From bb75ab1856082f4bd87e5414228fa8027875a9ff Mon Sep 17 00:00:00 2001
From: yuenmichelle1 <michelle.dano.yuen@gmail.com>
Date: Wed, 4 Sep 2024 21:27:05 -0500
Subject: [PATCH 1/3] disallow membership creation/reactivation if user_group
 is inactive

---
 app/operations/memberships/create.rb          |  1 +
 .../api/v1/memberships_controller_spec.rb     | 41 ++++++++++++++++++-
 spec/operations/memberships/create_spec.rb    |  7 ++++
 3 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/app/operations/memberships/create.rb b/app/operations/memberships/create.rb
index 0ce11a6a4..2bcd84a05 100644
--- a/app/operations/memberships/create.rb
+++ b/app/operations/memberships/create.rb
@@ -11,6 +11,7 @@ def execute
       raise Unauthenticated unless api_user.logged_in?
       raise Unauthorized unless user_group.verify_join_token(join_token)
       raise Unauthorized unless user.id == api_user.id
+      raise Unauthorized, 'Group is inactive' if user_group.disabled?
 
       membership = Membership.find_or_initialize_by(user: api_user.user, user_group: user_group)
       membership.state = :active
diff --git a/spec/controllers/api/v1/memberships_controller_spec.rb b/spec/controllers/api/v1/memberships_controller_spec.rb
index a6ebe9d9f..46ffb3ae6 100644
--- a/spec/controllers/api/v1/memberships_controller_spec.rb
+++ b/spec/controllers/api/v1/memberships_controller_spec.rb
@@ -57,7 +57,7 @@
   describe "#create" do
     let(:test_attr) { :state }
     let(:test_attr_value) { "active" }
-    let(:user_group) { create :user_group }
+    let(:user_group) { create(:user_group) }
     let(:create_params) do
       {
         memberships: {
@@ -70,7 +70,44 @@
       }
     end
 
-    it_behaves_like "is creatable"
+    it_behaves_like 'is creatable'
+
+    it 're-activates a membership' do
+      membership = create(:membership, user_id: authorized_user.id, user_group_id: user_group.id, state: :inactive)
+      default_request scopes: scopes, user_id: authorized_user.id
+      post :create, params: create_params
+      expect(response).to have_http_status(:created)
+      expect(membership.reload.state).to eq('active')
+    end
+
+    context 'with an inactive user_group' do
+      let(:inactive_user_group) { create(:user_group, activated_state: :inactive) }
+      let(:params) do
+        {
+          memberships: {
+            join_token: inactive_user_group.join_token,
+            links: {
+              user: authorized_user.id.to_s,
+              user_group: inactive_user_group.id.to_s
+            }
+          }
+        }
+      end
+      before(:each) do
+        default_request scopes: scopes, user_id: authorized_user.id
+        post :create, params: params
+      end
+
+      it 'disallows membership creation' do
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
+
+      it 'disallows membership re-activation' do
+        membership = create(:membership, user_id: authorized_user.id, user_group_id: inactive_user_group.id, state: :inactive)
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(membership.reload.state).to eq('inactive')
+      end
+    end
   end
 
   describe "#destroy" do
diff --git a/spec/operations/memberships/create_spec.rb b/spec/operations/memberships/create_spec.rb
index f034d291c..725b9c341 100644
--- a/spec/operations/memberships/create_spec.rb
+++ b/spec/operations/memberships/create_spec.rb
@@ -34,6 +34,13 @@
       end.to raise_error(Operation::Unauthorized)
     end
 
+    it 'disallows you to add yourself to an inactive group' do
+      inactive_user_group = create(:user_group, activated_state: :inactive)
+      expect do
+        operation.run links: {user: you.id, user_group: inactive_user_group.id}, join_token: inactive_user_group.join_token
+      end.to raise_error(Operation::Unauthorized)
+    end
+
     it 'does not work for missing groups' do
       expect do
         operation.run links: {user: you.id, user_group: 0}, join_token: 'wrong_token'

