Skip to content

Commit

Permalink
Merge pull request #1068 from landongrindheim/remove-ja-resource-and-…
Browse files Browse the repository at this point in the history 
…canary

Removed ja_resource and canary from Donation Goal controller
Removed ja_resource and canary from project
Alphabetized clauses in policy.ex
  • Loading branch information
@begedin
begedin committed Oct 15, 2017
2 parents 13de440 + 76fc605 commit b9cd900
Show file tree
Hide file tree
Showing 9 changed files with 115 additions and 195 deletions.
7 changes: 0 additions & 7 deletions config/config.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,6 @@ config :guardian, Guardian,
secret_key: System.get_env("GUARDIAN_SECRET_KEY"),
serializer: CodeCorpsWeb.GuardianSerializer

config :canary, repo: CodeCorps.Repo
config :canary, unauthorized_handler: {CodeCorpsWeb.AuthenticationHelpers, :handle_unauthorized}
config :canary, not_found_handler: {CodeCorpsWeb.AuthenticationHelpers, :handle_not_found}

# Configures ex_aws with credentials
config :ex_aws, :code_corps,
access_key_id: [System.get_env("AWS_ACCESS_KEY_ID"), :instance_role],
Expand Down Expand Up @@ -86,9 +82,6 @@ config :sentry,
included_environments: ~w(prod staging)a,
use_error_logger: true

config :ja_resource,
repo: CodeCorps.Repo

# Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above.
import_config "#{Mix.env}.exs"
Expand Down
16 changes: 9 additions & 7 deletions lib/code_corps/policy/donation_goal.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,16 @@ defmodule CodeCorps.Policy.DonationGoal do
import CodeCorps.Policy.Helpers, only: [get_project: 1, owned_by?: 2]

alias CodeCorps.{DonationGoal, User}
alias Ecto.Changeset

def create?(%User{} = user, %Changeset{} = changeset),
do: changeset |> get_project |> owned_by?(user)
@spec create?(User.t, map) :: boolean
def create?(%User{} = user, %{} = params),
do: params |> get_project |> owned_by?(user)

def update?(%User{} = user, %DonationGoal{} = donation_goal), do:
donation_goal |> get_project |> owned_by?(user)
@spec update?(User.t, DonationGoal.t) :: boolean
def update?(%User{} = user, %DonationGoal{} = donation_goal),
do: donation_goal |> get_project |> owned_by?(user)

def delete?(%User{} = user, %DonationGoal{} = donation_goal), do:
donation_goal |> get_project |> owned_by?(user)
@spec delete?(User.t, DonationGoal.t) :: boolean
def delete?(%User{} = user, %DonationGoal{} = donation_goal),
do: donation_goal |> get_project |> owned_by?(user)
end
4 changes: 2 additions & 2 deletions lib/code_corps/policy/github_app_installation.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ defmodule CodeCorps.Policy.GithubAppInstallation do
"""
import CodeCorps.Policy.Helpers, only: [get_project: 1, owned_by?: 2]

alias CodeCorps.{GithubAppInstallation, User}
alias CodeCorps.User

@spec create?(User.t, map) :: boolean
def create?(%User{} = user, params), do: params |> get_project |> owned_by?(user)

end
84 changes: 34 additions & 50 deletions lib/code_corps/policy/policy.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ defmodule CodeCorps.Policy do
alias CodeCorps.{Category, Comment, DonationGoal, GithubAppInstallation, Organization, OrganizationInvite, OrganizationGithubAppInstallation, Preview, Project, ProjectCategory, ProjectGithubRepo, ProjectSkill, ProjectUser, Role, RoleSkill, Skill, StripeConnectAccount, StripeConnectPlan, StripeConnectSubscription, StripePlatformCard, StripePlatformCustomer, Task, TaskSkill, User, UserCategory, UserRole, UserSkill, UserTask}

