Remove JaResource/Canary from StripePlatformCardController (#1021)

Author: landongrindheim

lib/code_corps/policy/policy.ex

@@ -55,6 +55,10 @@ defmodule CodeCorps.Policy do
   defp can?(%User{} = current_user, :create, %StripeConnectPlan{}, %{} = params),
     do: Policy.StripeConnectPlan.create?(current_user, params)
   defp can?(%User{} = current_user, :create, %Skill{}, %{}), do: Policy.Skill.create?(current_user)
+  defp can?(%User{} = current_user, :show, %StripePlatformCard{} = stripe_platform_card, %{}),
+    do: Policy.StripePlatformCard.show?(current_user, stripe_platform_card)
+  defp can?(%User{} = current_user, :create, %StripePlatformCard{}, %{} = params),
+    do: Policy.StripePlatformCard.create?(current_user, params)
   defp can?(%User{} = current_user, :create, %TaskSkill{}, %{} = params), do: Policy.TaskSkill.create?(current_user, params)
   defp can?(%User{} = current_user, :delete, %TaskSkill{} = task_skill, %{}), do: Policy.TaskSkill.delete?(current_user, task_skill)
   defp can?(%User{} = current_user, :create, %UserCategory{} = user_category, %{}), do: Policy.UserCategory.create?(current_user, user_category)
@@ -101,10 +105,6 @@ defmodule CodeCorps.Policy do
     def can?(%User{} = user, :show, %StripeConnectSubscription{} = stripe_connect_subscription), do: Policy.StripeConnectSubscription.show?(user, stripe_connect_subscription)
     def can?(%User{} = user, :create, %Changeset{ data: %StripeConnectSubscription{}} = changeset), do: Policy.StripeConnectSubscription.create?(user, changeset)
 
-    def can?(%User{} = user, :show, %StripePlatformCard{} = stripe_platform_card), do: Policy.StripePlatformCard.show?(user, stripe_platform_card)
-    def can?(%User{} = user, :create, %Changeset{ data: %StripePlatformCard{}} = changeset), do: Policy.StripePlatformCard.create?(user, changeset)
-    def can?(%User{} = user, :delete, %StripePlatformCard{} = stripe_platform_card), do: Policy.StripePlatformCard.delete?(user, stripe_platform_card)
-
     def can?(%User{} = user, :create, %Changeset{data: %StripePlatformCustomer{}} = changeset), do: Policy.StripePlatformCustomer.create?(user, changeset)
     def can?(%User{} = user, :show, %StripePlatformCustomer{} = stripe_platform_customer), do: Policy.StripePlatformCustomer.show?(user, stripe_platform_customer)
 

lib/code_corps/policy/stripe_platform_card.ex

@@ -1,17 +1,19 @@
 defmodule CodeCorps.Policy.StripePlatformCard do
   alias CodeCorps.StripePlatformCard
   alias CodeCorps.User
-  alias Ecto.Changeset
 
-  def create?(user, card), do: user |> owns?(card)
-  def delete?(user, changeset), do: user |> owns?(changeset)
+  @spec create?(User.t, map) :: boolean
+  def create?(user, params), do: user |> owns?(params)
+
+  @spec show?(User.t, StripePlatformCard.t) :: boolean
   def show?(user, card), do: user |> owns?(card)
 
-  defp owns?(%User{id: current_user_id}, %Changeset{changes: %{user_id: user_id}}) do
+  @spec owns?(User.t, StripePlatformCard.t | map) :: boolean
+  defp owns?(%User{id: current_user_id}, %StripePlatformCard{user_id: user_id}) do
     current_user_id == user_id
   end
 
-  defp owns?(%User{id: current_user_id}, %StripePlatformCard{user_id: user_id}) do
+  defp owns?(%User{id: current_user_id}, %{"user_id" => user_id}) do
     current_user_id == user_id
   end
 

lib/code_corps_web/controllers/stripe_platform_card_controller.ex

@@ -1,19 +1,28 @@
 defmodule CodeCorpsWeb.StripePlatformCardController do
   use CodeCorpsWeb, :controller
-  use JaResource
 
-  alias CodeCorps.StripePlatformCard
   alias CodeCorps.StripeService.StripePlatformCardService
+  alias CodeCorps.{StripePlatformCard, User}
 
-  plug :load_and_authorize_resource, model: StripePlatformCard, only: [:show], preload: [:user]
-  plug :load_and_authorize_changeset, model: StripePlatformCard, only: [:create]
+  action_fallback CodeCorpsWeb.FallbackController
+  plug CodeCorpsWeb.Plug.DataToAttributes
+  plug CodeCorpsWeb.Plug.IdsToIntegers
 
-  plug JaResource
-
-  @spec model :: module
-  def model, do: CodeCorps.StripePlatformCard
+  @spec show(Conn.t, map) :: Conn.t
+  def show(%Conn{} = conn, %{"id" => id} = params) do
+    with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
+         %StripePlatformCard{} = stripe_platform_card <- StripePlatformCard |> Repo.get(id),
+         {:ok, :authorized} <- current_user |> Policy.authorize(:show, stripe_platform_card, params) do
+      conn |> render("show.json-api", data: stripe_platform_card)
+    end
+  end
 
-  def handle_create(_conn, attributes) do
-    attributes |> StripePlatformCardService.create
+  @spec create(Plug.Conn.t, map) :: Conn.t
+  def create(%Conn{} = conn, %{} = params) do
+    with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
+         {:ok, :authorized} <- current_user |> Policy.authorize(:create, %StripePlatformCard{}, params),
+         {:ok, %StripePlatformCard{} = stripe_platform_card} <- StripePlatformCardService.create(params) do
+      conn |> put_status(:created) |> render("show.json-api", data: stripe_platform_card)
+    end
   end
 end

test/lib/code_corps/policy/stripe_platform_card_test.exs

@@ -1,40 +1,21 @@
 defmodule CodeCorps.Policy.StripePlatformCardTest do
   use CodeCorps.PolicyCase
 
-  import CodeCorps.Policy.StripePlatformCard, only: [create?: 2, delete?: 2, show?: 2]
-  import CodeCorps.StripePlatformCard, only: [create_changeset: 2]
-
-  alias CodeCorps.StripePlatformCard
+  import CodeCorps.Policy.StripePlatformCard, only: [create?: 2, show?: 2]
 
   describe "create?" do
     test "returns true if user is creating their own record" do
       user = insert(:user)
-      changeset = %StripePlatformCard{} |> create_changeset(%{user_id: user.id})
+      stripe_platform_card = insert(:stripe_platform_card, user: user)
 
-      assert create?(user, changeset)
+      assert create?(user, stripe_platform_card)
     end
 
     test "returns false if user is creating someone else's record" do
       user = build(:user)
-      changeset = %StripePlatformCard{} |> create_changeset(%{user_id: "someone-else"})
-
-      refute create?(user, changeset)
-    end
-  end
-
-  describe "delete?" do
-    test "returns true if user is deleting their own record" do
-      user = insert(:user)
-      stripe_platform_card = insert(:stripe_platform_card, user: user)
-
-      assert delete?(user, stripe_platform_card)
-    end
-
-    test "returns false if user is deleting someone else's record" do
-      user = insert(:user)
       stripe_platform_card = insert(:stripe_platform_card)
 
-      refute delete?(user, stripe_platform_card)
+      refute create?(user, stripe_platform_card)
     end
   end