Skip to content

Commit

Permalink
Merge pull request #886 from vishaldeepak/organization_controller_switch
Browse files Browse the repository at this point in the history 
Remove ja resource from organization controller
  • Loading branch information
@begedin
begedin committed Sep 4, 2017
2 parents 798690b + c73342a commit 6e7960e
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 16 deletions.
6 changes: 4 additions & 2 deletions lib/code_corps/policy/organization.ex
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
defmodule CodeCorps.Policy.Organization do
@moduledoc ~S"""
Authorization policies for performing actions on `Organization` records
"""
import CodeCorps.Policy.Helpers,
only: [owned_by?: 2]

alias CodeCorps.User
alias CodeCorps.Organization
alias CodeCorps.{Organization, User}

def create?(%User{admin: true}), do: true
def create?(%User{admin: false}), do: false
Expand Down
5 changes: 2 additions & 3 deletions lib/code_corps/policy/policy.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ defmodule CodeCorps.Policy do
defp can?(%User{} = user, :update, %Category{}, %{}), do: Policy.Category.update?(user)
defp can?(%User{} = user, :create, %Comment{}, %{} = params), do: Policy.Comment.create?(user, params)
defp can?(%User{} = user, :update, %Comment{} = comment, %{}), do: Policy.Comment.update?(user, comment)
defp can?(%User{} = user, :create, %Organization{}, %{}), do: Policy.Organization.create?(user)
defp can?(%User{} = user, :update, %Organization{} = organization, %{}), do: Policy.Organization.update?(user, organization)

defimpl Canada.Can, for: User do
# NOTE: Canary sets an :unauthorized and a :not_found handler on a config level
Expand All @@ -47,9 +49,6 @@ defmodule CodeCorps.Policy do

def can?(%User{} = user, :create, %Changeset{data: %GithubAppInstallation{}} = changeset), do: Policy.GithubAppInstallation.create?(user, changeset)

def can?(%User{} = user, :create, Organization), do: Policy.Organization.create?(user)
def can?(%User{} = user, :update, %Organization{} = organization), do: Policy.Organization.update?(user, organization)

def can?(%User{} = user, :create, OrganizationInvite), do: Policy.OrganizationInvite.create?(user)
def can?(%User{} = user, :update, %OrganizationInvite{}), do: Policy.OrganizationInvite.update?(user)

Expand Down
41 changes: 30 additions & 11 deletions lib/code_corps_web/controllers/organization_controller.ex
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,41 @@
defmodule CodeCorpsWeb.OrganizationController do
use CodeCorpsWeb, :controller
use JaResource

import CodeCorps.Helpers.Query, only: [id_filter: 2]
alias CodeCorps.{Helpers.Query, Organization, User}

alias CodeCorps.Organization
action_fallback CodeCorpsWeb.FallbackController
plug CodeCorpsWeb.Plug.DataToAttributes

plug :load_and_authorize_resource, model: Organization, only: [:create, :update]
plug JaResource
@spec index(Conn.t, map) :: Conn.t
def index(%Conn{} = conn, %{} = params) do
with organizations <- Organization |> Query.id_filter(params) |> Repo.all do
conn |> render("index.json-api", data: organizations)
end
end

@spec model :: module
def model, do: CodeCorps.Organization
@spec show(Conn.t, map) :: Conn.t
def show(%Conn{} = conn, %{"id" => id}) do
with %Organization{} = organization <- Organization |> Repo.get(id) do
conn |> render("show.json-api", data: organization)
end
end

def filter(_conn, query, "id", id_list) do
query |> id_filter(id_list)
@spec create(Plug.Conn.t, map) :: Conn.t
def create(%Conn{} = conn, %{} = params) do
with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
{:ok, :authorized} <- current_user |> Policy.authorize(:create, %Organization{}, params),
{:ok, %Organization{} = organization} <- %Organization{} |> Organization.create_changeset(params) |> Repo.insert do
conn |> put_status(:created) |> render("show.json-api", data: organization)
end
end

def handle_create(_conn, attributes) do
Organization.create_changeset(%Organization{}, attributes)
@spec update(Conn.t, map) :: Conn.t
def update(%Conn{} = conn, %{"id" => id} = params) do
with %Organization{} = organization <- Organization |> Repo.get(id),
%User{} = current_user <- conn |> Guardian.Plug.current_resource,
{:ok, :authorized} <- current_user |> Policy.authorize(:update, organization),
{:ok, %Organization{} = organization} <- organization |> Organization.changeset(params) |> Repo.update do
conn |> render("show.json-api", data: organization)
end
end
end
5 changes: 5 additions & 0 deletions test/lib/code_corps_web/controllers/organization_controller_test.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,5 +82,10 @@ defmodule CodeCorpsWeb.OrganizationControllerTest do
test "renders 403 when not authorized", %{conn: conn} do
assert conn |> request_update |> json_response(403)
end

@tag :authenticated
test "renders 404 when id is nonexistent", %{conn: conn} do
assert conn |> request_update(:not_found) |> json_response(404)
end
end
end

0 comments on commit 6e7960e

Please sign in to comment.