quiz_api_client 4.2.0 → 4.4.0

data/spec/contracts/shared_banks_spec.rb

@@ -0,0 +1,366 @@
+PERMISSION_READ = 'read'.freeze
+PERMISSION_EDIT = 'edit'.freeze
+PERMISSION_REMOVED_ACCESS = 'removed_access'.freeze
+
+# These uuids are defined on the shared_provider_states.rb file in the quiz_api repo
+USER_1_UUID_FROM_QUIZ_API = 'd4614a35-a951-46e7-9b5e-48dbadc60158'.freeze
+USER_2_UUID_FROM_QUIZ_API = 'a51c9338-b5ee-4417-aaec-2561cb42f92e'.freeze
+USER_3_UUID_FROM_QUIZ_API = '71bf7db1-46bc-4769-a015-fa10819a2807'.freeze
+
+describe QuizApiClient::Services::SharedBanks, :pact do
+  include PactHelper
+
+  #
+  ## GET REQUESTS
+  #
+
+  # Owner of the bank, not shared calling GET shared_banks API
+  it_behaves_like 'a http get request to quiz_api collection endpoint' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to retrieve the list of shared banks' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+    let(:provider_state) { 'an user_1 item bank not shared' }
+    let(:scope) { 'quiz.build' }
+    let(:user) { USER_1_UUID_FROM_QUIZ_API }
+    let(:params) { { bank_id: 1 } }
+    # Returns an empty array
+    let(:response_body) { [] }
+  end
+
+  # Owner of the bank, shared with uuid_2, calling GET shared_bank API
+  it_behaves_like 'a http get request to quiz_api collection endpoint' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to get shared banks by bank owner' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:user) { USER_1_UUID_FROM_QUIZ_API }
+    let(:params) { { bank_id: 1 } }
+    let(:response_body) do
+      Pact.each_like(
+        id: Pact.like('1'),
+        bank_id: Pact.like('1'),
+        user_uuid: Pact.like(USER_2_UUID_FROM_QUIZ_API),
+        permission: PERMISSION_EDIT
+      )
+    end
+  end
+
+  # Not owner of the bank calling GET shared_bank API
+  it_behaves_like 'a http get request to quiz_api collection endpoint' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to get shared banks by shared user' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:user) { USER_2_UUID_FROM_QUIZ_API }
+    let(:params) { { bank_id: 1 } }
+    let(:response_body) do
+      Pact.each_like(
+        id: Pact.like('1'),
+        bank_id: Pact.like('1'),
+        user_uuid: Pact.like(USER_2_UUID_FROM_QUIZ_API),
+        permission: PERMISSION_EDIT
+      )
+    end
+  end
+
+  # User without permission on bank calling GET shared_bank API
+  it_behaves_like 'a http get request to quiz_api collection endpoint' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to get shared banks by an user without permissions' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:status) { 401 }
+    let(:user) { USER_3_UUID_FROM_QUIZ_API }
+    let(:params) { { bank_id: 1 } }
+    let(:response_body) { nil }
+  end
+
+  # Authorized user requesting an invalid bank
+  it_behaves_like 'a http get request to quiz_api collection endpoint' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to get shared banks of an invalid bank by an user' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2' }
+    let(:quizzes_api_path) { '/api/banks/22222/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:status) { 401 }
+    let(:user) { USER_2_UUID_FROM_QUIZ_API }
+    let(:params) { { bank_id: '22222' } }
+    let(:response_body) { nil }
+  end
+
+  # an authorized user using an deleted item bank ID,
+  it_behaves_like 'a http get request to quiz_api collection endpoint' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to get shared banks of a deleted bank by an authorized user' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2, then deleted the bank' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:status) { 401 }
+    let(:user) { USER_2_UUID_FROM_QUIZ_API }
+    let(:params) { { bank_id: '1' } }
+    let(:response_body) { nil }
+  end
+
+  # an user that is no longer active (commented out as there's currently no way of deactivating an user in quiz_api)
+  # it_behaves_like 'a http get request to quiz_api collection endpoint' do
+  #   let(:service_name) { :shared_banks }
+  #   let(:request_description) { 'a request to get shared banks of a deactivated user' }
+  #   let(:provider_state) { 'an user_1 item bank shared with user_2, then deactivated the user_2' }
+  #   let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+  #   let(:scope) { 'quiz.build' }
+  #   let(:status) { 403 }  # Changed as per conversation with @jcrystal
+  #   let(:user) { USER_2_UUID_FROM_QUIZ_API }
+  #   let(:params) { { bank_id: '1' } }
+  #   let(:response_body) { nil }
+  # end
+
+  #
+  ## POST REQUESTS
+  #
+
+  # Owner of the bank shares the bank with user_2
+  it_behaves_like 'a http post request to quiz_api' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to add an user to a shared bank' }
+    let(:provider_state) { 'an user_1 item bank not shared' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:user) { USER_1_UUID_FROM_QUIZ_API }
+    params = {
+      id: 1,
+      bank_id: 1,
+      user_uuid: USER_2_UUID_FROM_QUIZ_API,
+      permission: PERMISSION_EDIT
+    }
+    let(:params) do
+      params
+    end
+    let(:body) do
+      params
+    end
+    let(:response_body) do
+      {
+        id: Pact.like('1'),
+        bank_id: Pact.like('1'),
+        user_uuid: Pact.like(USER_2_UUID_FROM_QUIZ_API),
+        permission: PERMISSION_EDIT
+      }
+    end
+  end
+
+  # attempt to use an invalid permssion
+  it_behaves_like 'a http post request to quiz_api' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to add an user to a shared bank by a user with invalid permissions' }
+    let(:provider_state) { 'an user_1 item bank not shared' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:status) { 422 }
