Add github-events index and show endpoints

- Add pagination
- Add admin to the user view

Author: joshsmith

lib/code_corps/model/github_event.ex

@@ -1,15 +1,16 @@
 defmodule CodeCorps.GithubEvent do
   use CodeCorps.Model
+  use Scrivener, page_size: 20
 
   @type t :: %__MODULE__{}
 
   schema "github_events" do
     field :action, :string
+    field :failure_reason, :string
     field :github_delivery_id, :string
     field :payload, :map
     field :status, :string
     field :type, :string
-    field :failure_reason, :string
 
     timestamps()
   end

lib/code_corps/policy/github_event.ex

@@ -0,0 +1,9 @@
+defmodule CodeCorps.Policy.GithubEvent do
+  alias CodeCorps.User
+
+  def index?(%User{admin: true}), do: true
+  def index?(%User{admin: false}), do: false
+
+  def show?(%User{admin: true}), do: true
+  def show?(%User{admin: false}), do: false
+end

lib/code_corps/policy/policy.ex

@@ -3,7 +3,7 @@ defmodule CodeCorps.Policy do
   Handles authorization for various API actions performed on objects in the database.
   """
 
-  alias CodeCorps.{Category, Comment, DonationGoal, GithubAppInstallation, Organization, OrganizationInvite, OrganizationGithubAppInstallation, Preview, Project, ProjectCategory, ProjectGithubRepo, ProjectSkill, ProjectUser, Role, RoleSkill, Skill, StripeConnectAccount, StripeConnectPlan, StripeConnectSubscription, StripePlatformCard, StripePlatformCustomer, Task, TaskSkill, User, UserCategory, UserRole, UserSkill, UserTask}
+  alias CodeCorps.{Category, Comment, DonationGoal, GithubAppInstallation, GithubEvent, Organization, OrganizationInvite, OrganizationGithubAppInstallation, Preview, Project, ProjectCategory, ProjectGithubRepo, ProjectSkill, ProjectUser, Role, RoleSkill, Skill, StripeConnectAccount, StripeConnectPlan, StripeConnectSubscription, StripePlatformCard, StripePlatformCustomer, Task, TaskSkill, User, UserCategory, UserRole, UserSkill, UserTask}
 
   alias CodeCorps.Policy
 
@@ -40,6 +40,10 @@ defmodule CodeCorps.Policy do
   # GithubAppInstallation
   defp can?(%User{} = current_user, :create, %GithubAppInstallation{}, %{} = params), do: Policy.GithubAppInstallation.create?(current_user, params)
 
+  # GithubEvent
+  defp can?(%User{} = current_user, :index, %GithubEvent{}, %{}), do: Policy.GithubEvent.index?(current_user)
+  defp can?(%User{} = current_user, :show, %GithubEvent{}, %{}), do: Policy.GithubEvent.show?(current_user)
+
   # Organization
   defp can?(%User{} = current_user, :create, %Organization{}, %{}), do: Policy.Organization.create?(current_user)
   defp can?(%User{} = current_user, :update, %Organization{} = organization, %{}), do: Policy.Organization.update?(current_user, organization)

