feat: Add Platform APIs (#1456)

2021-01-14 20:35:22 +05:30
parent 75c2a7cb2f
commit 7542330d61
25 changed files with 688 additions and 20 deletions
--- a/spec/controllers/platform/api/v1/account_users_controller_spec.rb
+++ b/spec/controllers/platform/api/v1/account_users_controller_spec.rb
@@ -0,0 +1,93 @@
+require 'rails_helper'
+
+RSpec.describe 'Platform Account Users API', type: :request do
+  let!(:account) { create(:account) }
+
+  describe 'GET /platform/api/v1/accounts/{account_id}/account_users' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        get "/platform/api/v1/accounts/#{account.id}/account_users"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+      let!(:account_user) { create(:account_user, account: account) }
+
+      it 'returns all the account users for the account' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: account)
+
+        get "/platform/api/v1/accounts/#{account.id}/account_users",
+            headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(response.body).to include(account_user.id.to_s)
+      end
+    end
+  end
+
+  describe 'POST /platform/api/v1/accounts/{account_id}/account_users' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        post "/platform/api/v1/accounts/#{account.id}/account_users"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'creates a new account user for the account' do
+        user = create(:user)
+        create(:platform_app_permissible, platform_app: platform_app, permissible: account)
+
+        post "/platform/api/v1/accounts/#{account.id}/account_users",
+             params: { user_id: user.id, role: 'administrator' },
+             headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        data = JSON.parse(response.body)
+        expect(data['user_id']).to eq(user.id)
+      end
+
+      it 'updates the new account user for the account' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: account)
+        account_user = create(:account_user, account: account, role: 'agent')
+
+        post "/platform/api/v1/accounts/#{account.id}/account_users",
+             params: { user_id: account_user.user_id, role: 'administrator' },
+             headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        data = JSON.parse(response.body)
+        expect(data['role']).to eq('administrator')
+      end
+    end
+  end
+
+  describe 'DELETE /platform/api/v1/accounts/{account_id}/account_users' do
+    let(:account_user) { create(:account_user, account: account, role: 'agent') }
+
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        delete "/platform/api/v1/accounts/#{account.id}/account_users", params: { user_id: account_user.user_id }
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'returns deletes the account user' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: account)
+
+        delete "/platform/api/v1/accounts/#{account.id}/account_users", params: { user_id: account_user.user_id },
+                                                                        headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(account.account_users.count).to eq 0
+      end
+    end
+  end
+end
--- a/spec/controllers/platform/api/v1/accounts_controller_spec.rb
+++ b/spec/controllers/platform/api/v1/accounts_controller_spec.rb
@@ -0,0 +1,107 @@
+require 'rails_helper'
+
+RSpec.describe 'Platform Accounts API', type: :request do
+  let!(:account) { create(:account) }
+
+  describe 'POST /platform/api/v1/accounts' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        post '/platform/api/v1/accounts'
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        post '/platform/api/v1/accounts', params: { name: 'Test Account' },
+                                          headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'creates an account when and its permissible relationship' do
+        post '/platform/api/v1/accounts', params: { name: 'Test Account' },
+                                          headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(response.body).to include('Test Account')
+        expect(platform_app.platform_app_permissibles.first.permissible.name).to eq('Test Account')
+      end
+    end
+  end
+
+  describe 'GET /platform/api/v1/accounts/{account_id}' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        get "/platform/api/v1/accounts/#{account.id}"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        get "/platform/api/v1/accounts/#{account.id}", headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'returns unauthorized when its not a permissible object' do
+        get "/platform/api/v1/accounts/#{account.id}", headers: { api_access_token: platform_app.access_token.token }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'shows an account when its permissible object' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: account)
+
+        get "/platform/api/v1/accounts/#{account.id}",
+            headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(response.body).to include(account.name)
+      end
+    end
+  end
+
+  describe 'PATCH /platform/api/v1/accounts/{account_id}' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        patch "/platform/api/v1/accounts/#{account.id}"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        patch "/platform/api/v1/accounts/#{account.id}", params: { name: 'Test Account' },
+                                                         headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'returns unauthorized when its not a permissible object' do
+        patch "/platform/api/v1/accounts/#{account.id}", params: { name: 'Test Account' },
+                                                         headers: { api_access_token: platform_app.access_token.token }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'updates an account when its permissible object' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: account)
+
+        patch "/platform/api/v1/accounts/#{account.id}", params: { name: 'Test Account' },
+                                                         headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(account.reload.name).to eq('Test Account')
+      end
+    end
+  end
+end
--- a/spec/controllers/platform/api/v1/users_controller_spec.rb
+++ b/spec/controllers/platform/api/v1/users_controller_spec.rb
@@ -0,0 +1,154 @@
+require 'rails_helper'
+
+RSpec.describe 'Platform Users API', type: :request do
+  let!(:user) { create(:user) }
+
+  describe 'GET /platform/api/v1/users/{user_id}' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        get "/platform/api/v1/users/#{user.id}"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        get "/platform/api/v1/users/#{user.id}", headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'returns unauthorized when its not a permissible object' do
+        get "/platform/api/v1/users/#{user.id}", headers: { api_access_token: platform_app.access_token.token }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'shows a user when its permissible object' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: user)
+
+        get "/platform/api/v1/users/#{user.id}",
+            headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        data = JSON.parse(response.body)
+        expect(data['email']).to eq(user.email)
+      end
+    end
+  end
+
+  describe 'GET /platform/api/v1/users/{user_id}/login' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        get "/platform/api/v1/users/#{user.id}/login"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        get "/platform/api/v1/users/#{user.id}/login", headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'returns unauthorized when its not a permissible object' do
+        get "/platform/api/v1/users/#{user.id}/login", headers: { api_access_token: platform_app.access_token.token }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'return login link for user' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: user)
+
+        get "/platform/api/v1/users/#{user.id}/login",
+            headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        data = JSON.parse(response.body)
+        expect(data['url']).to include('sso_auth_token')
+      end
+    end
+  end
+
+  describe 'POST /platform/api/v1/users/' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        post '/platform/api/v1/users'
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        post '/platform/api/v1/users/', headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'creates a new user and permissible for the user' do
+        post '/platform/api/v1/users/', params: { name: 'test', email: 'test@test.com', password: 'password123' },
+                                        headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        data = JSON.parse(response.body)
+        expect(data['email']).to eq('test@test.com')
+        expect(platform_app.platform_app_permissibles.first.permissible_id).to eq data['id']
+      end
+
+      it 'fetch existing user and creates permissible for the user' do
+        create(:user, name: 'old test', email: 'test@test.com')
+        post '/platform/api/v1/users/', params: { name: 'test', email: 'test@test.com', password: 'password123' },
+                                        headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        data = JSON.parse(response.body)
+        expect(data['name']).to eq('old test')
+        expect(platform_app.platform_app_permissibles.first.permissible_id).to eq data['id']
+      end
+    end
+  end
+
+  describe 'PATCH /platform/api/v1/users/{user_id}' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        patch "/platform/api/v1/users/#{user.id}"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        patch "/platform/api/v1/users/#{user.id}", headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'returns unauthorized when its not a permissible object' do
+        patch "/platform/api/v1/users/#{user.id}", params: { name: 'test' },
+                                                   headers: { api_access_token: platform_app.access_token.token }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'updates the user' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: user)
+        patch "/platform/api/v1/users/#{user.id}", params: { name: 'test123' },
+                                                   headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+        data = JSON.parse(response.body)
+        expect(data['name']).to eq('test123')
+      end
+    end
+  end
+end