Add granting and revocation mutations for site permissions

hummingbird-me · Oct 31, 2020 · 9b471f3 · 9b471f3
1 parent 4a950a5
commit 9b471f3
Show file tree

Hide file tree

Showing 8 changed files with 145 additions and 0 deletions.
diff --git a/app/actions/accounts/grant_site_permission.rb b/app/actions/accounts/grant_site_permission.rb
@@ -0,0 +1,17 @@
+module Accounts
+  class GrantSitePermission < Action
+    class UnknownPermission < StandardError; end
+
+    parameter :user, load: User, required: true
+    parameter :permission, required: true
+
+    def call
+      raise UnknownPermission unless User.permissions.keys.include?(permission)
+
+      user.permissions.set(permission)
+      user.save!
+
+      { user: user, permissions: user.permissions }
+    end
+  end
+end
diff --git a/app/actions/accounts/revoke_site_permission.rb b/app/actions/accounts/revoke_site_permission.rb
@@ -0,0 +1,17 @@
+module Accounts
+  class RevokeSitePermission < Action
+    class UnknownPermission < StandardError; end
+
+    parameter :user, load: User, required: true
+    parameter :permission, required: true
+
+    def call
+      raise UnknownPermission unless User.permissions.keys.include?(permission)
+
+      user.permissions.unset(permission)
+      user.save!
+
+      { user: user, permissions: user.permissions }
+    end
+  end
+end
diff --git a/app/graphql/mutations/account/grant_site_permission.rb b/app/graphql/mutations/account/grant_site_permission.rb
@@ -0,0 +1,29 @@
+class Mutations::Account::GrantSitePermission < Mutations::Base
+  argument :account, ID,
+    required: true,
+    description: 'Who to grant permissions to'
+
+  argument :permission, Types::Enum::SitePermission,
+    required: true,
+    description: 'The permission to grant to this user'
+
+  field :id, ID, null: false
+  field :permissions, [Types::Enum::SitePermission], null: false
+
+  def load_account(value)
+    ::User.find(value)
+  end
+
+  def authorized?
+    current_user.permissions.admin?
+  end
+
+  def resolve(account:, permission:)
+    res = Accounts::GrantSitePermission.call(user: account, permission: permission.to_sym)
+
+    {
+      id: res.user.id,
+      permissions: res.permissions
+    }
+  end
+end
diff --git a/app/graphql/mutations/account/revoke_site_permission.rb b/app/graphql/mutations/account/revoke_site_permission.rb
@@ -0,0 +1,29 @@
+class Mutations::Account::RevokeSitePermission < Mutations::Base
+  argument :account, ID,
+    required: true,
+    description: 'Who to grant permissions to'
+
+  argument :permission, Types::Enum::SitePermission,
+    required: true,
+    description: 'The permission to grant to this user'
+
+  field :id, ID, null: false
+  field :permissions, [Types::Enum::SitePermission], null: false
+
+  def load_account(value)
+    ::User.find(value)
+  end
+
+  def authorized?
+    current_user.permissions.admin?
+  end
+
+  def resolve(account:, permission:)
+    res = Accounts::RevokeSitePermission.call(user: account, permission: permission.to_sym)
+
+    {
+      id: res.user.id,
+      permissions: res.permissions
+    }
+  end
+end
diff --git a/app/graphql/types/mutation_type.rb b/app/graphql/types/mutation_type.rb
@@ -1,5 +1,6 @@
 class Types::MutationType < Types::BaseObject
   field :pro, Types::Mutations::ProMutation, null: false
+  field :account, Types::Mutations::AccountMutation, null: true
   field :anime, Types::Mutations::AnimeMutation, null: true
   field :episode, Types::Mutations::EpisodeMutation, null: true
   field :library_entry, Types::Mutations::LibraryEntryMutation, null: true

diff --git a/app/graphql/types/mutations/account_mutation.rb b/app/graphql/types/mutations/account_mutation.rb
@@ -0,0 +1,8 @@
+class Types::Mutations::AccountMutation < Types::BaseObject
+  field :grant_site_permission,
+    mutation: ::Mutations::Account::GrantSitePermission,
+    description: 'Grant a sitewide permission to a user'
+  field :revoke_site_permission,
+    mutation: ::Mutations::Account::RevokeSitePermission,
+    description: 'Revoke a sitewide permission for a user'
+end
diff --git a/spec/actions/accounts/grant_site_permission_spec.rb b/spec/actions/accounts/grant_site_permission_spec.rb
@@ -0,0 +1,22 @@
+require 'rails_helper'
+
+RSpec.describe Accounts::GrantSitePermission do
+  let(:user) { create(:user, permissions: %i[admin]) }
+
+  context 'with a valid permission' do
+    it 'should return the user and their new permissions' do
+      res = described_class.call(user: user, permission: :community_mod)
+      expect(res.user.id).to eq(user.id)
+      expect(res.permissions).to be_set(:community_mod)
+      expect(res.permissions).to be_set(:admin)
+    end
+  end
+
+  context 'with an invalid permission' do
+    it 'should throw UnknownPermission error' do
+      expect {
+        described_class.call(user: user, permission: :poopy)
+      }.to raise_exception(Accounts::GrantSitePermission::UnknownPermission)
+    end
+  end
+end
diff --git a/spec/actions/accounts/revoke_site_permission_spec.rb b/spec/actions/accounts/revoke_site_permission_spec.rb
@@ -0,0 +1,22 @@
+require 'rails_helper'
+
+RSpec.describe Accounts::RevokeSitePermission do
+  let(:user) { create(:user, permissions: %i[admin community_mod]) }
+
+  context 'with a valid permission' do
+    it 'should return the user and their new permissions' do
+      res = described_class.call(user: user, permission: :community_mod)
+      expect(res.user.id).to eq(user.id)
+      expect(res.permissions).not_to be_set(:community_mod)
+      expect(res.permissions).to be_set(:admin)
+    end
+  end
+
+  context 'with an invalid permission' do
+    it 'should throw UnknownPermission error' do
+      expect {
+        described_class.call(user: user, permission: :poopy)
+      }.to raise_exception(Accounts::RevokeSitePermission::UnknownPermission)
+    end
+  end
+end