alias CodeCorps.Policy
alias Ecto.Changeset

@doc ~S"""
Determines if the specified user can perform the specified action on the
Expand All @@ -28,36 +27,40 @@ defmodule CodeCorps.Policy do
defp can?(%User{} = current_user, :update, %Category{}, %{}), do: Policy.Category.update?(current_user)
defp can?(%User{} = current_user, :create, %Comment{}, %{} = params), do: Policy.Comment.create?(current_user, params)
defp can?(%User{} = current_user, :update, %Comment{} = comment, %{}), do: Policy.Comment.update?(current_user, comment)
defp can?(%User{} = current_user, :create, %DonationGoal{}, %{} = params), do: Policy.DonationGoal.create?(current_user, params)
defp can?(%User{} = current_user, :update, %DonationGoal{} = donation_goal, %{}), do: Policy.DonationGoal.update?(current_user, donation_goal)
defp can?(%User{} = current_user, :delete, %DonationGoal{} = donation_goal, %{}), do: Policy.DonationGoal.delete?(current_user, donation_goal)
defp can?(%User{} = current_user, :create, %GithubAppInstallation{}, %{} = params), do: Policy.GithubAppInstallation.create?(current_user, params)
defp can?(%User{} = current_user, :create, %Organization{}, %{}), do: Policy.Organization.create?(current_user)
defp can?(%User{} = current_user, :update, %Organization{} = organization, %{}), do: Policy.Organization.update?(current_user, organization)
defp can?(%User{} = current_user, :update, %User{} = user, %{}), do: Policy.User.update?(current_user, user)
defp can?(%User{} = current_user, :create, %Task{}, %{} = params), do: Policy.Task.create?(current_user, params)
defp can?(%User{} = current_user, :update, %Task{} = task, %{}), do: Policy.Task.update?(current_user, task)
defp can?(%User{} = current_user, :create, %UserTask{}, %{} = params), do: Policy.UserTask.create?(current_user, params)
defp can?(%User{} = current_user, :update, %UserTask{} = user_task, %{}), do: Policy.UserTask.update?(current_user, user_task)
defp can?(%User{} = current_user, :delete, %UserTask{} = user_task, %{}), do: Policy.UserTask.delete?(current_user, user_task)
defp can?(%User{} = current_user, :create, %Project{}, %{} = params), do: Policy.Project.create?(current_user, params)
defp can?(%User{} = current_user, :update, %Project{} = project, %{}), do: Policy.Project.update?(current_user, project)
defp can?(%User{} = current_user, :create, %ProjectSkill{}, %{} = params), do: Policy.ProjectSkill.create?(current_user, params)
defp can?(%User{} = current_user, :delete, %ProjectSkill{} = project_skill, %{}), do: Policy.ProjectSkill.delete?(current_user, project_skill)
defp can?(%User{} = current_user, :create, %ProjectUser{}, %{} = params), do: Policy.ProjectUser.create?(current_user, params)
defp can?(%User{} = current_user, :update, %ProjectUser{} = project_user, %{} = params), do: Policy.ProjectUser.update?(current_user, project_user, params)
defp can?(%User{} = current_user, :delete, %ProjectUser{} = project_user, %{}), do: Policy.ProjectUser.delete?(current_user, project_user)
defp can?(%User{} = current_user, :delete, %OrganizationGithubAppInstallation{} = organization_github_app_installation, %{}),
do: Policy.OrganizationGithubAppInstallation.delete?(current_user, organization_github_app_installation)
defp can?(%User{} = current_user, :create, %OrganizationGithubAppInstallation{}, %{} = params), do: Policy.OrganizationGithubAppInstallation.create?(current_user, params)
