[36467] Add API users form and schema endpoints (#9090)

* Add Users form endpoints * Avoid cache_if as it caches properties for new_record? as well * Add specs * Add missing custom_field_values method * Fix missing firstname lastname api conversions * Disable cached_representer on user payload * Add patch to allow using our custom setter in case of nil values trailblazer/representable#234 * Add test for changing status * Fix expectation with changed attribute mapping * Disable rendering name property for users The name property is not accessible directly for users * Fix attribute names for first and lastname for writable * Ensure password is marked writable even though its not an attribute * Avoid explicitly setting to_ar_name conversion * Reuse AssignableCustomFieldValues concern * Fix structure of users.apib to be flat * Extend requests with custom fields * Output name, but dont mark as writable attribute * Fix id indentation * Rename schema email property * Fix param for user update form * Fix schema docs
opf · Mar 23, 2021 · 065dfbd · 065dfbd
1 parent 344f43c
commit 065dfbd
Show file tree

Hide file tree

Showing 21 changed files with 1,670 additions and 110 deletions.
diff --git a/app/contracts/users/base_contract.rb b/app/contracts/users/base_contract.rb
@@ -30,11 +30,12 @@
 
 module Users
   class BaseContract < ::ModelContract
+    include AssignableCustomFieldValues
+
     attribute :login,
               writeable: ->(*) { user.allowed_to_globally?(:manage_user) && model.id != user.id }
     attribute :firstname
     attribute :lastname
-    attribute :name
     attribute :mail
     attribute :admin,
               writeable: ->(*) { user.admin? && model.id != user.id }
@@ -53,18 +54,33 @@ def self.model
       User
     end
 
-    validate :password_writable
+    validate :validate_password_writable
     validate :existing_auth_source
 
+    delegate :available_custom_fields, to: :model
+
+    def reduce_writable_attributes(attributes)
+      super.tap do |writable|
+        writable << 'password' if password_writable?
+      end
+    end
+
     private
 
+    ##
+    # Password is not a regular attribute so it bypasses
+    # attribute writable checks
+    def password_writable?
+      user.admin? || user.id == model.id
+    end
+
     ##
     # User#password is not an ActiveModel property,
     # but just an accessor, so we need to identify it being written there.
     # It is only present when freshly written
-    def password_writable
+    def validate_password_writable
       # Only admins or the user themselves can set the password
-      return if user.admin? || user.id == model.id
+      return if password_writable?
 
       errors.add :password, :error_readonly if model.password.present?
     end

diff --git a/config/constants/ar_to_api_conversions.rb b/config/constants/ar_to_api_conversions.rb
@@ -44,7 +44,9 @@ class ARToAPIConversions
       column_names: 'columns',
       is_public: 'public',
       sort_criteria: 'sortBy',
-      message: 'post'
+      message: 'post',
+      firstname: 'firstName',
+      lastname: 'lastName',
     }.freeze
 
     # Conversions that are unidirectional (from the API to AR)