Merge pull request #111 from Jess-White/feature/412-add-authorization-remove-org-users-actions

cainwatson · web-flow · commit 1fb84efac145 · 2022-10-19T19:21:56.000-05:00
Feature/412 add authorization remove org users actions
diff --git a/app/controllers/api/organization_users_controller.rb b/app/controllers/api/organization_users_controller.rb
@@ -9,24 +9,6 @@ def index
       render 'api/users/index.json.jb'
     end
 
-    def create
-      user = User.find(params[:id])
-      @organization_user = OrganizationUser.create!(
-        organization: @organization,
-        user: user
-      )
-
-      render 'show.json.jb', status: :created
-    rescue ActiveRecord::RecordNotUnique
-      @organization_user = organization_user
-      render 'show.json.jb', status: :ok
-    end
-
-    def show
-      @organization_user = organization_user
-      render 'show.json.jb'
-    end
-
     def destroy
       @organization_user = organization_user
       authorize @organization_user
diff --git a/spec/controllers/api/organization_users_controller_spec.rb b/spec/controllers/api/organization_users_controller_spec.rb
@@ -77,135 +77,6 @@
     end
   end
 
-  describe 'POST /organizations/:organization_id/users' do
-    let(:michael) { create(:user, first_name: 'Michael') }
-
-    let(:new_organization_user_params) do
-      {
-        organization_id: good_place.id,
-        id: michael.id
-      }
-    end
-
-    it 'renders 401 if unauthenticated' do
-      post :create, params: new_organization_user_params
-      expect(response).to have_http_status(401)
-    end
-
-    it 'renders 401 if organization does not exist' do
-      set_auth_header(chidi)
-      post :create, params: {
-        **new_organization_user_params,
-        organization_id: '37e485b8-65e5-4502-a8aa-5217dd3160c3'
-      }
-
-      expect(response).to have_http_status(401)
-    end
-
-    it 'renders 401 if user does not exist' do
-      set_auth_header(chidi)
-      post :create, params: {
-        **new_organization_user_params,
-        id: 'dc846e2f-a86a-4e78-b217-6517a8bbca00'
-      }
-
-      expect(response).to have_http_status(401)
-    end
-
-    it 'renders 401 if not member of organization' do
-      shawn = User.find_by!(first_name: 'Shawn')
-      set_auth_header(shawn)
-      post :create, params: new_organization_user_params
-
-      expect(response).to have_http_status(401)
-    end
-
-    it 'renders 201 with added organization user' do
-      set_auth_header(chidi)
-      post :create, params: new_organization_user_params
-
-      expect(response).to have_http_status(201)
-      expect(JSON.parse(response.body).keys).to contain_exactly(*user_fields)
-      expect(JSON.parse(response.body)).to match(
-        a_hash_including(
-          'id' => michael.id,
-          'created_at' => michael.created_at.iso8601(3),
-          'updated_at' => michael.updated_at.iso8601(3),
-          'email' => michael.email,
-          'first_name' => michael.first_name,
-          'last_name' => michael.last_name
-        )
-      )
-    end
-
-    it 'renders 200 when user is already in organization' do
-      set_auth_header(chidi)
-
-      post :create, params: new_organization_user_params
-      expect(response).to have_http_status(201)
-
-      post :create, params: new_organization_user_params
-      expect(response).to have_http_status(200)
-
-      expect(OrganizationUser.where(organization_id: good_place.id).count).to eq(3)
-    end
-  end
-
-  describe 'GET /organizations/:organization_id/users/:id' do
-    it 'renders 401 if unauthenticated' do
-      get :show, params: { organization_id: good_place.id, id: chidi.id }
-      expect(response).to have_http_status(401)
-    end
-
-    it 'renders 401 if organization does not exist' do
-      set_auth_header(chidi)
-      get :show, params: { organization_id: '43698687-16b4-4c23-939d-a2a8e8b8b6b1', id: chidi.id }
-
-      expect(response).to have_http_status(401)
-    end
-
-    it 'renders 401 if user does not exist' do
-      set_auth_header(chidi)
-      get :show, params: { organization_id: good_place, id: '351b7cbe-c753-445f-a4dc-c24597ab923e' }
-
-      expect(response).to have_http_status(401)
-    end
-
-    it 'renders 401 if requested user is not member of organization' do
-      shawn = User.find_by!(first_name: 'Shawn')
-      set_auth_header(chidi)
-      get :show, params: { organization_id: good_place, id: shawn.id }
-
-      expect(response).to have_http_status(401)
-    end
-
-    it 'renders 401 if authenticated user is not member of organization' do
-      shawn = User.find_by!(first_name: 'Shawn')
-      set_auth_header(shawn)
-      get :show, params: { organization_id: good_place.id, id: chidi.id }
-
-      expect(response).to have_http_status(401)
-    end
-
-    it 'renders 200 with organization user' do
-      set_auth_header(chidi)
-      get :show, params: { organization_id: good_place.id, id: chidi.id }
-
-      expect(response).to have_http_status(200)
-      expect(JSON.parse(response.body).keys).to contain_exactly(*user_fields)
-      expect(JSON.parse(response.body)).to match(
-        a_hash_including(
-          'id' => chidi.id,
-          'created_at' => chidi.created_at.iso8601(3),
-          'updated_at' => chidi.updated_at.iso8601(3),
-          'email' => chidi.email,
-          'first_name' => chidi.first_name,
-          'last_name' => chidi.last_name
-        )
-      )
-    end
-  end
-
   describe 'DELETE /organizations/:organization_id/users/:id' do
     before do
       allow_any_instance_of(OrganizationUserPolicy).to receive(:destroy?).and_return(true)
