Merge pull request #1276 from okriuchykhin/ok_SCI_2613

Add READ user endpoint [SCI-2613]

app/controllers/api/v1/users_controller.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    class UsersController < BaseController
+      before_action :load_user, only: :show
+
+      def show
+        render json: @user, serializer: UserSerializer
+      end
+
+      private
+
+      def load_user
+        @user = User.joins(:user_teams)
+                    .where('user_teams.team': current_user.teams)
+                    .find_by_id(params[:id])
+        return render json: {}, status: :forbidden unless @user
+      end
+    end
+  end
+end

app/serializers/api/v1/user_serializer.rb

@@ -0,0 +1,13 @@
+module Api
+  module V1
+    class UserSerializer < ActiveModel::Serializer
+      attributes :full_name, :initials, :email
+      attribute :avatar_file_name,
+                if: -> { object.avatar.present? } { object.avatar_file_name }
+      attribute :avatar_file_size,
+                if: -> { object.avatar.present? } { object.avatar.size }
+      attribute :avatar_url,
+                if: -> { object.avatar.present? } { object.avatar.url(:icon) }
+    end
+  end
+end

config/routes.rb

@@ -547,6 +547,8 @@ Rails.application.routes.draw do
             get 'items', to: 'inventory_items#index'
           end
         end
+        resources :users, only: %i(show) do
+        end
       end
     end
   end

spec/requests/api/v1/users_controller_spec.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Api::V1::UsersController', type: :request do
+  before :all do
+    @user1 = create(:user, email: Faker::Internet.unique.email)
+    @user2 = create(:user, email: Faker::Internet.unique.email)
+    @user3 = create(:user, email: Faker::Internet.unique.email)
+    @team1 = create(:team, created_by: @user1)
+    @team2 = create(:team, created_by: @user2)
+    @team3 = create(:team, created_by: @user3)
+    create(:user_team, user: @user1, team: @team1, role: 2)
+    create(:user_team, user: @user2, team: @team1, role: 2)
+    create(:user_team, user: @user2, team: @team2, role: 2)
+    create(:user_team, user: @user3, team: @team3, role: 2)
+    @valid_headers =
+      { 'Authorization': 'Bearer ' + generate_token(@user1.id) }
+  end
+
+  describe 'GET user, #show' do
+    it 'When valid request, requested user is member of the same teams' do
+      hash_body = nil
+      get api_v1_user_path(id: @user2.id), headers: @valid_headers
+      expect { hash_body = json }.not_to raise_exception
+      expect(hash_body[:data]).to match(
+        ActiveModelSerializers::SerializableResource
+          .new(@user2, serializer: Api::V1::UserSerializer)
+          .as_json[:data]
+      )
+    end
+
+    it 'When invalid request, requested user in not member of the same teams' do
+      hash_body = nil
+      get api_v1_user_path(id: @user3.id), headers: @valid_headers
+      expect(response).to have_http_status(403)
+      expect { hash_body = json }.not_to raise_exception
+      expect(hash_body).to match({})
+    end
+
+    it 'When invalid request, non existing user' do
+      hash_body = nil
+      get api_v1_user_path(id: 123), headers: @valid_headers
+      expect(response).to have_http_status(403)
+      expect { hash_body = json }.not_to raise_exception
+      expect(hash_body).to match({})
+    end
+  end
+end