+    let(:user) { USER_1_UUID_FROM_QUIZ_API }
+    params = {
+      id: 1,
+      bank_id: 1,
+      user_uuid: USER_2_UUID_FROM_QUIZ_API,
+      permission: 'THIS_IS_INVALID'
+    }
+    let(:params) do
+      params
+    end
+    let(:body) do
+      params
+    end
+    let(:response_body) do
+      {
+        error: 'Validation failed: Permission is not included in the list',
+        errors: Pact.each_like(
+          error_type: Pact.like(''),
+          message: Pact.like('')
+        )
+      }
+    end
+  end
+
+  # User without permissions attempts to update the bank
+  it_behaves_like 'a http post request to quiz_api' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to add an user to a shared bank by a user without edit permissions' }
+    let(:provider_state) { 'an user_1 item bank not shared' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:status) { 401 }
+    let(:user) { USER_2_UUID_FROM_QUIZ_API }
+    params = {
+      id: 1,
+      bank_id: 1,
+      user_uuid: USER_2_UUID_FROM_QUIZ_API,
+      permission: PERMISSION_EDIT
+    }
+    let(:params) do
+      params
+    end
+    let(:body) do
+      params
+    end
+    let(:response_body) { nil }
+  end
+
+  # user_2 with edit permissions shares the bank
+  it_behaves_like 'a http post request to quiz_api' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to add an user to a shared bank by a user with edit permissions' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:user) { USER_2_UUID_FROM_QUIZ_API }
+    params = {
+      id: 1,
+      bank_id: 1,
+      user_uuid: USER_3_UUID_FROM_QUIZ_API,
+      permission: PERMISSION_EDIT
+    }
+    let(:params) do
+      params
+    end
+    let(:body) do
+      params
+    end
+    let(:response_body) do
+      {
+        id: Pact.like('1'),
+        bank_id: Pact.like('1'),
+        user_uuid: Pact.like(USER_2_UUID_FROM_QUIZ_API),
+        permission: PERMISSION_EDIT
+      }
+    end
+  end
+
+  # user_2 with edit permissions on one bank attempts to add themself to another bank
+  it_behaves_like 'a http post request to quiz_api' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a req to add an user to a bank by a user with edit permissions on a different bank' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2, user_3 with own bank' }
+    let(:quizzes_api_path) { '/api/banks/2/shared_banks' }
+    let(:scope) { 'quiz.build' }
+    let(:status) { 401 }
+    let(:user) { USER_2_UUID_FROM_QUIZ_API }
+    params = {
+      id: 1,
+      bank_id: 2,
+      user_uuid: USER_2_UUID_FROM_QUIZ_API,
+      permission: PERMISSION_EDIT
+    }
+    let(:params) do
+      params
+    end
+    let(:body) do
+      params
+    end
+    let(:response_body) { nil }
+  end
+
+  #
+  ## PUT REQUESTS
+  #
+
+  # a user removing permissions
+  it_behaves_like 'a http put request to quiz_api' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to update a shared bank' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks/1' }
+    let(:scope) { 'quiz.build' }
+    let(:user) { USER_1_UUID_FROM_QUIZ_API }
+    params = {
+      bank_id: 1,
+      shared_bank_id: 1,
+      user_uuid: USER_2_UUID_FROM_QUIZ_API,
+      permission: PERMISSION_REMOVED_ACCESS
+    }
+    let(:params) do
+      params
+    end
+    let(:body) do
+      tmp_body = params.clone
+      # shared_bank_id is not really a parameter so remove it
+      tmp_body.delete(:shared_bank_id)
+      tmp_body
+    end
+    let(:response_body) do
+      {
+        id: Pact.like('1'),
+        bank_id: Pact.like('1'),
+        user_uuid: Pact.like(USER_2_UUID_FROM_QUIZ_API),
+        permission: PERMISSION_REMOVED_ACCESS
+      }
+    end
+  end
+
+  # a user uses an invalid permission
+  it_behaves_like 'a http put request to quiz_api' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to update a shared bank with invalid permission' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2' }
+    let(:quizzes_api_path) { '/api/banks/1/shared_banks/1' }
+    let(:scope) { 'quiz.build' }
+    let(:status) { 422 }
+    let(:user) { USER_1_UUID_FROM_QUIZ_API }
+    params = {
+      bank_id: 1,
+      shared_bank_id: 1,
+      user_uuid: USER_2_UUID_FROM_QUIZ_API,
+      permission: 'THIS_IS_INVALID'
+    }
+    let(:params) do
+      params
+    end
+    let(:body) do
+      tmp_body = params.clone
+      # shared_bank_id is not really a parameter so remove it
+      tmp_body.delete(:shared_bank_id)
+      tmp_body
+    end
+    let(:response_body) do
+      {
+        errors: {}
+      }
+    end
+  end
+
+  # a user with edit permissions on antoher bank try to update permissions
+  it_behaves_like 'a http put request to quiz_api' do
+    let(:service_name) { :shared_banks }
+    let(:request_description) { 'a request to update a shared bank by a user with permissions on a different bank' }
+    let(:provider_state) { 'an user_1 item bank shared with user_2, user_3 with own bank' }
+    let(:quizzes_api_path) { '/api/banks/2/shared_banks/2' }
+    let(:scope) { 'quiz.build' }
+    let(:status) { 401 }
+    let(:user) { USER_2_UUID_FROM_QUIZ_API }
+    params = {
+      bank_id: 2,
+      shared_bank_id: 2,
+      user_uuid: USER_2_UUID_FROM_QUIZ_API,
+      permission: PERMISSION_EDIT
+    }
+    let(:params) do
+      params
+    end
+    let(:body) do
+      tmp_body = params.clone
+      # shared_bank_id is not really a parameter so remove it
+      tmp_body.delete(:shared_bank_id)
+      tmp_body
+    end
+    let(:response_body) do
+      {
+        error: 'Invalid Auth Action: auth action failed user_can_edit_bank?',
+        errors: Pact.each_like(
+          error_type: Pact.like(''),
+          message: Pact.like('')
+        )
+      }
+    end
+  end
+end

