Merge branch 'HER-32-remove-jwt-at-unauthorized-response' of https://…

…github.com/Code-the-Dream-School/herring-team-3 into HER-32-remove-jwt-at-unauthorized-response

.gitignore

@@ -16,6 +16,7 @@
 /tmp/*
 !/log/.keep
 !/tmp/.keep
+/temp/
 
 # Ignore pidfiles, but keep the directory.
 /tmp/pids/*

Gemfile

@@ -44,7 +44,7 @@ group :development, :test do
   gem "shoulda-matchers"
 
   # Static analysis for security vulnerabilities [https://brakemanscanner.org/]
-  gem "brakeman", require: false
+  gem "brakeman", "7.0.0", require: false
 
   # Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/]
   gem "rubocop-rails-omakase", require: false

Gemfile.lock

@@ -82,7 +82,7 @@ GEM
     bigdecimal (3.1.8)
     bootsnap (1.18.4)
       msgpack (~> 1.2)
-    brakeman (6.2.2)
+    brakeman (7.0.0)
       racc
     builder (3.3.0)
     cancancan (3.6.1)
@@ -305,7 +305,7 @@ GEM
       dry-configurable (>= 0.13, < 2)
       jwt (~> 2.1)
       warden (~> 1.2)
-    webrick (1.8.1)
+    webrick (1.9.1)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -330,7 +330,7 @@ PLATFORMS
 DEPENDENCIES
   active_model_serializers
   bootsnap
-  brakeman
+  brakeman (= 7.0.0)
   cancancan
   debug
   devise

README.md

@@ -165,12 +165,11 @@ erDiagram
 
     ORDERS {
         int id PK
+        int address_id FK
         int kit_id FK
         int user_id FK
         varchar school_year
         varchar phone
-        varchar school_name
-        varchar school_address
         text comments
         datetime created_at
         datetime updated_at

app/controllers/admin/users_controller.rb

@@ -23,6 +23,10 @@ def set_user
     @user = User.find(params[:id])
   end
 
+  def user_params
+    params.require(:user).permit(:first_name, :last_name, :email, :profile_image)
+  end
+
   def admin_user_params
       params.require(:user).permit(:first_name, :last_name, :role)
   end

app/controllers/api/v1/addresses_controller.rb

@@ -0,0 +1,41 @@
+class Api::V1::AddressesController < ApplicationController
+  before_action :set_addressable
+
+  def create
+    @address = @addressable.addresses.build(address_params)
+    if @address.save
+      render json: @address, status: :created
+    else
+      render json: @address.errors, status: :unprocessable_entity
+    end
+  end
+
+  def update
+    @address = @addressable.addresses.find(params[:id])
+    if @address.update(address_params)
+      render json: @address, status: :ok
+    else
+      render json: @address.errors, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    @address = @addressable.addresses.find(params[:id])
+    @address.destroy
+    head :no_content
+  end
+
+  private
+
+  def set_addressable
+    @addressable = if params[:user_id]
+      User.find(params[:user_id])
+    elsif params[:organization_id]
+      Organization.find(params[:organization_id])
+    end
+  end
+
+  def address_params
+    params.require(:address).permit(:street_address, :city, :state, :postal_code, :save_to_user)
+  end
+end