lib/code_corps_web/controllers/github_event_controller.ex

@@ -0,0 +1,65 @@
+defmodule CodeCorpsWeb.GithubEventController do
+  @moduledoc false
+  use CodeCorpsWeb, :controller
+
+  alias CodeCorps.{GithubEvent, Helpers.Query, Repo, User}
+  alias CodeCorps.GitHub.Webhook.{
+    EventSupport, Processor
+  }
+
+  action_fallback CodeCorpsWeb.FallbackController
+  plug CodeCorpsWeb.Plug.DataToAttributes
+  plug CodeCorpsWeb.Plug.IdsToIntegers
+
+  @spec index(Conn.t, map) :: Conn.t
+  def index(%Conn{} = conn, %{} = params) do
+    with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
+         {:ok, :authorized} <- current_user |> Policy.authorize(:index, %GithubEvent{}, params)
+    do
+      github_events =
+        GithubEvent
+        |> Query.id_filter(params)
+        |> paginate(params)
+
+      conn |> render("index.json-api", data: github_events)
+    end
+  end
+
+  @spec show(Conn.t, map) :: Conn.t
+  def show(%Conn{} = conn, %{"id" => id} = params) do
+    with %User{} = current_user <- conn |> Guardian.Plug.current_resource,
+         %GithubEvent{} = github_event <- GithubEvent |> Repo.get(id),
+         {:ok, :authorized} <- current_user |> Policy.authorize(:show, github_event, params)
+    do
+      conn |> render("show.json-api", data: github_event)
+    end
+  end
+
+  def create(conn, event_payload) do
+    event_type = conn |> get_event_type()
+
+    case event_type |> EventSupport.status do
+      :supported ->
+        Processor.process_async(event_type, conn |> get_delivery_id, event_payload)
+        conn |> send_resp(200, "")
+      :unsupported ->
+        conn |> send_resp(202, "")
+    end
+  end
+
+  defp get_event_type(conn) do
+    conn |> get_req_header("x-github-event") |> List.first
+  end
+
+  defp get_delivery_id(conn) do
+    conn |> get_req_header("x-github-delivery") |> List.first
+  end
+
+  @spec paginate(Ecto.Queryable.t, map) :: list(GithubEvent.t)
+  defp paginate(query, %{"page" => page_params}) do
+    query |> Repo.paginate(page_params)
+  end
+  defp paginate(query, _) do
+    query |> Repo.all()
+  end
+end

lib/code_corps_web/controllers/github_events_controller.ex

@@ -59,7 +59,7 @@ defmodule CodeCorpsWeb.Router do
   scope "/", CodeCorpsWeb, host: "api." do
     pipe_through [:github_webhooks]
 
-    post "/webhooks/github", GitHubEventsController, :create, as: :github_events
+    post "/webhooks/github", GithubEventController, :create, as: :github_events
   end
 
   scope "/", CodeCorpsWeb, host: "api." do
@@ -70,6 +70,7 @@ defmodule CodeCorpsWeb.Router do
     resources "/donation-goals", DonationGoalController, only: [:create, :update, :delete]
     post "/oauth/github", UserController, :github_oauth
     resources "/github-app-installations", GithubAppInstallationController, only: [:create]
+    resources "/github-events", GithubEventController, only: [:index, :show]
     resources "/organization-github-app-installations", OrganizationGithubAppInstallationController, only: [:create, :delete]
     resources "/organizations", OrganizationController, only: [:create, :update]
     resources "/organization-invites", OrganizationInviteController, only: [:create, :update]

lib/code_corps_web/router.ex

@@ -0,0 +1,14 @@
+defmodule CodeCorpsWeb.GithubEventView do
+  @moduledoc false
+  use CodeCorpsWeb, :view
+  use JaSerializer.PhoenixView
+
+  attributes [
+    :action, :event_type, :failure_reason, :github_delivery_id, :inserted_at,
+    :payload, :status, :updated_at
+  ]
+
+  def event_type(github_event, _conn) do
+    github_event.type
+  end
+end

lib/code_corps_web/views/github_event_view.ex

@@ -6,7 +6,7 @@ defmodule CodeCorpsWeb.UserView do
   use JaSerializer.PhoenixView
 
   attributes [
-    :biography, :cloudinary_public_id, :email, :first_name,
+    :admin, :biography, :cloudinary_public_id, :email, :first_name,
     :github_avatar_url, :github_id, :github_username, :intercom_user_hash,
     :inserted_at, :last_name, :name, :photo_large_url, :photo_thumb_url,
     :sign_up_context, :state, :state_transition, :twitter, :username,

lib/code_corps_web/views/user_view.ex

@@ -0,0 +1,29 @@
+defmodule CodeCorps.GithubEventPolicyTest do
+  use CodeCorps.PolicyCase
+
+  import CodeCorps.Policy.GithubEvent, only: [index?: 1, show?: 1]
+
+  describe "index" do
+    test "returns true when user is an admin" do
+      user = build(:user, admin: true)
+      assert index?(user)
+    end
+
+    test "returns false when user is not an admin" do
+      user = build(:user, admin: false)
+      refute index?(user)
+    end
+  end
+
+  describe "show" do
+    test "returns true when user is an admin" do
+      user = insert(:user, admin: true)
+      assert show?(user)
+    end
+
+    test "returns false when user is not an admin" do
+      user = insert(:user, admin: false)
+      refute show?(user)
+    end
+  end
+end

