prepare for lesson (fs#57)

stepantishhen · Oct 17, 2023 · 71a3f05 · 71a3f05
1 parent 901555f
commit 71a3f05
Show file tree

Hide file tree

Showing 13 changed files with 120 additions and 3 deletions.
diff --git a/Gemfile b/Gemfile
@@ -3,6 +3,8 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 ruby "2.7.4"
 
+gem "action_policy"
+gem "enumerize"
 # Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
 gem "rails", "~> 6.1.7"
 # Use postgresql as the database for Active Record

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,6 +1,8 @@
 GEM
   remote: https://rubygems.org/
   specs:
+    action_policy (0.6.7)
+      ruby-next-core (>= 0.14.0)
     actioncable (6.1.7.6)
       actionpack (= 6.1.7.6)
       activesupport (= 6.1.7.6)
@@ -83,6 +85,8 @@ GEM
     concurrent-ruby (1.2.2)
     crass (1.0.6)
     date (3.3.3)
+    enumerize (2.7.0)
+      activesupport (>= 3.2)
     erubi (1.12.0)
     ffi (1.15.5)
     globalid (1.2.1)
@@ -220,6 +224,7 @@ GEM
       rubocop (~> 1.0)
     rubocop-thread_safety (0.5.1)
       rubocop (>= 0.90.0)
+    ruby-next-core (0.15.3)
     ruby-progressbar (1.13.0)
     rubyzip (2.3.2)
     sass-rails (6.0.0)
@@ -280,10 +285,12 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  action_policy
   bcrypt (~> 3.1.7)
   bootsnap (>= 1.4.4)
   byebug
   capybara (>= 3.26)
+  enumerize
   jbuilder (~> 2.7)
   kaminari
   listen (~> 3.3)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,3 +1,4 @@
 class ApplicationController < ActionController::Base
   include Authentication
+  include Authorization
 end
diff --git a/app/controllers/concerns/authorization.rb b/app/controllers/concerns/authorization.rb
@@ -0,0 +1,15 @@
+module Authorization
+  extend ActiveSupport::Concern
+
+  included do
+    verify_authorized
+
+    rescue_from ActionPolicy::Unauthorized, with: :deny_access!
+  end
+
+  private
+
+  def deny_access!(error)
+    redirect_to root_path, alert: error.message
+  end
+end
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
@@ -3,6 +3,8 @@ class ProjectsController < ApplicationController
 
   def index
     @projects = Project.order(params[:sort]).page(params[:page]).per(3)
+
+    authorize! @projects
   end
 
   def show
@@ -11,14 +13,17 @@ def show
 
   def new
     @project = Project.new
+
+    authorize! @project
   end
 
   def edit; end
 
   def create
     @project = Project.new(project_params)
+    @project_membership = ProjectMembership.new(project_membership_params)
 
-    if @project.save
+    if @project.save && @project_membership.save
       redirect_to projects_path, notice: "Created Successful"
     else
       render :new, status: :unprocessable_entity
@@ -44,6 +49,10 @@ def set_project
     @project = Project.find_by(id: params[:id])
   end
 
+  def project_membership_params
+    { project: @project, user: current_user, role: :owner }
+  end
+
   def project_params
     params.require(:project).permit(:name, :description)
   end

diff --git a/app/models/project.rb b/app/models/project.rb
@@ -1,5 +1,8 @@
 class Project < ApplicationRecord
+  has_many :tasks, dependent: :destroy
+  has_many :project_memberships, dependent: :destroy
+  has_many :users, through: :project_memberships
+
   validates :name, :description, presence: true
   validates :name, uniqueness: true
-  has_many :tasks, dependent: :destroy
 end
diff --git a/app/models/project_membership.rb b/app/models/project_membership.rb
@@ -0,0 +1,10 @@
+class ProjectMembership < ApplicationRecord
+  extend Enumerize
+
+  ROLES = %i[owner member].freeze
+
+  belongs_to :user
+  belongs_to :project
+
+  enumerize :role, in: ROLES, predicates: true, scope: :shallow, default: :member
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -1,8 +1,16 @@
 class User < ApplicationRecord
+  extend Enumerize
+
   has_secure_password
+  ROLES = %i[member admin super_admin].freeze
   VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i.freeze
 
+  has_many :project_memberships, dependent: :restrict_with_error
+  has_many :projects, through: :project_memberships
+
   validates :password, length: { minimum: 6 }
   validates :email, presence: true, uniqueness: true, format: { with: VALID_EMAIL_REGEX }
   validates :first_name, :last_name, presence: true
+
+  enumerize :role, in: ROLES, predicates: true, scope: :shallow, default: :member
 end
diff --git a/app/policy/application_policy.rb b/app/policy/application_policy.rb
@@ -0,0 +1,2 @@
+class ApplicationPolicy < ActionPolicy::Base
+end
diff --git a/app/policy/project_policy.rb b/app/policy/project_policy.rb
@@ -0,0 +1,31 @@
+class ProjectPolicy < ApplicationPolicy
+  authorize :user, allow_nil: true
+
+  def index?
+    true
+  end
+
+  def new?
+    true
+  end
+
+  def create?
+    user.present?
+  end
+
+  def destroy?
+    true
+  end
+
+  def edit?
+    new?
+  end
+
+  def show?
+    true
+  end
+
+  def update?
+    true
+  end
+end
diff --git a/db/migrate/20231017132806_add_roles_to_users.rb b/db/migrate/20231017132806_add_roles_to_users.rb
@@ -0,0 +1,5 @@
+class AddRolesToUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :users, :role, :string, default: "member", null: false
+  end
+end
diff --git a/db/migrate/20231017133743_create_project_memberships.rb b/db/migrate/20231017133743_create_project_memberships.rb
@@ -0,0 +1,11 @@
+class CreateProjectMemberships < ActiveRecord::Migration[6.1]
+  def change
+    create_table :project_memberships do |t|
+      t.references :project, null: false, foreign_key: true
+      t.belongs_to :user, null: false, foreign_key: true
+      t.string :role, null: false
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		class ApplicationPolicy < ActionPolicy::Base
		end