Skip to content

Commit

Permalink
Remove JaResource/Canary from StripePlatformCardController (#1021)
Browse files Browse the repository at this point in the history
  • Loading branch information
@landongrindheim @begedin
landongrindheim authored and begedin committed Oct 9, 2017
1 parent b1adc19 commit 2cb10dd
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 42 deletions.
8 changes: 4 additions & 4 deletions lib/code_corps/policy/policy.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,10 @@ defmodule CodeCorps.Policy do
defp can?(%User{} = current_user, :create, %StripeConnectPlan{}, %{} = params),
do: Policy.StripeConnectPlan.create?(current_user, params)
defp can?(%User{} = current_user, :create, %Skill{}, %{}), do: Policy.Skill.create?(current_user)
defp can?(%User{} = current_user, :show, %StripePlatformCard{} = stripe_platform_card, %{}),
do: Policy.StripePlatformCard.show?(current_user, stripe_platform_card)
defp can?(%User{} = current_user, :create, %StripePlatformCard{}, %{} = params),
do: Policy.StripePlatformCard.create?(current_user, params)
defp can?(%User{} = current_user, :create, %TaskSkill{}, %{} = params), do: Policy.TaskSkill.create?(current_user, params)
defp can?(%User{} = current_user, :delete, %TaskSkill{} = task_skill, %{}), do: Policy.TaskSkill.delete?(current_user, task_skill)
defp can?(%User{} = current_user, :create, %UserCategory{} = user_category, %{}), do: Policy.UserCategory.create?(current_user, user_category)
Expand Down Expand Up @@ -101,10 +105,6 @@ defmodule CodeCorps.Policy do
def can?(%User{} = user, :show, %StripeConnectSubscription{} = stripe_connect_subscription), do: Policy.StripeConnectSubscription.show?(user, stripe_connect_subscription)
def can?(%User{} = user, :create, %Changeset{ data: %StripeConnectSubscription{}} = changeset), do: Policy.StripeConnectSubscription.create?(user, changeset)

def can?(%User{} = user, :show, %StripePlatformCard{} = stripe_platform_card), do: Policy.StripePlatformCard.show?(user, stripe_platform_card)
def can?(%User{} = user, :create, %Changeset{ data: %StripePlatformCard{}} = changeset), do: Policy.StripePlatformCard.create?(user, changeset)
def can?(%User{} = user, :delete, %StripePlatformCard{} = stripe_platform_card), do: Policy.StripePlatformCard.delete?(user, stripe_platform_card)

def can?(%User{} = user, :create, %Changeset{data: %StripePlatformCustomer{}} = changeset), do: Policy.StripePlatformCustomer.create?(user, changeset)
def can?(%User{} = user, :show, %StripePlatformCustomer{} = stripe_platform_customer), do: Policy.StripePlatformCustomer.show?(user, stripe_platform_customer)

Expand Down
12 changes: 7 additions & 5 deletions lib/code_corps/policy/stripe_platform_card.ex
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
defmodule CodeCorps.Policy.StripePlatformCard do
alias CodeCorps.StripePlatformCard
alias CodeCorps.User
alias Ecto.Changeset

def create?(user, card), do: user |> owns?(card)
def delete?(user, changeset), do: user |> owns?(changeset)
@spec create?(User.t, map) :: boolean
def create?(user, params), do: user |> owns?(params)

@spec show?(User.t, StripePlatformCard.t) :: boolean
def show?(user, card), do: user |> owns?(card)

defp owns?(%User{id: current_user_id}, %Changeset{changes: %{user_id: user_id}}) do
@spec owns?(User.t, StripePlatformCard.t | map) :: boolean
defp owns?(%User{id: current_user_id}, %StripePlatformCard{user_id: user_id}) do
current_user_id == user_id
end

defp owns?(%User{id: current_user_id}, %StripePlatformCard{user_id: user_id}) do
defp owns?(%User{id: current_user_id}, %{"user_id" => user_id}) do
current_user_id == user_id
end

Expand Down
29 changes: 19 additions & 10 deletions lib/code_corps_web/controllers/stripe_platform_card_controller.ex
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,28 @@
defmodule CodeCorpsWeb.StripePlatformCardController do
use CodeCorpsWeb, :controller
use JaResource

alias CodeCorps.StripePlatformCard
alias CodeCorps.StripeService.StripePlatformCardService
alias CodeCorps.{StripePlatformCard, User}

plug :load_and_authorize_resource, model: StripePlatformCard, only: [:show], preload: [:user]
plug :load_and_authorize_changeset, model: StripePlatformCard, only: [:create]
action_fallback CodeCorpsWeb.FallbackController
plug CodeCorpsWeb.Plug.DataToAttributes
plug CodeCorpsWeb.Plug.IdsToIntegers

plug JaResource

@spec model :: module
def model, do: CodeCorps.StripePlatformCard
@spec show(Conn.t, map) :: Conn.t
def show(%Conn{} = conn, %{"id" => id} = params) do
with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
%StripePlatformCard{} = stripe_platform_card <- StripePlatformCard |> Repo.get(id),
{:ok, :authorized} <- current_user |> Policy.authorize(:show, stripe_platform_card, params) do
conn |> render("show.json-api", data: stripe_platform_card)
end
end

def handle_create(_conn, attributes) do
attributes |> StripePlatformCardService.create
@spec create(Plug.Conn.t, map) :: Conn.t
def create(%Conn{} = conn, %{} = params) do
with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
{:ok, :authorized} <- current_user |> Policy.authorize(:create, %StripePlatformCard{}, params),
{:ok, %StripePlatformCard{} = stripe_platform_card} <- StripePlatformCardService.create(params) do
conn |> put_status(:created) |> render("show.json-api", data: stripe_platform_card)
end
end
end
27 changes: 4 additions & 23 deletions test/lib/code_corps/policy/stripe_platform_card_test.exs
View file
Original file line number Diff line number Diff line change
@@ -1,40 +1,21 @@
defmodule CodeCorps.Policy.StripePlatformCardTest do
use CodeCorps.PolicyCase

import CodeCorps.Policy.StripePlatformCard, only: [create?: 2, delete?: 2, show?: 2]
import CodeCorps.StripePlatformCard, only: [create_changeset: 2]

alias CodeCorps.StripePlatformCard
import CodeCorps.Policy.StripePlatformCard, only: [create?: 2, show?: 2]

describe "create?" do
test "returns true if user is creating their own record" do
user = insert(:user)
changeset = %StripePlatformCard{} |> create_changeset(%{user_id: user.id})
stripe_platform_card = insert(:stripe_platform_card, user: user)

assert create?(user, changeset)
assert create?(user, stripe_platform_card)
end

test "returns false if user is creating someone else's record" do
user = build(:user)
changeset = %StripePlatformCard{} |> create_changeset(%{user_id: "someone-else"})

refute create?(user, changeset)
end
end

describe "delete?" do
test "returns true if user is deleting their own record" do
user = insert(:user)
stripe_platform_card = insert(:stripe_platform_card, user: user)

assert delete?(user, stripe_platform_card)
end

test "returns false if user is deleting someone else's record" do
user = insert(:user)
stripe_platform_card = insert(:stripe_platform_card)

refute delete?(user, stripe_platform_card)
refute create?(user, stripe_platform_card)
end
end

Expand Down

0 comments on commit 2cb10dd

Please sign in to comment.