Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat/job application show #35

Merged
merged 9 commits into from
Dec 12, 2024
Merged

Feat/job application show #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ed74152
Test: add HAPPY path test for show job application
kylomite Dec 9, 2024
7252f8a
Test: add test for SAD path for job application show
kylomite Dec 9, 2024
8b55bbf
Feat: add show method for job_applications
kylomite Dec 9, 2024
699dc2f
Refactor: add seed data for job applications
kylomite Dec 9, 2024
34a02ad
Docs: update read me
kylomite Dec 9, 2024
f337342
Refactor: handle edge case, missing param
kylomite Dec 9, 2024
63f3062
Docs: update read me
kylomite Dec 9, 2024
3d8d5a7
Refactor: incorperate auth
kylomite Dec 12, 2024
3f48bad
Refactor: align job app show with RESTful convention
kylomite Dec 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
146 changes: 90 additions & 56 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,31 +48,31 @@ Successful Response:
```
Status: 201 Created
Body: {
"data": {
"id": "4",
"type": "user",
"attributes": {
"name": "John Doe",
"email": "[email protected]"
}
"data": {
"id": "4",
"type": "user",
"attributes": {
"name": "John Doe",
"email": "[email protected]"
}
}
}
```

Error Responses:
```
Status: 400 Bad Request
Body: {
"message": "Email has already been taken",
"status": 400
"message": "Email has already been taken",
"status": 400
}
```

```
Status: 400 Bad Request
Body: {
"message": "Password confirmation doesn't match Password",
"status": 400
"message": "Password confirmation doesn't match Password",
"status": 400
}
```

Expand All @@ -86,25 +86,25 @@ Successful Response:
```
Status: 200 OK
Body: {
"data": [
{
"id": "1",
"type": "user",
"attributes": {
"name": "Danny DeVito",
"email": "danny_de_v"
}
},
...
{
"id": "4",
"type": "user",
"attributes": {
"name": "John Doe",
"email": "[email protected]"
}
}
]
"data": [
{
"id": "1",
"type": "user",
"attributes": {
"name": "Danny DeVito",
"email": "danny_de_v"
}
},
...
{
"id": "4",
"type": "user",
"attributes": {
"name": "John Doe",
"email": "[email protected]"
}
}
]
}
```

Expand All @@ -118,14 +118,14 @@ Successful Response:
```
Status: 200 OK
Body: {
"data": {
"id": "3",
"type": "user",
"attributes": {
"name": "Lionel Messi",
"email": "futbol_geek"
}
"data": {
"id": "3",
"type": "user",
"attributes": {
"name": "Lionel Messi",
"email": "futbol_geek"
}
}
}
```

Expand All @@ -147,30 +147,30 @@ Successful Response:
```
Status: 200 OK
Body: {
"data": {
"id": "4",
"type": "user",
"attributes": {
"name": "Nathan Fillon",
"email": "firefly_captian"
}
"data": {
"id": "4",
"type": "user",
"attributes": {
"name": "Nathan Fillon",
"email": "firefly_captian"
}
}
}
```
Error Responses:
```
Status: 400 Bad Request
Body: {
"message": "Email has already been taken",
"status": 400
"message": "Email has already been taken",
"status": 400
}
```

```
Status: 400 Bad Request
Body: {
"message": "Password confirmation doesn't match Password",
"status": 400
"message": "Password confirmation doesn't match Password",
"status": 400
}
```