defp can?(%User{} = current_user, :create, %OrganizationInvite{}, %{}), do: Policy.OrganizationInvite.create?(current_user)
defp can?(%User{} = current_user, :update, %OrganizationInvite{} = _invite, %{}), do: Policy.OrganizationInvite.update?(current_user)
defp can?(%User{} = user, :delete,
%OrganizationGithubAppInstallation{} = organization_github_app_installation, %{}),
do: Policy.OrganizationGithubAppInstallation.delete?(user, organization_github_app_installation)
defp can?(%User{} = user, :create, %OrganizationGithubAppInstallation{}, %{} = params), do: Policy.OrganizationGithubAppInstallation.create?(user, params)
defp can?(%User{} = current_user, :update, %OrganizationInvite{}, %{}), do: Policy.OrganizationInvite.update?(current_user)
defp can?(%User{} = current_user, :create, %Preview{}, %{} = params), do: Policy.Preview.create?(current_user, params)
defp can?(%User{} = current_user, :create, %Project{}, %{} = params), do: Policy.Project.create?(current_user, params)
defp can?(%User{} = current_user, :update, %Project{} = project, %{}), do: Policy.Project.update?(current_user, project)
defp can?(%User{} = current_user, :create, %ProjectCategory{}, %{} = params), do: Policy.ProjectCategory.create?(current_user, params)
defp can?(%User{} = current_user, :delete, %ProjectCategory{} = project_category, %{}), do: Policy.ProjectCategory.delete?(current_user, project_category)
defp can?(%User{} = current_user, :create, %ProjectGithubRepo{}, %{} = params), do: Policy.ProjectGithubRepo.create?(current_user, params)
defp can?(%User{} = current_user, :delete, %ProjectGithubRepo{} = project_github_repo, %{}),
do: Policy.ProjectGithubRepo.delete?(current_user, project_github_repo)
defp can?(%User{} = current_user, :create, %ProjectSkill{}, %{} = params), do: Policy.ProjectSkill.create?(current_user, params)
defp can?(%User{} = current_user, :delete, %ProjectSkill{} = project_skill, %{}), do: Policy.ProjectSkill.delete?(current_user, project_skill)
defp can?(%User{} = current_user, :create, %ProjectUser{}, %{} = params), do: Policy.ProjectUser.create?(current_user, params)
defp can?(%User{} = current_user, :update, %ProjectUser{} = project_user, %{} = params), do: Policy.ProjectUser.update?(current_user, project_user, params)
defp can?(%User{} = current_user, :delete, %ProjectUser{} = project_user, %{}), do: Policy.ProjectUser.delete?(current_user, project_user)
defp can?(%User{} = current_user, :create, %Role{}, %{}), do: Policy.Role.create?(current_user)
defp can?(%User{} = current_user, :create, %RoleSkill{}, %{}), do: Policy.RoleSkill.create?(current_user)
defp can?(%User{} = current_user, :delete, %RoleSkill{}, %{}), do: Policy.RoleSkill.delete?(current_user)
defp can?(%User{} = current_user, :create, %Skill{}, %{}), do: Policy.Skill.create?(current_user)
defp can?(%User{} = current_user, :show, %StripeConnectAccount{} = stripe_connect_account, %{}),
do: Policy.StripeConnectAccount.show?(current_user, stripe_connect_account)
defp can?(%User{} = current_user, :create, %StripeConnectAccount{}, %{} = params),
do: Policy.StripeConnectAccount.create?(current_user, params)
defp can?(%User{} = current_user, :update, %StripeConnectAccount{} = stripe_connect_account, %{}),
do: Policy.StripeConnectAccount.update?(current_user, stripe_connect_account)
defp can?(%User{} = current_user, :show, %StripeConnectPlan{} = stripe_connect_plan, %{}),
do: Policy.StripeConnectPlan.show?(current_user, stripe_connect_plan)
