User role show API for WcaSearch

thewca · Apr 29, 2024 · ca50e54 · ca50e54
1 parent b0bed4b
commit ca50e54
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 3 deletions.
diff --git a/app/controllers/api/v0/user_roles_controller.rb b/app/controllers/api/v0/user_roles_controller.rb
@@ -36,11 +36,16 @@ class Api::V0::UserRolesController < Api::V0::ApiController
     sort(roles, sort_param, SORT_WEIGHT_LAMBDAS)
   end
 
+  # Filter role based on the permissions of the current user.
+  private def can_current_user_access(role)
+    group = UserRole.group(role)
+    !group.is_hidden || current_user&.has_permission?(:can_edit_groups, group.id)
+  end
+
   # Filters the list of roles based on the permissions of the current user.
   private def filter_roles_for_logged_in_user(roles)
     roles.select do |role|
-      group = UserRole.group(role)
-      !group.is_hidden || current_user&.has_permission?(:can_edit_groups, group.id)
+      can_current_user_access(role)
     end
   end
 
@@ -195,6 +200,13 @@ def index_for_group_type
     }
   end
 
+  def show
+    id = params.require(:id)
+    role = UserRole.find(id)
+    return render status: :unauthorized, json: { error: "Cannot access role" } unless can_current_user_access(role)
+    render json: role
+  end
+
   def create
     user_id = params.require(:userId)
     group_id = params[:groupId] || UserGroup.find_by(group_type: params.require(:groupType)).id

diff --git a/config/routes.rb b/config/routes.rb
@@ -390,7 +390,7 @@
         get '/group-type/:group_type' => 'user_roles#index_for_group_type', as: :index_for_group_type
         get '/search' => 'user_roles#search', as: :user_roles_search
       end
-      resources :user_roles, only: [:create, :update, :destroy]
+      resources :user_roles, only: [:show, :create, :update, :destroy]
       resources :user_groups, only: [:index, :create, :update]
       namespace :wrt do
         resources :persons, only: [:update, :destroy] do

diff --git a/spec/controllers/api/v0/user_roles_controller_spec.rb b/spec/controllers/api/v0/user_roles_controller_spec.rb
@@ -30,4 +30,23 @@
       end
     end
   end
+
+  describe 'GET #show' do
+    let!(:delegate_role) { FactoryBot.create(:delegate_role) }
+    let!(:probation_role) { FactoryBot.create(:probation_role) }
+
+    context 'when delegate role is requested' do
+      it 'returns the role' do
+        get :show, params: { id: delegate_role.id }
+        expect(response.body).to eq(delegate_role.to_json)
+      end
+    end
+
+    context 'when probation role is requested' do
+      it 'returns unauthorized error' do
+        get :show, params: { id: probation_role.id }
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
 end