Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove JaResource/Canary from StripePlatformCardController #1021

Merged
merged 2 commits into from
Oct 9, 2017
Merged

Remove JaResource/Canary from StripePlatformCardController #1021

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6312729
Remove JaResource/Canary from StripePlatformCardController
landongrindheim Oct 7, 2017
b49d4e5
Merge branch 'develop' into 908-remove-ja-resource-from-stripe-platfo…
begedin Oct 9, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions lib/code_corps/policy/policy.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,10 @@ defmodule CodeCorps.Policy do
defp can?(%User{} = current_user, :create, %StripeConnectPlan{}, %{} = params),
do: Policy.StripeConnectPlan.create?(current_user, params)
defp can?(%User{} = current_user, :create, %Skill{}, %{}), do: Policy.Skill.create?(current_user)
defp can?(%User{} = current_user, :show, %StripePlatformCard{} = stripe_platform_card, %{}),
do: Policy.StripePlatformCard.show?(current_user, stripe_platform_card)
defp can?(%User{} = current_user, :create, %StripePlatformCard{}, %{} = params),
do: Policy.StripePlatformCard.create?(current_user, params)
defp can?(%User{} = current_user, :create, %TaskSkill{}, %{} = params), do: Policy.TaskSkill.create?(current_user, params)
defp can?(%User{} = current_user, :delete, %TaskSkill{} = task_skill, %{}), do: Policy.TaskSkill.delete?(current_user, task_skill)
defp can?(%User{} = current_user, :create, %UserCategory{} = user_category, %{}), do: Policy.UserCategory.create?(current_user, user_category)
Expand Down Expand Up @@ -101,10 +105,6 @@ defmodule CodeCorps.Policy do
def can?(%User{} = user, :show, %StripeConnectSubscription{} = stripe_connect_subscription), do: Policy.StripeConnectSubscription.show?(user, stripe_connect_subscription)
def can?(%User{} = user, :create, %Changeset{ data: %StripeConnectSubscription{}} = changeset), do: Policy.StripeConnectSubscription.create?(user, changeset)

def can?(%User{} = user, :show, %StripePlatformCard{} = stripe_platform_card), do: Policy.StripePlatformCard.show?(user, stripe_platform_card)
def can?(%User{} = user, :create, %Changeset{ data: %StripePlatformCard{}} = changeset), do: Policy.StripePlatformCard.create?(user, changeset)
def can?(%User{} = user, :delete, %StripePlatformCard{} = stripe_platform_card), do: Policy.StripePlatformCard.delete?(user, stripe_platform_card)

def can?(%User{} = user, :create, %Changeset{data: %StripePlatformCustomer{}} = changeset), do: Policy.StripePlatformCustomer.create?(user, changeset)
def can?(%User{} = user, :show, %StripePlatformCustomer{} = stripe_platform_customer), do: Policy.StripePlatformCustomer.show?(user, stripe_platform_customer)

Expand Down
12 changes: 7 additions & 5 deletions lib/code_corps/policy/stripe_platform_card.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
defmodule CodeCorps.Policy.StripePlatformCard do
alias CodeCorps.StripePlatformCard
alias CodeCorps.User
alias Ecto.Changeset

def create?(user, card), do: user |> owns?(card)
def delete?(user, changeset), do: user |> owns?(changeset)
@spec create?(User.t, map) :: boolean
def create?(user, params), do: user |> owns?(params)

@spec show?(User.t, StripePlatformCard.t) :: boolean
def show?(user, card), do: user |> owns?(card)

defp owns?(%User{id: current_user_id}, %Changeset{changes: %{user_id: user_id}}) do
@spec owns?(User.t, StripePlatformCard.t | map) :: boolean
defp owns?(%User{id: current_user_id}, %StripePlatformCard{user_id: user_id}) do
current_user_id == user_id
end

defp owns?(%User{id: current_user_id}, %StripePlatformCard{user_id: user_id}) do
defp owns?(%User{id: current_user_id}, %{"user_id" => user_id}) do
current_user_id == user_id
end

Expand Down
29 changes: 19 additions & 10 deletions lib/code_corps_web/controllers/stripe_platform_card_controller.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,28 @@
defmodule CodeCorpsWeb.StripePlatformCardController do
use CodeCorpsWeb, :controller
use JaResource

alias CodeCorps.StripePlatformCard
alias CodeCorps.StripeService.StripePlatformCardService
alias CodeCorps.{StripePlatformCard, User}

plug :load_and_authorize_resource, model: StripePlatformCard, only: [:show], preload: [:user]
plug :load_and_authorize_changeset, model: StripePlatformCard, only: [:create]
action_fallback CodeCorpsWeb.FallbackController
plug CodeCorpsWeb.Plug.DataToAttributes
plug CodeCorpsWeb.Plug.IdsToIntegers

plug JaResource

@spec model :: module
def model, do: CodeCorps.StripePlatformCard
@spec show(Conn.t, map) :: Conn.t
def show(%Conn{} = conn, %{"id" => id} = params) do
with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
%StripePlatformCard{} = stripe_platform_card <- StripePlatformCard |> Repo.get(id),
{:ok, :authorized} <- current_user |> Policy.authorize(:show, stripe_platform_card, params) do
conn |> render("show.json-api", data: stripe_platform_card)
end
end

def handle_create(_conn, attributes) do
attributes |> StripePlatformCardService.create
@spec create(Plug.Conn.t, map) :: Conn.t
def create(%Conn{} = conn, %{} = params) do
with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
{:ok, :authorized} <- current_user |> Policy.authorize(:create, %StripePlatformCard{}, params),
{:ok, %StripePlatformCard{} = stripe_platform_card} <- StripePlatformCardService.create(params) do
conn |> put_status(:created) |> render("show.json-api", data: stripe_platform_card)
end
end
end
27 changes: 4 additions & 23 deletions test/lib/code_corps/policy/stripe_platform_card_test.exs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,40 +1,21 @@
defmodule CodeCorps.Policy.StripePlatformCardTest do
use CodeCorps.PolicyCase

import CodeCorps.Policy.StripePlatformCard, only: [create?: 2, delete?: 2, show?: 2]
import CodeCorps.StripePlatformCard, only: [create_changeset: 2]

alias CodeCorps.StripePlatformCard
import CodeCorps.Policy.StripePlatformCard, only: [create?: 2, show?: 2]

describe "create?" do
test "returns true if user is creating their own record" do
user = insert(:user)
changeset = %StripePlatformCard{} |> create_changeset(%{user_id: user.id})
stripe_platform_card = insert(:stripe_platform_card, user: user)

assert create?(user, changeset)
assert create?(user, stripe_platform_card)
end

test "returns false if user is creating someone else's record" do
user = build(:user)
changeset = %StripePlatformCard{} |> create_changeset(%{user_id: "someone-else"})

refute create?(user, changeset)
end
end

describe "delete?" do
test "returns true if user is deleting their own record" do
user = insert(:user)
stripe_platform_card = insert(:stripe_platform_card, user: user)

assert delete?(user, stripe_platform_card)
end

test "returns false if user is deleting someone else's record" do
user = insert(:user)
stripe_platform_card = insert(:stripe_platform_card)

refute delete?(user, stripe_platform_card)
refute create?(user, stripe_platform_card)
end
end

Expand Down