data/spec/contracts/shared_examples/http_delete_example.rb

@@ -0,0 +1,56 @@
+shared_examples 'a http delete request to quiz_api' do
+  let(:quizzes_api_path) { raise 'Override in spec' }
+  let(:consumer_key) { 'consumer key' }
+  let(:consumer_request_id) { 'consumer request id' }
+  let(:host) { 'localhost:1234' }
+  let(:shared_secret) { 'secret' }
+  let(:scope) { raise 'Override in spec' }
+  let(:user) { nil }
+  let(:resource_id) { nil }
+  let(:response_body) { nil }
+  let(:service_name) { raise 'Override in spec' }
+  let(:status) { 204 }
+  let(:provider_state) { raise 'Override in spec' }
+  let(:params) { raise 'Override in spec' }
+  let(:request_description) { raise 'Override in spec (must be unique!)' }
+
+  let(:client) do
+    QuizApiClient::Client.new(
+      consumer_key: consumer_key,
+      consumer_request_id: consumer_request_id,
+      host: host,
+      shared_secret: shared_secret,
+      protocol: 'http'
+    )
+  end
+
+  context 'deleting a resource' do
+    let(:token) do
+      client.jwt_service.grant_permission(
+        exp: token_expiration_one_year,
+        scope: scope,
+        uuid: user,
+        resource_id: resource_id
+      )
+    end
+
+    before do
+      response = { status: status }
+      response[:body] = response_body if response_body
+      quiz_api
+        .given(provider_state)
+        .upon_receiving(request_description)
+        .with(
+          method: :delete,
+          path: quizzes_api_path,
+          headers: headers(token)
+        )
+        .will_respond_with(response)
+    end
+
+    it 'verifies the request is valid' do
+      result = client.send(service_name).destroy(token: token, params: params)
+      expect(result).to be_truthy
+    end
+  end
+end

