From 1484849cc7611d179375278cb1f97fb43bdf18b5 Mon Sep 17 00:00:00 2001
From: Nithin David Thomas <webofnithin@gmail.com>
Date: Tue, 9 Feb 2021 19:21:31 +0530
Subject: [PATCH] chore: Update method for team members (#1734)

Co-authored-by: Sojan Jose <sojan@pepalo.com>
---
 .../v1/accounts/inbox_members_controller.rb   |  7 ++--
 .../v1/accounts/team_members_controller.rb    | 25 +++++++++---
 app/models/team.rb                            |  9 +++++
 app/policies/team_member_policy.rb            |  4 ++
 config/routes.rb                              |  1 +
 .../accounts/team_members_controller_spec.rb  | 39 +++++++++++++++++++
 6 files changed, 76 insertions(+), 9 deletions(-)

diff --git a/app/controllers/api/v1/accounts/inbox_members_controller.rb b/app/controllers/api/v1/accounts/inbox_members_controller.rb
index fc960d9ec..f715c7040 100644
--- a/app/controllers/api/v1/accounts/inbox_members_controller.rb
+++ b/app/controllers/api/v1/accounts/inbox_members_controller.rb
@@ -22,9 +22,10 @@ class Api::V1::Accounts::InboxMembersController < Api::V1::Accounts::BaseControl
     # get the list of  user_ids from params
     # the missing ones are the agents which are to be deleted from the inbox
     # the new ones are the agents which are to be added to the inbox
-
-    agents_to_be_added_ids.each { |user_id| @inbox.add_member(user_id) }
-    agents_to_be_removed_ids.each { |user_id| @inbox.remove_member(user_id) }
+    ActiveRecord::Base.transaction do
+      agents_to_be_added_ids.each { |user_id| @inbox.add_member(user_id) }
+      agents_to_be_removed_ids.each { |user_id| @inbox.remove_member(user_id) }
+    end
   end
 
   def agents_to_be_added_ids
diff --git a/app/controllers/api/v1/accounts/team_members_controller.rb b/app/controllers/api/v1/accounts/team_members_controller.rb
index 0b1b8eac9..d7e17a687 100644
--- a/app/controllers/api/v1/accounts/team_members_controller.rb
+++ b/app/controllers/api/v1/accounts/team_members_controller.rb
@@ -8,25 +8,38 @@ class Api::V1::Accounts::TeamMembersController < Api::V1::Accounts::BaseControll
 
   def create
     ActiveRecord::Base.transaction do
-      @team_members = params[:user_ids].map { |user_id| create_team_member(user_id) }
+      @team_members = params[:user_ids].map { |user_id| @team.add_member(user_id) }
     end
   end
 
+  def update
+    ActiveRecord::Base.transaction do
+      members_to_be_added_ids.each { |user_id| @team.add_member(user_id) }
+      members_to_be_removed_ids.each { |user_id| @team.remove_member(user_id) }
+    end
+    @team_members = @team.members
+    render action: 'create'
+  end
+
   def destroy
     ActiveRecord::Base.transaction do
-      params[:user_ids].map { |user_id| remove_team_member(user_id) }
+      params[:user_ids].map { |user_id| @team.remove_member(user_id) }
     end
     head :ok
   end
 
   private
 
-  def create_team_member(user_id)
-    @team.team_members.find_or_create_by(user_id: user_id)&.user
+  def members_to_be_added_ids
+    params[:user_ids] - current_members_ids
   end
 
-  def remove_team_member(user_id)
-    @team.team_members.find_by(user_id: user_id)&.destroy
+  def members_to_be_removed_ids
+    current_members_ids - params[:user_ids]
+  end
+
+  def current_members_ids
+    @current_members_ids ||= @team.members.pluck(:id)
   end
 
   def fetch_team
diff --git a/app/models/team.rb b/app/models/team.rb
index ced73efdc..605267ce4 100644
--- a/app/models/team.rb
+++ b/app/models/team.rb
@@ -24,6 +24,7 @@ class Team < ApplicationRecord
 
   belongs_to :account
   has_many :team_members, dependent: :destroy
+  has_many :members, through: :team_members, source: :user
   has_many :conversations, dependent: :nullify
 
   validates :name,
@@ -34,4 +35,12 @@ class Team < ApplicationRecord
   before_validation do
     self.name = name.downcase if attribute_present?('name')
   end
+
+  def add_member(user_id)
+    team_members.find_or_create_by(user_id: user_id)&.user
+  end
+
+  def remove_member(user_id)
+    team_members.find_by(user_id: user_id)&.destroy
+  end
 end
diff --git a/app/policies/team_member_policy.rb b/app/policies/team_member_policy.rb
index bd943f80f..bb6a40a61 100644
--- a/app/policies/team_member_policy.rb
+++ b/app/policies/team_member_policy.rb
@@ -10,4 +10,8 @@ class TeamMemberPolicy < ApplicationPolicy
   def destroy?
     @account_user.administrator?
   end
+
+  def update?
+    @account_user.administrator?
+  end
 end
diff --git a/config/routes.rb b/config/routes.rb
index f78073eed..3603b5aef 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -102,6 +102,7 @@ Rails.application.routes.draw do
             resources :team_members, only: [:index, :create] do
               collection do
                 delete :destroy
+                patch :update
               end
             end
           end
diff --git a/spec/controllers/api/v1/accounts/team_members_controller_spec.rb b/spec/controllers/api/v1/accounts/team_members_controller_spec.rb
index d33b75f7f..6067ae1fb 100644
--- a/spec/controllers/api/v1/accounts/team_members_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/team_members_controller_spec.rb
@@ -105,4 +105,43 @@ RSpec.describe 'Team Members API', type: :request do
       end
     end
   end
+
+  describe 'PATCH /api/v1/accounts/{account.id}/teams/{team_id}/team_members' do
+    context 'when it is an unauthenticated user' do
+      it 'returns unauthorized' do
+        patch "/api/v1/accounts/#{account.id}/teams/#{team.id}/team_members"
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated user' do
+      let(:agent) { create(:user, account: account, role: :agent) }
+      let(:administrator) { create(:user, account: account, role: :administrator) }
+
+      it 'return unauthorized for agent' do
+        params = { user_id: agent.id }
+        patch "/api/v1/accounts/#{account.id}/teams/#{team.id}/team_members",
+              params: params,
+              headers: agent.create_new_auth_token,
+              as: :json
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'updates the team members when its administrator' do
+        user_ids = (1..5).map { create(:user, account: account, role: :agent).id }
+        params = { user_ids: user_ids }
+
+        patch "/api/v1/accounts/#{account.id}/teams/#{team.id}/team_members",
+              params: params,
+              headers: administrator.create_new_auth_token,
+              as: :json
+
+        expect(response).to have_http_status(:success)
+        json_response = JSON.parse(response.body)
+        expect(json_response.count).to eq(user_ids.count)
+      end
+    end
+  end
 end