feat: Platform API improvements (#2900)

- Platform APIs to add and update custom attributes to users
- Platform APIs to delete accounts
- Platform APIs to delete users

spec/controllers/api/v1/accounts/agents_controller_spec.rb

@@ -2,7 +2,7 @@ require 'rails_helper'
 
 RSpec.describe 'Agents API', type: :request do
   let(:account) { create(:account) }
-  let(:admin) { create(:user, account: account, role: :administrator) }
+  let(:admin) { create(:user, custom_attributes: { test: 'test' }, account: account, role: :administrator) }
   let(:agent) { create(:user, account: account, role: :agent) }
 
   describe 'GET /api/v1/accounts/{account.id}/agents' do
@@ -25,6 +25,18 @@ RSpec.describe 'Agents API', type: :request do
         expect(response).to have_http_status(:success)
         expect(JSON.parse(response.body).size).to eq(account.users.count)
       end
+
+      it 'returns custom fields on agents if present' do
+        agent.update(custom_attributes: { test: 'test' })
+
+        get "/api/v1/accounts/#{account.id}/agents",
+            headers: agent.create_new_auth_token,
+            as: :json
+
+        expect(response).to have_http_status(:success)
+        data = JSON.parse(response.body)
+        expect(data.first['custom_attributes']['test']).to eq('test')
+      end
     end
   end
 

spec/controllers/api/v1/profiles_controller_spec.rb

@@ -13,7 +13,7 @@ RSpec.describe 'Profile API', type: :request do
     end
 
     context 'when it is an authenticated user' do
-      let(:agent) { create(:user, account: account, role: :agent) }
+      let(:agent) { create(:user, account: account, custom_attributes: { test: 'test' }, role: :agent) }
 
       it 'returns current user information' do
         get '/api/v1/profile',
@@ -25,6 +25,7 @@ RSpec.describe 'Profile API', type: :request do
         expect(json_response['id']).to eq(agent.id)
         expect(json_response['email']).to eq(agent.email)
         expect(json_response['access_token']).to eq(agent.access_token.token)
+        expect(json_response['custom_attributes']['test']).to eq('test')
       end
     end
   end

spec/controllers/platform/api/v1/accounts_controller_spec.rb

@@ -104,4 +104,38 @@ RSpec.describe 'Platform Accounts API', type: :request do
       end
     end
   end
+
+  describe 'DELETE /platform/api/v1/accounts/{account_id}' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        delete "/platform/api/v1/accounts/#{account.id}"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        delete "/platform/api/v1/accounts/#{account.id}", headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'returns unauthorized when its not a permissible object' do
+        delete "/platform/api/v1/accounts/#{account.id}", headers: { api_access_token: platform_app.access_token.token }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'destroys the object' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: account)
+        expect(DeleteObjectJob).to receive(:perform_later).with(account).once
+        delete "/platform/api/v1/accounts/#{account.id}",
+               headers: { api_access_token: platform_app.access_token.token }, as: :json
+
+        expect(response).to have_http_status(:success)
+      end
+    end
+  end
 end

spec/controllers/platform/api/v1/users_controller_spec.rb

@@ -1,7 +1,7 @@
 require 'rails_helper'
 
 RSpec.describe 'Platform Users API', type: :request do
-  let!(:user) { create(:user) }
+  let!(:user) { create(:user, custom_attributes: { test: 'test' }) }
 
   describe 'GET /platform/api/v1/users/{user_id}' do
     context 'when it is an unauthenticated platform app' do
@@ -35,6 +35,7 @@ RSpec.describe 'Platform Users API', type: :request do
         expect(response).to have_http_status(:success)
         data = JSON.parse(response.body)
         expect(data['email']).to eq(user.email)
+        expect(data['custom_attributes']['test']).to eq('test')
       end
     end
   end
@@ -94,12 +95,14 @@ RSpec.describe 'Platform Users API', type: :request do
       let(:platform_app) { create(:platform_app) }
 
       it 'creates a new user and permissible for the user' do
-        post '/platform/api/v1/users/', params: { name: 'test', email: 'test@test.com', password: 'Password1!' },
+        post '/platform/api/v1/users/', params: { name: 'test', email: 'test@test.com', password: 'Password1!',
+                                                  custom_attributes: { test: 'test_create' } },
                                         headers: { api_access_token: platform_app.access_token.token }, as: :json
 
         expect(response).to have_http_status(:success)
         data = JSON.parse(response.body)
         expect(data['email']).to eq('test@test.com')
+        expect(data['custom_attributes']['test']).to eq('test_create')
         expect(platform_app.platform_app_permissibles.first.permissible_id).to eq data['id']
       end
 
@@ -142,12 +145,46 @@ RSpec.describe 'Platform Users API', type: :request do
 
       it 'updates the user' do
         create(:platform_app_permissible, platform_app: platform_app, permissible: user)
-        patch "/platform/api/v1/users/#{user.id}", params: { name: 'test123' },
+        patch "/platform/api/v1/users/#{user.id}", params: { name: 'test123', custom_attributes: { test: 'test_update' } },
                                                    headers: { api_access_token: platform_app.access_token.token }, as: :json
 
         expect(response).to have_http_status(:success)
         data = JSON.parse(response.body)
         expect(data['name']).to eq('test123')
+        expect(data['custom_attributes']['test']).to eq('test_update')
+      end
+    end
+  end
+
+  describe 'DELETE /platform/api/v1/users/{user_id}' do
+    context 'when it is an unauthenticated platform app' do
+      it 'returns unauthorized' do
+        delete "/platform/api/v1/users/#{user.id}"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an invalid platform app token' do
+      it 'returns unauthorized' do
+        delete "/platform/api/v1/users/#{user.id}", headers: { api_access_token: 'invalid' }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated platform app' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'returns unauthorized when its not a permissible object' do
+        delete "/platform/api/v1/users/#{user.id}", headers: { api_access_token: platform_app.access_token.token }, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'deletes the user' do
+        create(:platform_app_permissible, platform_app: platform_app, permissible: user)
+        expect(DeleteObjectJob).to receive(:perform_later).with(user).once
+        delete "/platform/api/v1/users/#{user.id}",
+               headers: { api_access_token: platform_app.access_token.token }, as: :json
+        expect(response).to have_http_status(:success)
       end
     end
   end

spec/jobs/delete_object_job_spec.rb

@@ -0,0 +1,20 @@
+require 'rails_helper'
+
+RSpec.describe DeleteObjectJob, type: :job do
+  subject(:job) { described_class.perform_later(account) }
+
+  let(:account) { create(:account) }
+
+  it 'enqueues the job' do
+    expect { job }.to have_enqueued_job(described_class)
+      .with(account)
+      .on_queue('default')
+  end
+
+  context 'when an object is passed to the job' do
+    it 'is deleted' do
+      described_class.perform_now(account)
+      expect { account.reload }.to raise_error(ActiveRecord::RecordNotFound)
+    end
+  end
+end