data/spec/contracts/shared_examples/http_get_example.rb

@@ -0,0 +1,139 @@
+shared_context 'http get' do
+  let(:quizzes_api_path) { raise 'Override in spec' }
+  let(:consumer_key) { 'consumer key' }
+  let(:consumer_request_id) { 'consumer request id' }
+  let(:host) { 'localhost:1234' }
+  let(:shared_secret) { 'secret' }
+  let(:scope) { raise 'Override in spec' }
+  let(:resource_id) { nil }
+  let(:response_headers) { { 'Content-Type' => 'application/json; charset=utf-8' } }
+  let(:response_body) { raise 'Override in spec' }
+  let(:service_name) { raise 'Override in spec' }
+  let(:status) { 200 }
+  let(:provider_state) { raise 'Override in spec' }
+  let(:user) { nil }
+  let(:params) { raise 'Override in spec' }
+  let(:query_params) { {} }
+  let(:request_description) { raise 'Override in spec (must be unique!)' }
+
+  let(:client) do
+    QuizApiClient::Client.new(
+      consumer_key: consumer_key,
+      consumer_request_id: consumer_request_id,
+      host: host,
+      shared_secret: shared_secret,
+      protocol: 'http'
+    )
+  end
+end
+
+shared_examples 'a http get request to quiz_api' do
+  include_context 'http get'
+
+  context 'retrieving a single resource' do
+    let(:token) do
+      client.jwt_service.grant_permission(
+        exp: token_expiration_one_year,
+        scope: scope,
+        uuid: user,
+        resource_id: resource_id
+      )
+    end
+
+    before do
+      quiz_api
+        .given(provider_state)
+        .upon_receiving(request_description)
+        .with(
+          method: :get,
+          path: quizzes_api_path,
+          headers: headers(token),
+          query: query_params
+        )
+        .will_respond_with(
+          status: status,
+          headers: response_headers,
+          body: response_body
+        )
+    end
+
+    it 'verifies the request is valid' do
+      result = client.send(service_name).show(token: token, params: params)
+      expect(result).to be_truthy
+    end
+  end
+end
+
+shared_examples 'a http get request to quiz_api collection endpoint' do
+  include_context 'http get'
+
+  context 'retrieving a list of resources' do
+    let(:token) do
+      client.jwt_service.grant_permission(
+        exp: token_expiration_one_year,
+        scope: scope,
+        uuid: user,
+        resource_id: resource_id
+      )
+    end
+
+    before do
+      quiz_api
+        .given(provider_state)
+        .upon_receiving(request_description)
+        .with(
+          method: :get,
+          path: quizzes_api_path,
+          headers: headers(token),
+          query: query_params
+        )
+        .will_respond_with(
+          status: status,
+          headers: response_headers,
+          body: response_body
+        )
+    end
+
+    it 'verifies the request is valid' do
+      result = client.send(service_name).list(token: token, params: params)
+      expect(result).to be_truthy
+    end
+  end
+end
+
+shared_examples 'a http get only request to quiz_api' do
+  include_context 'http get'
+
+  context 'retrieving a single resource' do
+    let(:token) do
+      client.jwt_service.grant_permission(
+        exp: token_expiration_one_year,
+        scope: scope,
+        uuid: user,
+        resource_id: resource_id
+      )
+    end
+
+    before do
+      quiz_api
+        .given(provider_state)
+        .upon_receiving(request_description)
+        .with(
+          method: :get,
+          path: quizzes_api_path,
+          headers: headers(token),
+          query: query_params
+        )
+        .will_respond_with(
+          status: status,
+          headers: response_headers,
+          body: response_body
+        )
+    end
+
+    it 'verifies the request is valid' do
+      result = client.send(service_name).get(token: token, params: params)
+      expect(result).to be_truthy
+    end
+  end
+end

