+      invalid_attrs = %{role: role, user: current_user}
       assert conn |> request_create(invalid_attrs) |> json_response(422)
     end
 
-    test "does not create resource and renders 401 when unauthenticated", %{conn: conn} do
+    test "renders 401 when unauthenticated", %{conn: conn} do
       assert conn |> request_create |> json_response(401)
     end
 
     @tag :authenticated
-    test "does not create resource and renders 403 when not authorized", %{conn: conn} do
-      assert conn |> request_create |>  json_response(403)
+    test "renders 403 when not authorized", %{conn: conn} do
+      role = insert(:role)
+      user = insert(:user)
+      attrs = %{role: role, user: user}
+
+      assert conn |> request_create(attrs) |>  json_response(403)
     end
   end
 

test/lib/code_corps_web/controllers/user_skill_controller_test.exs

@@ -39,12 +39,11 @@ defmodule CodeCorpsWeb.UserSkillControllerTest do
   end
 
   describe "create" do
-    @tag authenticated: :admin
+    @tag :authenticated
     test "creates and renders resource when data is valid", %{conn: conn, current_user: current_user} do
-      user = insert(:user)
       skill = insert(:skill, title: "test-skill")
 
-      attrs = %{user: user, skill: skill}
+      attrs = %{user: current_user, skill: skill}
       assert conn |> request_create(attrs) |> json_response(201)
 
       user_id = current_user.id