kevinsivic/dawarich
1
0
Fork 0
mirror of https://github.com/Freika/dawarich.git synced 2026-01-11 09:41:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix family location sharing toggle

Browse source
This commit is contained in:
Eugene Burmakin 2025-11-16 13:06:31 +01:00
parent d1ffc15fea
commit 3a2dc1da5a
7 changed files with 223 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/assets/builds/tailwind.css
View file

File diff suppressed because one or more lines are too long

39
app/controllers/api/v1/families/locations_controller.rb Normal file
View file

@ -0,0 +1,39 @@
# frozen_string_literal: true
class Api::V1::Families::LocationsController < ApiController
before_action :ensure_family_feature_enabled!
# Skip API key auth for toggle action (use session auth instead for browser)
skip_before_action :authenticate_api_key, only: [:toggle]
before_action :authenticate_user!, only: [:toggle]
before_action :ensure_user_in_family!
def index
family_locations = Families::Locations.new(current_api_user).call
render json: {
locations: family_locations,
updated_at: Time.current.iso8601,
sharing_enabled: current_api_user.family_sharing_enabled?
}
end
def toggle
result = Families::UpdateLocationSharing.new(
user: current_user,
enabled: params[:enabled],
duration: params[:duration]
).call
render json: result.payload, status: result.status
end
private
def ensure_user_in_family!
user = action_name == 'toggle' ? current_user : current_api_user
return if user&.in_family?
render json: { error: 'User is not part of a family' }, status: :forbidden
end
end

12
app/controllers/api/v1/families_controller.rb
View file

@ -1,19 +1,11 @@
# frozen_string_literal: true # frozen_string_literal: true
# This controller is kept for future family-level API endpoints
# Location-specific endpoints have been moved to Api::V1::Families::LocationsController
class Api::V1::FamiliesController < ApiController class Api::V1::FamiliesController < ApiController
before_action :ensure_family_feature_enabled! before_action :ensure_family_feature_enabled!
before_action :ensure_user_in_family! before_action :ensure_user_in_family!
def locations
family_locations = Families::Locations.new(current_api_user).call
render json: {
locations: family_locations,
updated_at: Time.current.iso8601,
sharing_enabled: current_api_user.family_sharing_enabled?
}
end
private private
def ensure_user_in_family! def ensure_user_in_family!

14
app/controllers/families_controller.rb
View file

@ -3,7 +3,7 @@
class FamiliesController < ApplicationController class FamiliesController < ApplicationController
before_action :authenticate_user! before_action :authenticate_user!
before_action :ensure_family_feature_enabled! before_action :ensure_family_feature_enabled!
before_action :set_family, only: %i[show edit update destroy update_location_sharing] before_action :set_family, only: %i[show edit update destroy]
def show def show
authorize @family authorize @family
@ -76,18 +76,6 @@ class FamiliesController < ApplicationController
end end
end end
def update_location_sharing
authorize @family, :update_location_sharing?
result = Families::UpdateLocationSharing.new(
user: current_user,
enabled: params[:enabled],
duration: params[:duration]
).call
render json: result.payload, status: result.status
end
private private
def set_family def set_family

2
app/javascript/controllers/location_sharing_toggle_controller.js
View file

@ -62,7 +62,7 @@ export default class extends Controller {
try { try {
const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content'); const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
const response = await fetch(`/family/update_location_sharing`, { const response = await fetch(`/api/v1/families/locations/toggle`, {
method: 'PATCH', method: 'PATCH',
headers: { headers: {
'Accept': 'application/json', 'Accept': 'application/json',

10
config/routes.rb
View file

@ -60,8 +60,6 @@ Rails.application.routes.draw do
# Family management routes (only if feature is enabled) # Family management routes (only if feature is enabled)
if DawarichSettings.family_feature_enabled? if DawarichSettings.family_feature_enabled?
resource :family, only: %i[show new create edit update destroy] do resource :family, only: %i[show new create edit update destroy] do
patch :update_location_sharing, on: :member
resources :invitations, except: %i[edit update], controller: 'family/invitations' resources :invitations, except: %i[edit update], controller: 'family/invitations'
resources :members, only: %i[destroy], controller: 'family/memberships' resources :members, only: %i[destroy], controller: 'family/memberships'
end end
@ -171,9 +169,11 @@ Rails.application.routes.draw do
end end
end end
resources :families, only: [] do namespace :families do
collection do resources :locations, only: [:index] do
get :locations collection do
patch :toggle
end
end end
end end