defp can?(%User{} = current_user, :create, %StripeConnectPlan{}, %{} = params),
Expand All @@ -66,45 +69,26 @@ defmodule CodeCorps.Policy do
do: Policy.StripeConnectSubscription.show?(current_user, stripe_connect_subscription)
defp can?(%User{} = current_user, :create, %StripeConnectSubscription{}, %{} = params),
do: Policy.StripeConnectSubscription.create?(current_user, params)
defp can?(%User{} = current_user, :create, %Skill{}, %{}), do: Policy.Skill.create?(current_user)
defp can?(%User{} = current_user, :show, %StripePlatformCard{} = stripe_platform_card, %{}),
do: Policy.StripePlatformCard.show?(current_user, stripe_platform_card)
defp can?(%User{} = current_user, :create, %StripePlatformCard{}, %{} = params),
do: Policy.StripePlatformCard.create?(current_user, params)
defp can?(%User{} = current_user, :create, %StripePlatformCustomer{}, %{} = params),
do: Policy.StripePlatformCustomer.create?(current_user, params)
defp can?(%User{} = current_user, :show, %StripePlatformCustomer{} = stripe_platform_customer, %{}),
do: Policy.StripePlatformCustomer.show?(current_user, stripe_platform_customer)
defp can?(%User{} = current_user, :create, %Task{}, %{} = params), do: Policy.Task.create?(current_user, params)
defp can?(%User{} = current_user, :update, %Task{} = task, %{}), do: Policy.Task.update?(current_user, task)
defp can?(%User{} = current_user, :create, %TaskSkill{}, %{} = params), do: Policy.TaskSkill.create?(current_user, params)
defp can?(%User{} = current_user, :delete, %TaskSkill{} = task_skill, %{}), do: Policy.TaskSkill.delete?(current_user, task_skill)
defp can?(%User{} = current_user, :update, %User{} = user, %{}), do: Policy.User.update?(current_user, user)
defp can?(%User{} = current_user, :create, %UserCategory{} = user_category, %{}), do: Policy.UserCategory.create?(current_user, user_category)
defp can?(%User{} = current_user, :delete, %UserCategory{} = user_category, %{}), do: Policy.UserCategory.delete?(current_user, user_category)
defp can?(%User{} = current_user, :create, %UserSkill{}, %{} = params), do: Policy.UserSkill.create?(current_user, params)
defp can?(%User{} = current_user, :delete, %UserSkill{} = user_skill, %{}), do: Policy.UserSkill.delete?(current_user, user_skill)
defp can?(%User{} = current_user, :create, %UserRole{} = user_role, %{}), do: Policy.UserRole.create?(current_user, user_role)
defp can?(%User{} = current_user, :delete, %UserRole{} = user_role, %{}), do: Policy.UserRole.delete?(current_user, user_role)
defp can?(%User{} = user, :show, %StripeConnectAccount{} = stripe_connect_account, %{}), do: Policy.StripeConnectAccount.show?(user, stripe_connect_account)
defp can?(%User{} = user, :create, %StripeConnectAccount{}, %{} = params), do: Policy.StripeConnectAccount.create?(user, params)
defp can?(%User{} = user, :update, %StripeConnectAccount{} = stripe_connect_account, %{}), do: Policy.StripeConnectAccount.update?(user, stripe_connect_account)
defp can?(%User{} = current_user, :create, %StripePlatformCustomer{}, %{} = params),
do: Policy.StripePlatformCustomer.create?(current_user, params)
defp can?(%User{} = current_user, :show, %StripePlatformCustomer{} = stripe_platform_customer, %{}),
do: Policy.StripePlatformCustomer.show?(current_user, stripe_platform_customer)
defp can?(%User{} = user, :create, %GithubAppInstallation{}, %{} = params), do: Policy.GithubAppInstallation.create?(user, params)