test/lib/code_corps/policy/github_event_test.exs

@@ -0,0 +1,118 @@
+defmodule CodeCorpsWeb.GithubEventControllerTest do
+  @moduledoc false
+
+  use CodeCorpsWeb.ApiCase, resource_name: :github_event
+  use CodeCorps.BackgroundProcessingCase
+
+  import CodeCorps.GitHub.TestHelpers
+
+  alias CodeCorps.GithubEvent
+
+  defp for_event(conn, type, id) do
+    conn
+    |> put_req_header("x-github-event", type)
+    |> put_req_header("x-github-delivery", id)
+  end
+
+  describe "index" do
+    @tag authenticated: :admin
+    test "paginates on index", %{conn: conn} do
+      [_github_event_1, github_event_2] = insert_pair(:github_event)
+
+      path = "github-events/?page[page]=2&page[page-size]=1"
+
+      conn
+        |> get(path)
+        |> json_response(200)
+        |> assert_ids_from_response([github_event_2.id])
+    end
+
+    @tag authenticated: :admin
+    test "lists all entries on index", %{conn: conn} do
+      [github_event_1, github_event_2] = insert_pair(:github_event)
+
+      conn
+        |> request_index
+        |> json_response(200)
+        |> assert_ids_from_response([github_event_1.id, github_event_2.id])
+    end
+
+    @tag authenticated: :admin
+    test "filters resources on index", %{conn: conn} do
+      [github_event_1, github_event_2 | _] = insert_list(3, :github_event)
+
+      path = "github-events/?filter[id]=#{github_event_1.id},#{github_event_2.id}"
+
+      conn
+      |> get(path)
+      |> json_response(200)
+      |> assert_ids_from_response([github_event_1.id, github_event_2.id])
+    end
+
+    test "renders 401 when unauthenticated", %{conn: conn} do
+      assert conn |> request_index() |> json_response(401)
+    end
+
+    @tag :authenticated
+    test "renders 403 when unauthorized", %{conn: conn} do
+      assert conn |> request_index() |> json_response(403)
+    end
+  end
+
+  describe "show" do
+    @tag authenticated: :admin
+    test "shows chosen resource", %{conn: conn} do
+      github_event = insert(:github_event)
+
+      conn
+      |> request_show(github_event)
+      |> json_response(200)
+      |> assert_id_from_response(github_event.id)
+    end
+
+    test "renders 401 when unauthenticated", %{conn: conn} do
+      github_event = insert(:github_event)
+      assert conn |> request_show(github_event) |> json_response(401)
+    end
+
+    @tag :authenticated
+    test "renders 403 when unauthorized", %{conn: conn} do
+      github_event = insert(:github_event)
+      assert conn |> request_show(github_event) |> json_response(403)
+    end
+  end
+
+  describe "create" do
+    @tag :github_webhook
+    test "responds with 200 for a supported event", %{conn: conn} do
+      path = conn |> github_events_path(:create)
+
+      payload = load_event_fixture("installation_created")
+      assert conn |> for_event("installation", "foo") |> post(path, payload) |> response(200)
+
+      wait_for_supervisor()
+
+      assert Repo.get_by(GithubEvent, github_delivery_id: "foo")
+    end
+
+    @tag :github_webhook
+    test "responds with 202 for an unsupported event", %{conn: conn} do
+      path = conn |> github_events_path(:create)
+      assert conn |> for_event("gollum", "foo") |> post(path, %{}) |> response(202)
+
+      wait_for_supervisor()
+
+      refute Repo.get_by(GithubEvent, github_delivery_id: "foo")
+    end
+
+    @tag :github_webhook
+    test "responds with 202 for an unknown event", %{conn: conn} do
+      path = conn |> github_events_path(:create)
+      assert conn |> for_event("unknown", "foo") |> post(path, %{}) |> response(202)
+
+      wait_for_supervisor()
+
+      refute Repo.get_by(GithubEvent, github_delivery_id: "foo")
+    end
+  end
+end