Expand Down Expand Up @@ -313,21 +313,55 @@ Status: 200
:type=>"job_application",
:attributes=>
{:position_title=>"Jr. CTO",
:date_applied=>"2024-10-31",
:status=>1,
:notes=>"Fingers crossed!",
:job_description=>"Looking for Turing grad/jr dev to be CTO",
:application_url=>"www.example.com",
:contact_information=>"[email protected]",
:company_id=>35}}
}
:date_applied=>"2024-10-31",
:status=>1,
:notes=>"Fingers crossed!",
:job_description=>"Looking for Turing grad/jr dev to be CTO",
:application_url=>"www.example.com",
:contact_information=>"[email protected]",
:company_id=>35}}
}
```

Unsuccessful Response:
```
{:message=>"Company must exist and Position title can't be blank", :status=>400}
```

#### Get a Job Application
Request:
```
GET /api/v1/users/:user_id/job_applications/:job_application_id
```

Successful Response:
```
Status: 200 OK
{:data=>
{:id=>"4",
:type=>"job_application",
:attributes=>
{:position_title=>"Jr. CTO",
:date_applied=>"2024-10-31",
:status=>1,
:notes=>"Fingers crossed!",
:job_description=>"Looking for Turing grad/jr dev to be CTO",
:application_url=>"www.example.com",
:contact_information=>"[email protected]",
:company_id=>35}}
}
```

Unsuccessful Response(job application does not exist OR belongs to another user):
```
{:message=>"Job application not found", :status=>404}
```

Unsuccessful Response(missing job application ID param):
```
{:message=>"Job application ID is missing", :status=>400}
```

If the user is not authenticated:
```
{
Expand Down
19 changes: 19 additions & 0 deletions app/controllers/api/v1/job_applications_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,25 @@ def create
end
end

def show

if params[:id].blank?
render json: ErrorSerializer.format_error(ErrorMessage.new("Job application ID is missing", 400)), status: :bad_request
return
end
Comment on lines +18 to +21
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a nice addition to the show action. I noticed that you are grabbing the ID from the params, and not from the authentication token. I'm curious about this decision, as both the companies and contacts are collecting it from the token.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed that the JobApplications controller is not utilizing the authentication tokens or the authenticate_user method that has been defined in the ApplicationController. Other controllers in the application are using these for authentication, so I wanted to flag this for consistency and security purposes.

Could you clarify if this was intentional or an oversight? If it's an oversight, it might be worth adding the necessary authentication logic to ensure this controller aligns with the others. I'm curious to hear your thoughts!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At first I felt the need to address this refactor in this ticket. However, since the integration of gems related to authorization and authentication there has been a new ticket created (ticket #42) that was made for the express purpose of handling these types of refactors, that being said. I think we should merge the PR as it currently stands so it does not serve as a blocker for the person who will pick up the controller refactor ticket.


user = User.find(params[:user_id])
authorize user

job_application = JobApplication.find_by(id: params[:id])

if job_application.nil? || job_application.user_id != user.id
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would we want a different error if the user doesn't match?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kinda torn on this, Im not sure if the effort is worth the result, but i'm willing to hear out justifications. Feel free to post some in this thread if anyone is interested.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not 100% one way or the other, but clearer messages to the front is helpful and since a lack of job application is a slightly different error than an incorrect user id. They both result in the job application not working as intended, so I also see why one error for each does the job.

render json: ErrorSerializer.format_error(ErrorMessage.new("Job application not found", 404)), status: :not_found
else
render json: JobApplicationSerializer.new(job_application), status: :ok
end
end


def index
job_applications = @current_user.job_applications
Expand Down
14 changes: 11 additions & 3 deletions app/policies/job_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,18 @@ class JobPolicy < ApplicationPolicy
# code, beware of possible changes to the ancestors:
# https://gist.github.com/Burgestrand/4b4bc22f31c8a95c425fc0e30d7ef1f5

def index?
admin? || user == record
end

def show?
admin? || user == record
end

class Scope < ApplicationPolicy::Scope
# NOTE: Be explicit about which records you allow access to!
# def resolve
# scope.all
# end
def resolve
scope.all
end
end
end
2 changes: 1 addition & 1 deletion config/routes.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
namespace :v1 do
resources :users, only: [:create, :index, :show, :update] do

resources :job_applications, only: [:create, :index]
resources :job_applications, only: [:create, :index, :show]
resources :companies, only: [:create, :index]
resources :contacts, only: [:create, :index]

Expand Down
Loading