app/controllers/api/v1/availabilities_controller.rb

@@ -0,0 +1,96 @@
+class Api::V1::AvailabilitiesController < ApplicationController
+  before_action :set_availability, only: [ :show, :update, :destroy ]
+
+  def index
+    # This shows the availabilities including recurring availabilities for the month
+    # and year sent in the request from the frontend or a default month and year.
+
+    viewing_month = params[:month].to_i || Date.today.month
+    viewing_year = params[:year].to_i || Date.today.year
+    start_date = Date.new(viewing_year, viewing_month, 1)
+    end_date = start_date.end_of_month
+
+    puts "Received Year: #{params[:year]}, Month: #{params[:month]}"  # Debugging the incoming params
+
+    # Debugging the parsed values of year and month
+    puts "Parsed Year: #{viewing_year}, Month: #{viewing_month}"
+
+    # Handling cases where the month or year might be invalid (e.g., 0 or nil)
+    if viewing_month == 0 || viewing_year == 0
+      puts "Invalid date parameters, setting to current date."  # Debugging invalid date handling
+      viewing_month = Date.today.month
+      viewing_year = Date.today.year
+    end
+
+    # Debugging the final year and month values used for date calculation
+    puts "Final Year: #{viewing_year}, Month: #{viewing_month}"
+
+    begin
+      # Create start and end date for the requested month and year
+      start_date = DateTime.new(viewing_year, viewing_month, 1).beginning_of_day
+      end_date = start_date.end_of_month.end_of_day
+      puts "Start Date: #{start_date}, End Date: #{end_date}"  # Debugging start and end dates
+    rescue => e
+      # Catch any errors related to invalid date creation and log them
+      puts "Error creating start or end date: #{e.message}"
+    end
+
+    # Trigger the job to create next month's availabilities if needed
+    trigger_recurring_availability_job(viewing_month, viewing_year)
+
+    # Fetch the availabilities within the specified date range
+    @availabilities = Availability.where(start_time: start_date..end_date)
+    render json: @availabilities
+  end
+
+
+  def show
+    render json: @availability
+  end
+
+  def create
+    @availability = Availability.new(availability_params)
+
+    if @availability.save
+      render json: @availability, status: :created
+    else
+      render json: { errors: @availability.errors.full_messages }, status: :unprocessable_entity
+    end
+  end
+
+  def update
+    if @availability.update(availability_params)
+      render json: @availability, status: :ok
+    else
+      puts @availability.errors.full_messages  # Add this line to log validation errors
+      render json: { errors: @availability.errors.full_messages }, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    @availability.destroy
+    head :no_content
+  end
+
+  private
+
+  def set_availability
+    @availability = Availability.find(params[:id])
+  rescue ActiveRecord::RecordNotFound
+    render json: { error: "Availability not found" }, status: :not_found
+  end
+
+  def availability_params
+    params.require(:availability).permit(:start_time, :end_time, :speaker_id, :recurring_availability_id)
+  end
+
+  def trigger_recurring_availability_job(viewing_month, viewing_year)
+    # Calculate the next month and year based on the viewing month and year
+    next_month_date = Date.new(viewing_year, viewing_month, 1).next_month
+    next_month = next_month_date.month
+    next_year = next_month_date.year
+
+    # Trigger the job for the next month
+    RecurringAvailabilityJob.perform_later(next_month, next_year)
+  end
+end

app/controllers/api/v1/bookings_controller.rb

@@ -0,0 +1,37 @@
+class Api::V1::BookingsController < ApplicationController
+  load_and_authorize_resource
+
+  def index
+    @bookings = Booking.accessible_by(current_ability)
+    render json: @bookings
+  end
+
+  def show
+    render json: @booking
+  end
+
+  def create
+    @booking = Booking.new(booking_params)
+    @booking.user = current_user
+
+    if @booking.save
+      render json: @booking, status: :created
+    else
+      render json: @booking.errors, status: :unprocessable_entity
+    end
+  end
+
+  def update
+    if @booking.update(booking_params)
+      render json: @booking
+    else
+      render json: @booking.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def booking_params
+    params.require(:booking).permit(:event_id, :availability_id, :start_time, :end_time, :status)
+  end
+end