From 1b8fdb8ed3f5bc199f8a22bf1d4702c801f0da23 Mon Sep 17 00:00:00 2001
From: yuenmichelle1 <michelle.dano.yuen@gmail.com>
Date: Wed, 4 Sep 2024 21:31:35 -0500
Subject: [PATCH 2/3] update formatting and spacing per hound sniffs

---
 spec/controllers/api/v1/memberships_controller_spec.rb | 3 ++-
 spec/operations/memberships/create_spec.rb             | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/spec/controllers/api/v1/memberships_controller_spec.rb b/spec/controllers/api/v1/memberships_controller_spec.rb
index 46ffb3ae6..5fc15f656 100644
--- a/spec/controllers/api/v1/memberships_controller_spec.rb
+++ b/spec/controllers/api/v1/memberships_controller_spec.rb
@@ -93,7 +93,8 @@
           }
         }
       end
-      before(:each) do
+
+      before do
         default_request scopes: scopes, user_id: authorized_user.id
         post :create, params: params
       end
diff --git a/spec/operations/memberships/create_spec.rb b/spec/operations/memberships/create_spec.rb
index 725b9c341..2dcdf1038 100644
--- a/spec/operations/memberships/create_spec.rb
+++ b/spec/operations/memberships/create_spec.rb
@@ -37,7 +37,7 @@
     it 'disallows you to add yourself to an inactive group' do
       inactive_user_group = create(:user_group, activated_state: :inactive)
       expect do
-        operation.run links: {user: you.id, user_group: inactive_user_group.id}, join_token: inactive_user_group.join_token
+        operation.run links: { user: you.id, user_group: inactive_user_group.id }, join_token: inactive_user_group.join_token
       end.to raise_error(Operation::Unauthorized)
     end
 

From 48b65b5b97e2080250ac8913dca9e63c5923e3fa Mon Sep 17 00:00:00 2001
From: yuenmichelle1 <michelle.dano.yuen@gmail.com>
Date: Wed, 4 Sep 2024 22:12:20 -0500
Subject: [PATCH 3/3] update specs to ensure custom error message is returned

---
 spec/controllers/api/v1/memberships_controller_spec.rb | 5 +++++
 spec/operations/memberships/create_spec.rb             | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/spec/controllers/api/v1/memberships_controller_spec.rb b/spec/controllers/api/v1/memberships_controller_spec.rb
index 5fc15f656..5309ed5d7 100644
--- a/spec/controllers/api/v1/memberships_controller_spec.rb
+++ b/spec/controllers/api/v1/memberships_controller_spec.rb
@@ -103,6 +103,11 @@
         expect(response).to have_http_status(:unprocessable_entity)
       end
 
+      it 'responds with group is inactive error message' do
+        response_body = JSON.parse(response.body)
+        expect(response_body['errors'][0]['message']).to eq('Group is inactive')
+      end
+
       it 'disallows membership re-activation' do
         membership = create(:membership, user_id: authorized_user.id, user_group_id: inactive_user_group.id, state: :inactive)
         expect(response).to have_http_status(:unprocessable_entity)
diff --git a/spec/operations/memberships/create_spec.rb b/spec/operations/memberships/create_spec.rb
index 2dcdf1038..8493626ca 100644
--- a/spec/operations/memberships/create_spec.rb
+++ b/spec/operations/memberships/create_spec.rb
@@ -38,7 +38,7 @@
       inactive_user_group = create(:user_group, activated_state: :inactive)
       expect do
         operation.run links: { user: you.id, user_group: inactive_user_group.id }, join_token: inactive_user_group.join_token
-      end.to raise_error(Operation::Unauthorized)
+      end.to raise_error(Operation::Unauthorized, 'Group is inactive')
     end
 
     it 'does not work for missing groups' do