BE User's Weekly Dashboard

README.md

@@ -716,6 +716,124 @@ Response: 422 Unprocessable Entity
     "error": "Phone number must be in the format '555-555-5555'"
 }
 ```
+### User Dashboard
+
+Get login credentials: <br>
+`Refer to Companies "Get login credentials" above`
+
+**Make sure to not only create/login a user, but to have that user also create a Company/Job Application/Contact for your Postman scripts.  Refer to above endpoints to do so and make sure that user is the one creating the other resources**
+
+#### Get Dashboard
+Request:
+
+```
+GET /api/v1/users/:user_id/dashboard
+
+Authorization: Bearer Token - put in token for user
+```
+Successful Response:
+
+```
+{
+    "data": {
+        "id": "5",
+        "type": "dashboard",
+        "attributes": {
+            "id": 5,
+            "name": "Danny DeVito",
+            "email": "[email protected]",
+            "dashboard": {
+                "weekly_summary": {
+                    "job_applications": [
+                        {
+                            "id": 1,
+                            "position_title": "Jr. CTO",
+                            "date_applied": "2024-10-31",
+                            "status": 1,
+                            "notes": "Fingers crossed!",
+                            "job_description": "Looking for Turing grad/jr dev to be CTO",
+                            "application_url": "www.example.com",
+                            "contact_information": "[email protected]",
+                            "created_at": "2024-12-14T17:20:41.979Z",
+                            "updated_at": "2024-12-14T17:20:41.979Z",
+                            "company_id": 1,
+                            "user_id": 5
+                        },
+                        {
+                            "id": 2,
+                            "position_title": " CTO",
+                            "date_applied": "2024-10-31",
+                            "status": 2,
+                            "notes": "Fingers crossed!",
+                            "job_description": "Looking for Turing grad/jr dev to be CTO",
+                            "application_url": "www.testexample.com",
+                            "contact_information": "[email protected]",
+                            "created_at": "2024-12-14T17:37:28.465Z",
+                            "updated_at": "2024-12-14T17:37:28.465Z",
+                            "company_id": 2,
+                            "user_id": 5
+                        }
+                    ],
+                    "contacts": [
+                        {
+                            "id": 1,
+                            "first_name": "Jonny",
+                            "last_name": "Smith",
+                            "email": "[email protected]",
+                            "phone_number": "555-785-5555",
+                            "notes": "Good contact for XYZ",
+                            "created_at": "2024-12-14T17:55:21.875Z",
+                            "updated_at": "2024-12-14T17:55:21.875Z",
+                            "user_id": 5,
+                            "company_id": 1
+                        },
+                        {
+                            "id": 2,
+                            "first_name": "Josnny",
+                            "last_name": "Smsith",
+                            "email": "[email protected]",
+                            "phone_number": "555-785-5555",
+                            "notes": "Good contact for XYZ",
+                            "created_at": "2024-12-15T01:57:14.557Z",
+                            "updated_at": "2024-12-15T01:57:14.557Z",
+                            "user_id": 5,
+                            "company_id": 1
+                        }
+                    ],
+                    "companies": [
+                        {
+                            "id": 1,
+                            "user_id": 5,
+                            "name": "New Company",
+                            "website": "www.company.com",
+                            "street_address": "123 Main St",
+                            "city": "New York",
+                            "state": "NY",
+                            "zip_code": "10001",
+                            "notes": "This is a new company.",
+                            "created_at": "2024-12-14T17:20:10.909Z",
+                            "updated_at": "2024-12-14T17:20:10.909Z"
+                        },
+                        {
+                            "id": 2,
+                            "user_id": 5,
+                            "name": "New Company1",
+                            "website": "www.company1.com",
+                            "street_address": "1231 Main St",
+                            "city": "New York",
+                            "state": "NY",
+                            "zip_code": "10001",
+                            "notes": "This is a new company1.",
+                            "created_at": "2024-12-14T17:37:24.153Z",
+                            "updated_at": "2024-12-14T17:37:24.153Z"
+                        }
+                    ]
+                }
+            }
+        }
+    }
+}
+```
 
 # Authentication, User Roles, and Authorization
 

app/controllers/api/v1/contacts_controller.rb

@@ -4,6 +4,7 @@ class ContactsController < ApplicationController
       before_action :authenticate_user
 
       def index
+				authorize Contact
         contacts = @current_user.contacts
         if contacts.empty?
