hummingbird-me · NuckChorris · Oct 31, 2020 · Oct 31, 2020 · Nov 1, 2020 · Nov 1, 2020
diff --git a/app/actions/accounts/set_site_permissions.rb b/app/actions/accounts/set_site_permissions.rb
@@ -0,0 +1,20 @@
+module Accounts
+  class SetSitePermissions < Action
+    class UnknownPermissions < StandardError; end
+
+    parameter :user, load: User, required: true
+    parameter :permissions, required: true
+
+    def call
+      sym_permissions = permissions.map(&:to_sym)
+
+      unknown_permissions = sym_permissions - User.permissions.keys
+      raise UnknownPermissions, unknown_permissions if unknown_permissions.present?
+
+      user.permissions = sym_permissions
+      user.save!
+
+      { user: user, permissions: user.permissions }
+    end
+  end
+end
diff --git a/app/graphql/errors/active_record/record_invalid.rb b/app/graphql/errors/active_record/record_invalid.rb
@@ -0,0 +1,20 @@
+module Errors
+  module ActiveRecord
+    class RecordInvalid
+      def self.graphql_error(error)
+        record = error.record
+        errors = record.errors.map do |attribute, message|
+          {
+            code: 'ValidationError',
+            message: record.errors.full_message(attribute, message),
+            path: ['attributes', attribute.to_s.camelize(:lower)]
+          }
+        end
+
+        {
+          errors: errors
+        }
+      end
+    end
+  end
+end
diff --git a/app/graphql/mutations/account/set_site_permissions.rb b/app/graphql/mutations/account/set_site_permissions.rb
@@ -0,0 +1,21 @@
+class Mutations::Account::SetSitePermissions < Mutations::Base
+  argument :input, Types::Input::Account::SetSitePermissions,
+    required: true
+
+  field :account, Types::Account, null: false
+
+  def authorized?(input:)
+    super(input.account, :set_site_permissions?)
+  end
+
+  def resolve(input:)
+    permissions = input.permissions.map(&:to_sym)
+
+    res = Accounts::SetSitePermissions.call(
+      user: input.account,
+      permissions: permissions
+    )
+
+    { account: res.user }
+  end
+end
diff --git a/app/graphql/types/input/account/set_site_permissions.rb b/app/graphql/types/input/account/set_site_permissions.rb
@@ -0,0 +1,14 @@
+class Types::Input::Account::SetSitePermissions < Types::Input::Base
+  argument :account_id, ID,
+    required: true,
+    description: 'Who to grant permissions to',
+    as: :account
+
+  argument :permissions, [Types::Enum::SitePermission],
+    required: true,
+    description: 'The permissions to set for this user'
+
+  def load_account(value)
+    ::User.find(value)
+  end
+end
diff --git a/app/graphql/types/mutation_type.rb b/app/graphql/types/mutation_type.rb
@@ -1,7 +1,8 @@
 class Types::MutationType < Types::BaseObject
-  field :pro, Types::Mutations::ProMutation, null: false
+  field :account, Types::Mutations::AccountMutation, null: true
   field :anime, Types::Mutations::AnimeMutation, null: true
   field :episode, Types::Mutations::EpisodeMutation, null: true
   field :library_entry, Types::Mutations::LibraryEntryMutation, null: true
   field :mapping, Types::Mutations::MappingMutation, null: true
+  field :pro, Types::Mutations::ProMutation, null: false
 end
diff --git a/app/graphql/types/mutations/account_mutation.rb b/app/graphql/types/mutations/account_mutation.rb
@@ -0,0 +1,5 @@
+class Types::Mutations::AccountMutation < Types::BaseObject
+  field :set_site_permissions,
+    mutation: ::Mutations::Account::SetSitePermissions,
+    description: 'Set the sitewide permissions for a user'
+end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
@@ -10,6 +10,10 @@ def update?
   end
   alias_method :destroy?, :update?
 
+  def set_site_permissions?
+    user.permissions.admin?
+  end
+
   def editable_attributes(all)
     if has_scope?(:email_password_reset, accept_all: false)
       [:password]

diff --git a/spec/actions/accounts/set_site_permissions_spec.rb b/spec/actions/accounts/set_site_permissions_spec.rb
@@ -0,0 +1,23 @@
+require 'rails_helper'
+
+RSpec.describe Accounts::SetSitePermissions do
+  let(:user) { create(:user, permissions: %i[admin]) }
+
+  context 'with valid permissions' do
+    it 'should return the user and their new permissions' do
+      res = described_class.call(user: user, permissions: [:community_mod])
+      expect(res.user.id).to eq(user.id)
+      expect(res.permissions).to be_set(:community_mod)
+      expect(res.permissions).not_to be_set(:admin)
+    end
+  end
+
+  context 'with an invalid permission' do
+    it 'should throw UnknownPermissions error' do
+      expect {
+        described_class.call(user: user, permissions: %i[poopy community_mod])
+      }.to raise_exception(Accounts::SetSitePermissions::UnknownPermissions)
+      expect(user.reload.permissions).not_to be_set(:community_mod)
+    end
+  end
+end