-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(tenants): expose booking limits in the API #164
Conversation
@@ -39,6 +39,22 @@ class Tenants < Application | |||
Tenant.find!(params["id"].to_i64).delete | |||
end | |||
|
|||
get "/current_limits", :current_limits do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is that route not exposed to all users? There isn't any auth or log in checks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would assume that the before_action :admin_only
applies to all routes in the controller, so I guess my question is, how do I exempt the route from that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh sorry missed that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
before_action :admin_only, except: :current_limits
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
@@ -1,7 +1,7 @@ | |||
class Tenants < Application | |||
base "/api/staff/v1/tenants" | |||
|
|||
before_action :admin_only | |||
before_action :admin_only, except: [:current_limits, :show_limits] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add a test for this to ensure any user can access
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How do I make a request as a normal user?
I noticed that all of the mock tokens have got permissions: UserJWT::Permissions::Admin
, so I tried creating one that was set to User
but that didn't make any difference.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably no need to test for this as it's being tested at the spider-gazelle level
src/controllers/bookings.cr
Outdated
@@ -81,8 +81,10 @@ class Bookings < Application | |||
booking.booked_by_name = user.name | |||
|
|||
# check concurrent bookings don't exceed booking limits | |||
booking_limits = check_booking_limits(tenant, booking) | |||
render :conflict, json: booking_limits if booking_limits | |||
unless query_params["limit_override"]? == "true" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As per the comment https://github.com/place-technology/suncorp-ntt/issues/175#issuecomment-1068824084
we want to allow a per-user custom limit using this param
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
limit_override
query param to Bookings #create and #update