Skip to content

Commit

Permalink
Disallow membership creation/reactivation if user_group is inactive (#…
Browse files Browse the repository at this point in the history
…4385)

* disallow membership creation/reactivation if user_group is inactive

* update formatting and spacing per hound sniffs

* update specs to ensure custom error message is returned
  • Loading branch information
yuenmichelle1 authored Sep 6, 2024
1 parent 022f1de commit d407b22
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 2 deletions.
1 change: 1 addition & 0 deletions app/operations/memberships/create.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ def execute
raise Unauthenticated unless api_user.logged_in?
raise Unauthorized unless user_group.verify_join_token(join_token)
raise Unauthorized unless user.id == api_user.id
raise Unauthorized, 'Group is inactive' if user_group.disabled?

membership = Membership.find_or_initialize_by(user: api_user.user, user_group: user_group)
membership.state = :active
Expand Down
47 changes: 45 additions & 2 deletions spec/controllers/api/v1/memberships_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
describe "#create" do
let(:test_attr) { :state }
let(:test_attr_value) { "active" }
let(:user_group) { create :user_group }
let(:user_group) { create(:user_group) }
let(:create_params) do
{
memberships: {
Expand All @@ -70,7 +70,50 @@
}
end

it_behaves_like "is creatable"
it_behaves_like 'is creatable'

it 're-activates a membership' do
membership = create(:membership, user_id: authorized_user.id, user_group_id: user_group.id, state: :inactive)
default_request scopes: scopes, user_id: authorized_user.id
post :create, params: create_params
expect(response).to have_http_status(:created)
expect(membership.reload.state).to eq('active')
end

context 'with an inactive user_group' do
let(:inactive_user_group) { create(:user_group, activated_state: :inactive) }
let(:params) do
{
memberships: {
join_token: inactive_user_group.join_token,
links: {
user: authorized_user.id.to_s,
user_group: inactive_user_group.id.to_s
}
}
}
end

before do
default_request scopes: scopes, user_id: authorized_user.id
post :create, params: params
end

it 'disallows membership creation' do
expect(response).to have_http_status(:unprocessable_entity)
end

it 'responds with group is inactive error message' do
response_body = JSON.parse(response.body)
expect(response_body['errors'][0]['message']).to eq('Group is inactive')
end

it 'disallows membership re-activation' do
membership = create(:membership, user_id: authorized_user.id, user_group_id: inactive_user_group.id, state: :inactive)
expect(response).to have_http_status(:unprocessable_entity)
expect(membership.reload.state).to eq('inactive')
end
end
end

describe "#destroy" do
Expand Down
7 changes: 7 additions & 0 deletions spec/operations/memberships/create_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,13 @@
end.to raise_error(Operation::Unauthorized)
end

it 'disallows you to add yourself to an inactive group' do
inactive_user_group = create(:user_group, activated_state: :inactive)
expect do
operation.run links: { user: you.id, user_group: inactive_user_group.id }, join_token: inactive_user_group.join_token
end.to raise_error(Operation::Unauthorized, 'Group is inactive')
end

it 'does not work for missing groups' do
expect do
operation.run links: {user: you.id, user_group: 0}, join_token: 'wrong_token'
Expand Down

0 comments on commit d407b22

Please sign in to comment.