app/controllers/api/v1/events_controller.rb

@@ -0,0 +1,44 @@
+class Api::V1::EventsController < ApplicationController
+  before_action :set_event, only: [ :show, :update, :destroy ]
+
+  def index
+    @events = Event.all
+    render json: @events
+  end
+
+  def show
+    render json: @event
+  end
+
+  def create
+    @event = Event.new(event_params)
+    if @event.save
+      render json: @event, status: :created
+    else
+      render json: @event.errors, status: :unprocessable_entity
+    end
+  end
+
+  def update
+    if @event.update(event_params)
+      render json: @event
+    else
+      render json: @event.errors, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    @event.destroy
+    head :no_content
+  end
+
+  private
+
+  def set_event
+    @event = Event.find(params[:id])
+  end
+
+  def event_params
+    params.require(:event).permit(:speaker_id, :title, :description, :duration)
+  end
+end

app/controllers/api/v1/orders_controller.rb

@@ -1,5 +1,6 @@
 class Api::V1::OrdersController < ApplicationController
   load_and_authorize_resource
+  before_action :authenticate_user!
 
   # GET /api/v1/orders
   def index
@@ -8,12 +9,18 @@ def index
 
   # POST /api/v1/orders
   def create
-    @order.user = current_user # Automatically associate user
+    @order = Order.new(order_params)
 
+    @order.user = current_user
     if @order.save
-      render json: @order, status: :created
+      @user = current_user
+      @user.reload  # Reload the user to get the updated list of addresses
+      @addresses = @user.addresses  # Get the addresses after reload
+
+      render json: { order: @order, addresses: @addresses }, status: :created
+      associate_address_with_user(@order)
     else
-      render json: { errors: @order.errors.full_messages }, status: :unprocessable_entity
+      render json: @order.errors, status: :unprocessable_entity
     end
   end
 
@@ -25,9 +32,10 @@ def show
   # PATCH/PUT /api/v1/orders/:id
   def update
     if @order.update(order_params)
+      associate_address_with_user(@order)
       render json: @order, status: :ok
     else
-      render json: { errors: @order.errors.full_messages }, status: :unprocessable_entity
+      render json: @order.errors, status: :unprocessable_entity
     end
   end
 
@@ -40,7 +48,22 @@ def destroy
 
   private
 
+  def set_order
+    @order = Order.find(params[:id])
+  end
+
   def order_params
-    params.require(:order).permit(:phone, :school_name, :school_address, :school_year, :kit_id, :comments)
+    params.require(:order).permit(:user_id, :phone, :school_year, :product_id, :product_type, :address_id, :comments, address_attributes: [ :id, :street_address, :city, :state, :postal_code, :save_to_user, :addressable_type, :addressable_id, :_destroy ])
+  end
+
+  def associate_address_with_user(order)
+    if order.address && order.user
+      # Add a condition to check if the address should be saved to user
+      if order.address.save_to_user
+        unless order.user.addresses.exists?(order.address.id)
+          order.user.addresses << order.address
+        end
+      end
+    end
   end
 end

app/controllers/api/v1/users_controller.rb

@@ -6,7 +6,7 @@ class Api::V1::UsersController < ApplicationController
   # GET /api/v1/users
   def index
     @users = User.all
-    render json: @users
+    render json: UserSerializer.new(@users).serializable_hash.to_json
   end
 
   # GET /api/v1/users/1
@@ -31,7 +31,8 @@ def destroy
 
   # Add profile action and pass current_user as params
   def profile
-    render json: UserProfileSerializer.new(current_user)
+    @user = User.find(params[:id])
+    render json: UserProfileSerializer.new(@user).serializable_hash
   end
 
   private
@@ -41,6 +42,6 @@ def set_user
   end
 
   def user_params
-    params.require(:user).permit(:first_name, :last_name)
+    params.require(:user).permit(:first_name, :last_name, :bio, :profile_image, :organization_id)
   end
 end

app/controllers/current_user_controller.rb

@@ -2,7 +2,7 @@ class CurrentUserController < ApplicationController
   before_action :authenticate_user!
 
   # If a user is authenticated, they are set as the current user.
-  def index
+  def show
     render json: UserSerializer.new(current_user).serializable_hash[:data][:attributes], status: :ok
   end
 end