defimpl Canada.Can, for: User do
# NOTE: Canary sets an :unauthorized and a :not_found handler on a config level
# The problem is, it will still go through the authorization process first and only call the
# not found handler after the unauthorized handler does its thing. This means that our
# unauthorized handler will halt the connection and respond, so the not_found handler
# will never do anything
#
# The only solution is to have a catch_all match for the resource being nil, which returns true

# NOTE: other tests are using the User policy for the time being.
def can?(%User{}, _action, nil), do: true

def can?(%User{} = user, :create, %Changeset{data: %DonationGoal{}} = changeset), do: Policy.DonationGoal.create?(user, changeset)
def can?(%User{} = user, :update, %DonationGoal{} = comment), do: Policy.DonationGoal.update?(user, comment)
def can?(%User{} = user, :delete, %DonationGoal{} = comment), do: Policy.DonationGoal.delete?(user, comment)


def can?(%User{} = user, :create, Role), do: Policy.Role.create?(user)
end
defp can?(%User{} = current_user, :create, %UserSkill{}, %{} = params), do: Policy.UserSkill.create?(current_user, params)
defp can?(%User{} = current_user, :delete, %UserSkill{} = user_skill, %{}), do: Policy.UserSkill.delete?(current_user, user_skill)
defp can?(%User{} = current_user, :create, %UserTask{}, %{} = params), do: Policy.UserTask.create?(current_user, params)
defp can?(%User{} = current_user, :update, %UserTask{} = user_task, %{}), do: Policy.UserTask.update?(current_user, user_task)
defp can?(%User{} = current_user, :delete, %UserTask{} = user_task, %{}), do: Policy.UserTask.delete?(current_user, user_task)
end
3 changes: 0 additions & 3 deletions lib/code_corps_web.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,6 @@ defmodule CodeCorpsWeb do
import CodeCorpsWeb.Router.Helpers
import CodeCorpsWeb.Gettext

import Canary.Plugs
import CodeCorpsWeb.AuthenticationHelpers, only: [load_and_authorize_changeset: 2]

alias CodeCorps.{Repo, Policy}
alias Plug.Conn
end
Expand Down
56 changes: 42 additions & 14 deletions lib/code_corps_web/controllers/donation_goal_controller.ex
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,54 @@
defmodule CodeCorpsWeb.DonationGoalController do
use CodeCorpsWeb, :controller
use JaResource

import CodeCorps.Helpers.Query, only: [id_filter: 2]

alias CodeCorps.DonationGoal
alias CodeCorps.Services.DonationGoalsService
alias CodeCorps.{DonationGoal, User, Helpers.Query}

plug :load_and_authorize_changeset, model: DonationGoal, only: [:create]
plug :load_and_authorize_resource, model: DonationGoal, only: [:update, :delete]
plug JaResource
action_fallback CodeCorpsWeb.FallbackController
plug CodeCorpsWeb.Plug.DataToAttributes
plug CodeCorpsWeb.Plug.IdsToIntegers

@spec model :: module
def model, do: CodeCorps.DonationGoal
@spec index(Conn.t, map) :: Conn.t
def index(%Conn{} = conn, %{} = params) do
with donation_goals <- DonationGoal |> Query.id_filter(params) |> Repo.all do
conn |> render("index.json-api", data: donation_goals)
end
end

def filter(_conn, query, "id", id_list), do: id_filter(query, id_list)
@spec show(Conn.t, map) :: Conn.t
def show(%Conn{} = conn, %{"id" => id}) do
with %DonationGoal{} = donation_goal <- DonationGoal |> Repo.get(id) do
conn |> render("show.json-api", data: donation_goal)
end
end

@spec create(Plug.Conn.t, map) :: Conn.t
def create(%Conn{} = conn, %{} = params) do
with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
{:ok, :authorized} <- current_user |> Policy.authorize(:create, %DonationGoal{}, params),
{:ok, %DonationGoal{} = donation_goal} <- DonationGoalsService.create(params) do
conn |> put_status(:created) |> render("show.json-api", data: donation_goal)
end
end

def handle_create(_conn, attributes) do
attributes |> DonationGoalsService.create
@spec delete(Conn.t, map) :: Conn.t
def delete(%Conn{} = conn, %{"id" => id} = _params) do
with %DonationGoal{} = donation_goal <- DonationGoal |> Repo.get(id),
%User{} = current_user <- conn |> Guardian.Plug.current_resource,
{:ok, :authorized} <- current_user |> Policy.authorize(:delete, donation_goal),
{:ok, %DonationGoal{} = _donation_goal} <- donation_goal |> Repo.delete
do
conn |> Conn.assign(:donation_goal, donation_goal) |> send_resp(:no_content, "")
end
end

def handle_update(_conn, record, attributes) do
record |> DonationGoalsService.update(attributes)
@spec update(Conn.t, map) :: Conn.t
def update(%Conn{} = conn, %{"id" => id} = params) do
with %DonationGoal{} = donation_goal <- DonationGoal |> Repo.get(id),
%User{} = current_user <- conn |> Guardian.Plug.current_resource,
{:ok, :authorized} <- current_user |> Policy.authorize(:update, donation_goal),
{:ok, %DonationGoal{} = updated_donation_goal} <- donation_goal |> DonationGoalsService.update(params) do
conn |> render("show.json-api", data: updated_donation_goal)
end
end
end
Loading

0 comments on commit b9cd900

Please sign in to comment.