data/spec/contracts/shared_examples/http_patch_example.rb

@@ -0,0 +1,60 @@
+shared_examples 'a http patch request to quiz_api' do
+  let(:quizzes_api_path) { raise 'Override in spec' }
+  let(:consumer_key) { 'consumer key' }
+  let(:consumer_request_id) { 'consumer request id' }
+  let(:host) { 'localhost:1234' }
+  let(:shared_secret) { 'secret' }
+  let(:scope) { raise 'Override in spec' }
+  let(:user) { nil }
+  let(:resource_id) { nil }
+  let(:response_body) { raise 'Override in spec' }
+  let(:service_name) { raise 'Override in spec' }
+  let(:status) { 200 }
+  let(:provider_state) { raise 'Override in spec' }
+  let(:params) { raise 'Override in spec' }
+  let(:body) { raise 'Override in spec' }
+  let(:request_description) { raise 'Override in spec (must be unique!)' }
+
+  let(:client) do
+    QuizApiClient::Client.new(
+      consumer_key: consumer_key,
+      consumer_request_id: consumer_request_id,
+      host: host,
+      shared_secret: shared_secret,
+      protocol: 'http'
+    )
+  end
+
+  context 'updating a resource' do
+    let(:token) do
+      client.jwt_service.grant_permission(
+        exp: token_expiration_one_year,
+        scope: scope,
+        uuid: user,
+        resource_id: resource_id
+      )
+    end
+
+    before do
+      quiz_api
+        .given(provider_state)
+        .upon_receiving(request_description)
+        .with(
+          method: :patch,
+          path: quizzes_api_path,
+          headers: headers(token),
+          body: body
+        )
+        .will_respond_with(
+          status: status,
+          headers: { 'Content-Type' => 'application/json; charset=utf-8' },
+          body: response_body
+        )
+    end
+
+    it 'verifies the request is valid' do
+      result = client.send(service_name).update(token: token, params: params)
+      expect(result).to be_truthy
+    end
+  end
+end

data/spec/contracts/shared_examples/http_post_example.rb

@@ -0,0 +1,68 @@
+shared_examples 'a http post request to quiz_api' do
+  let(:quizzes_api_path) { raise 'Override in spec' }
+  let(:consumer_key) { 'consumer key' }
+  let(:consumer_request_id) { 'consumer request id' }
+  let(:host) { 'localhost:1234' }
+  let(:shared_secret) { 'secret' }
+  let(:scope) { raise 'Override in spec' }
+  let(:user) { nil }
+  let(:resource_id) { nil }
+  let(:response_body) { raise 'Override in spec' }
+  let(:service_name) { raise 'Override in spec' }
+  let(:status) { 201 }
+  let(:provider_state) { raise 'Override in spec' }
+  let(:params) { raise 'Override in spec' }
+  let(:body) { raise 'Override in spec' }
+  let(:request_description) { raise 'Override in spec (must be unique!)' }
+  let(:batch) { false }
+
+  let(:client) do
+    QuizApiClient::Client.new(
+      consumer_key: consumer_key,
+      consumer_request_id: consumer_request_id,
+      host: host,
+      shared_secret: shared_secret,
+      protocol: 'http'
+    )
+  end
+
+  context 'creating a new resource' do
+    let(:token) do
+      client.jwt_service.grant_permission(
+        exp: token_expiration_one_year,
+        scope: scope,
+        uuid: user,
+        resource_id: resource_id
+      )
+    end
+
+    before do
+      quiz_api
+        .given(provider_state)
+        .upon_receiving(request_description)
+        .with(
+          method: :post,
+          path: quizzes_api_path,
+          headers: headers(token),
+          body: body
+        )
+        .will_respond_with(
+          status: status,
+          headers: { 'Content-Type' => 'application/json; charset=utf-8' },
+          body: response_body
+        )
+    end
+
+    it 'verifies the request is valid' do
+      service = client.send(service_name)
+
+      result = if batch
+        service.create_batch(token: token, body: params)
+      else
+        service.create(token: token, params: params)
+      end
+
+      expect(result).to be_truthy
+    end
+  end
+end