174
spec/requests/api/v1/families/locations_spec.rb Normal file
View file

@ -0,0 +1,174 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Api::V1::Families::Locations', type: :request do
include ActiveSupport::Testing::TimeHelpers
let(:user) { create(:user) }
let(:other_user) { create(:user) }
let(:family) { create(:family, creator: user) }
let!(:user_membership) { create(:family_membership, user: user, family: family, role: :owner) }
describe 'GET /api/v1/families/locations' do
context 'with valid API key' do
before do
create(:family_membership, user: other_user, family: family, role: :member)
other_user.update_family_location_sharing!(true, duration: 'permanent')
end
it 'returns family member locations' do
get '/api/v1/families/locations', params: { api_key: user.api_key }
expect(response).to have_http_status(:ok)
json_response = JSON.parse(response.body)
expect(json_response).to have_key('locations')
expect(json_response).to have_key('updated_at')
expect(json_response).to have_key('sharing_enabled')
end
it 'includes sharing status' do
user.update_family_location_sharing!(true, duration: 'permanent')
get '/api/v1/families/locations', params: { api_key: user.api_key }
json_response = JSON.parse(response.body)
expect(json_response['sharing_enabled']).to be true
end
end
context 'without API key' do
it 'returns unauthorized' do
get '/api/v1/families/locations'
expect(response).to have_http_status(:unauthorized)
end
end
context 'with invalid API key' do
it 'returns unauthorized' do
get '/api/v1/families/locations', params: { api_key: 'invalid' }
expect(response).to have_http_status(:unauthorized)
end
end
context 'when user is not in a family' do
let(:solo_user) { create(:user) }
it 'returns forbidden' do
get '/api/v1/families/locations', params: { api_key: solo_user.api_key }
expect(response).to have_http_status(:forbidden)
json_response = JSON.parse(response.body)
expect(json_response['error']).to eq('User is not part of a family')
end
end
end
describe 'PATCH /api/v1/families/locations/toggle' do
before { sign_in user }
context 'with valid session authentication' do
context 'when enabling location sharing' do
around do |example|
travel_to(Time.zone.local(2024, 1, 1, 12, 0, 0)) { example.run }
end
it 'enables location sharing with duration' do
patch '/api/v1/families/locations/toggle',
params: { enabled: true, duration: '1h' },
as: :json
expect(response).to have_http_status(:ok)
json_response = JSON.parse(response.body)
expect(json_response['success']).to be true
expect(json_response['enabled']).to be true
expect(json_response['duration']).to eq('1h')
expect(json_response['message']).to eq('Location sharing enabled for 1 hour')
expect(json_response['expires_at']).to eq(1.hour.from_now.iso8601)
end
it 'enables location sharing permanently' do
patch '/api/v1/families/locations/toggle',
params: { enabled: true, duration: 'permanent' },
as: :json
expect(response).to have_http_status(:ok)
json_response = JSON.parse(response.body)
expect(json_response['success']).to be true
expect(json_response['enabled']).to be true
expect(json_response['duration']).to eq('permanent')
expect(json_response).not_to have_key('expires_at')
end
end
context 'when disabling location sharing' do
before do
user.update_family_location_sharing!(true, duration: '1h')
end
it 'disables location sharing' do
patch '/api/v1/families/locations/toggle',
params: { enabled: false },
as: :json
expect(response).to have_http_status(:ok)
json_response = JSON.parse(response.body)
expect(json_response['success']).to be true
expect(json_response['enabled']).to be false
expect(json_response['message']).to eq('Location sharing disabled')
end
end
context 'when user is not in a family' do
let(:solo_user) { create(:user) }
before do
sign_out user
sign_in solo_user
end
it 'returns forbidden' do
patch '/api/v1/families/locations/toggle',
params: { enabled: true, duration: '1h' },
as: :json
expect(response).to have_http_status(:forbidden)
json_response = JSON.parse(response.body)
expect(json_response['error']).to eq('User is not part of a family')
end
end
context 'when update fails' do
before do
allow_any_instance_of(User).to receive(:update_family_location_sharing!)
.and_raise(StandardError, 'Database error')
end
it 'returns internal server error' do
patch '/api/v1/families/locations/toggle',
params: { enabled: true, duration: '1h' },
as: :json
expect(response).to have_http_status(:internal_server_error)
json_response = JSON.parse(response.body)
expect(json_response['success']).to be false
expect(json_response['message']).to eq('An error occurred while updating location sharing')
end
end
end
context 'without authentication' do
before { sign_out user }
it 'returns unauthorized' do
patch '/api/v1/families/locations/toggle',
params: { enabled: true, duration: '1h' },
as: :json
expect(response).to have_http_status(:unauthorized)
end
end
end
end