           render json: { data: [], message: "No contacts found" }, status: :ok
@@ -13,6 +14,7 @@ def index
       end
 
 			def create 
+				authorize Contact
 				contact = @current_user.contacts.new(contact_params)
 				if contact.save
 					render json: ContactsSerializer.new(contact), status: :created

app/controllers/api/v1/dashboards_controller.rb

@@ -0,0 +1,9 @@
+class Api::V1::DashboardsController < ApplicationController
+  before_action :authenticate_user
+
+  def show
+    user = current_user
+    authorize user
+    render json: DashboardSerializer.new(user), status: :ok
+  end
+end

app/controllers/api/v1/job_applications_controller.rb

@@ -2,7 +2,7 @@ class Api::V1::JobApplicationsController < ApplicationController
   before_action :authenticate_user
 
   def create
-    user = User.find(params[:user_id])
+    user = authorize User.find(params[:user_id])
 
     job_application = user.job_applications.build(job_application_params)
 
@@ -34,9 +34,11 @@ def show
 
 
   def index
-    job_applications = @current_user.job_applications 
+    authorize JobApplication
+    job_applications = policy_scope(JobApplication)
     render json: JobApplicationSerializer.new(job_applications), status: :ok
   end
+
   private
 
   def job_application_params

app/controllers/api/v1/users_controller.rb

@@ -1,9 +1,11 @@
 module Api
   module V1
     class UsersController < ApplicationController
+
       def create
-        authorize User
         user = User.new(user_params)
+        authorize user
+
         if user.save
           render json: UserSerializer.new(user), status: :created
         else
@@ -19,7 +21,6 @@ def index
 
       def show
         @user = authorize User.find(params[:id])
-
         render json: UserSerializer.new(User.find(params[:id]))
       end
 

app/controllers/application_controller.rb

@@ -2,7 +2,7 @@ class ApplicationController < ActionController::API
   include Pundit::Authorization
   after_action :verify_authorized
 
-  # temporary current_user testing stub until we add in authentication
+
   def current_user
     @current_user ||= self.authenticate_user
   end

app/models/company.rb

@@ -1,6 +1,9 @@
 class Company < ApplicationRecord
   rolify strict: true
   belongs_to :user 
+  has_many :contacts
+  has_many :job_applications
+
   validates :name, presence: true
   validates :website, presence: true
   validates :street_address, presence: true

app/models/user.rb

@@ -3,6 +3,7 @@ class User < ApplicationRecord
 
   has_many :companies, dependent: :destroy
   has_many :job_applications, dependent: :destroy
+  has_many :contacts, dependent: :destroy
 
   validates :name, presence: true
   validates :email, presence: true, uniqueness: true

app/policies/contact_policy.rb

@@ -1,14 +1,23 @@
 class ContactPolicy < ApplicationPolicy
-  # NOTE: Up to Pundit v2.3.1, the inheritance was declared as
-  # `Scope < Scope` rather than `Scope < ApplicationPolicy::Scope`.
-  # In most cases the behavior will be identical, but if updating existing
-  # code, beware of possible changes to the ancestors:
-  # https://gist.github.com/Burgestrand/4b4bc22f31c8a95c425fc0e30d7ef1f5
 
+  def index?
+    admin? || user.present?
+  end
+
+  def create?
+    admin? || user.present?
+  end
+
   class Scope < ApplicationPolicy::Scope
-    # NOTE: Be explicit about which records you allow access to!
-    # def resolve
-    #   scope.all
-    # end
+
+    def resolve
+      if admin?
+        scope.all
+      elsif user?
+        scope.where(user: user)
+      else
+        scope.none
+      end
+    end
   end
 end

app/policies/dashboard_policy.rb

@@ -0,0 +1,17 @@
+class DashboardPolicy < ApplicationPolicy
+
+  def show?
+    user == record
+  end
+
+  class Scope < ApplicationPolicy::Scope
+
+    # def resolve
+    #   if user?
+    #     scope.all
+    #   else
+    #     scope.none
+    #   end
+    # end
+  end
+end

app/policies/job_application_policy.rb

@@ -0,0 +1,25 @@
+class JobApplicationPolicy < ApplicationPolicy
+
+  def index?
+    user.present?
+  end
+
+  def create?
+    record.user_id == user.id
+  end
+
+  def show?
+    record.user_id == user.id
+  end
+
+  class Scope < ApplicationPolicy::Scope
+
+    def resolve 
+      if user?
+        scope.where(user_id: user.id)
+      else
+        scope.none
+      end
+    end
+  end
+end

app/policies/user_policy.rb

@@ -30,7 +30,7 @@ def resolve #resolve determines which records a user is allowed to access
       if admin? #method inherited from ApplicationPolicy to check role of current user(:admin)
         scope.all
       elsif user?#method inherited from ApplicationPolicy to check role of current user(:user)
-        scope.where(id: user.id)
+        scope.where(id: user.id) || scope.where(user_id: user.id)
       else
         scope.none
       end

app/serializers/dashboard_serializer.rb

@@ -0,0 +1,14 @@
+class DashboardSerializer
+  include JSONAPI::Serializer
+  attributes :id, :name, :email
+
+  attribute :dashboard do |user|
+    {
+      weekly_summary: {
+        job_applications: user.job_applications,
+        contacts: user.contacts,
+        companies: user.companies
+      }
+    }
+  end
+end

config/routes.rb

@@ -14,7 +14,7 @@
         resources :job_applications, only: [:create, :index, :show]
         resources :companies, only: [:create, :index]
         resources :contacts, only: [:create, :index]
-
+        resource :dashboard, only: :show
       end
 
       resources :sessions, only: :create

spec/policies/company_policy_spec.rb

@@ -48,6 +48,13 @@
     end
   end
 
+  permissions :index? do
+    it "allows an admin or a user to view all the companies" do
+      expect(subject).to permit(user, Company.new)
+      expect(subject).to permit(admin, Company.new)
+    end
+  end
+
   permissions ".scope" do
     let(:scope) { Pundit.policy_scope!(current_user, Company) }