define partial update endpoint for users

Author: calebbourg

domain/src/lib.rs

@@ -4,7 +4,10 @@
 //! directly depend on the `entity_api` crate. By re-exporting these items, we provide a clear and
 //! consistent interface for working with query filters within the domain layer, while encapsulating
 //! the underlying implementation details remain in the `entity_api` crate.
-pub use entity_api::query::{IntoQueryFilterMap, QueryFilterMap};
+pub use entity_api::{
+    mutate::{IntoUpdateMap, UpdateMap},
+    query::{IntoQueryFilterMap, QueryFilterMap},
+};
 
 // Re-exports from `entity`
 pub use entity_api::user::{AuthSession, Backend, Credentials};

domain/src/user.rs

@@ -1 +1,21 @@
-pub use entity_api::user::{create, find_by_email};
+use crate::{error::Error, users, Id};
+use entity_api::mutate;
+use sea_orm::DatabaseConnection;
+use sea_orm::IntoActiveModel;
+
+pub use entity_api::user::{create, find_by_email, find_by_id};
+
+pub async fn update(
+    db: &DatabaseConnection,
+    user_id: Id,
+    params: impl mutate::IntoUpdateMap,
+) -> Result<users::Model, Error> {
+    let existing_user = find_by_id(db, user_id).await?;
+    let active_model = existing_user.into_active_model();
+    Ok(mutate::update::<users::ActiveModel, users::Column>(
+        db,
+        active_model,
+        params.into_update_map(),
+    )
+    .await?)
+}

entity_api/src/user.rs

@@ -3,12 +3,13 @@ use async_trait::async_trait;
 use axum_login::{AuthnBackend, UserId};
 use chrono::Utc;
 use entity::users::{ActiveModel, Column, Entity, Model};
+use entity::Id;
 use log::*;
 use password_auth::{generate_hash, verify_password};
 use sea_orm::{entity::prelude::*, DatabaseConnection, Set};
 use serde::Deserialize;
 use std::sync::Arc;
-use utoipa::ToSchema;
+use utoipa::{IntoParams, ToSchema};
 
 pub async fn create(db: &DatabaseConnection, user_model: Model) -> Result<Model, Error> {
     debug!(
@@ -36,7 +37,7 @@ pub async fn create(db: &DatabaseConnection, user_model: Model) -> Result<Model,
 
 pub async fn find_by_email(db: &DatabaseConnection, email: &str) -> Result<Option<Model>, Error> {
     let user: Option<Model> = Entity::find()
-        .filter(Column::Email.contains(email))
+        .filter(Column::Email.eq(email))
         .one(db)
         .await?;
 
@@ -45,6 +46,13 @@ pub async fn find_by_email(db: &DatabaseConnection, email: &str) -> Result<Optio
     Ok(user)
 }
 
+pub async fn find_by_id(db: &DatabaseConnection, id: Id) -> Result<Model, Error> {
+    Entity::find_by_id(id).one(db).await?.ok_or_else(|| Error {
+        source: None,
+        error_kind: EntityApiErrorKind::RecordNotFound,
+    })
+}
+
 async fn authenticate_user(creds: Credentials, user: Model) -> Result<Option<Model>, Error> {
     match verify_password(creds.password, &user.password) {
         Ok(_) => Ok(Some(user)),
@@ -60,7 +68,7 @@ pub struct Backend {
     db: Arc<DatabaseConnection>,
 }
 
-#[derive(Debug, Clone, ToSchema, Deserialize)]
+#[derive(Debug, Clone, ToSchema, IntoParams, Deserialize)]
 #[schema(as = entity_api::user::Credentials)] // OpenAPI schema
 pub struct Credentials {
     pub email: String,
@@ -112,3 +120,55 @@ impl AuthnBackend for Backend {
 }
 
 pub type AuthSession = axum_login::AuthSession<Backend>;
+
+#[cfg(test)]
+// We need to gate seaORM's mock feature behind conditional compilation because
+// the feature removes the Clone trait implementation from seaORM's DatabaseConnection.
+// see https://github.com/SeaQL/sea-orm/issues/830
+#[cfg(feature = "mock")]
+mod test {
+    use super::*;
+    use entity::Id;
+    use sea_orm::{DatabaseBackend, MockDatabase, Transaction};
+
+    #[tokio::test]
+    async fn find_by_email_returns_a_single_record() -> Result<(), Error> {
+        let db = MockDatabase::new(DatabaseBackend::Postgres).into_connection();
+
+        let user_email = "test@test.com";
+        let _ = find_by_email(&db, user_email).await;
+
+        assert_eq!(
+            db.into_transaction_log(),
+            [Transaction::from_sql_and_values(
+                DatabaseBackend::Postgres,
+                r#"SELECT "users"."id", "users"."email", "users"."first_name", "users"."last_name", "users"."display_name", "users"."password", "users"."github_username", "users"."github_profile_url", "users"."created_at", "users"."updated_at" FROM "refactor_platform"."users" WHERE "users"."email" = $1 LIMIT $2"#,
+                [user_email.into(), sea_orm::Value::BigUnsigned(Some(1))]
+            )]
+        );
+
+        Ok(())
+    }
+
+    #[tokio::test]
+    async fn find_by_id_returns_a_single_record() -> Result<(), Error> {
+        let db = MockDatabase::new(DatabaseBackend::Postgres).into_connection();
+
+        let coaching_session_id = Id::new_v4();
+        let _ = find_by_id(&db, coaching_session_id).await;
+
+        assert_eq!(
+            db.into_transaction_log(),
+            [Transaction::from_sql_and_values(
+                DatabaseBackend::Postgres,
+                r#"SELECT "users"."id", "users"."email", "users"."first_name", "users"."last_name", "users"."display_name", "users"."password", "users"."github_username", "users"."github_profile_url", "users"."created_at", "users"."updated_at" FROM "refactor_platform"."users" WHERE "users"."id" = $1 LIMIT $2"#,
+                [
+                    coaching_session_id.into(),
+                    sea_orm::Value::BigUnsigned(Some(1))
+                ]
+            )]
+        );
+
+        Ok(())
+    }
+}

web/src/controller/user_controller.rs

@@ -1,4 +1,7 @@
-use crate::{controller::ApiResponse, extractors::compare_api_version::CompareApiVersion};
+use crate::extractors::{
+    authenticated_user::AuthenticatedUser, compare_api_version::CompareApiVersion,
+};
+use crate::{controller::ApiResponse, params::user::*};
 use crate::{AppState, Error};
 use axum::{extract::State, http::StatusCode, response::IntoResponse, Json};
 use domain::{user as UserApi, users};
@@ -36,3 +39,34 @@ pub async fn create(
 
     Ok(Json(ApiResponse::new(StatusCode::CREATED.into(), user)))
 }
+
+/// UPDATE a User
+/// NOTE: that this is for updating the current user and as such uses the user
+/// from the AuthenticatedUser extractor. If we decide to allow a user to update
+/// another user, we may want to consider something like a PUT /myself endpoint for
+/// the current user updating their own data.
+#[utoipa::path(
+    put,
+    path = "/users",
+    params(
+        ApiVersion,
+        UpdateUserParams
+    ),
+    request_body = UpdateUserParams,
+    responses(
+        (status = 200, description = "Successfully updated a User", body = [users::Model]),
+        (status = 401, description = "Unauthorized"),
+    ),
+    security(
+        ("cookie_auth" = [])
+    )
+)]
+pub async fn update(
+    CompareApiVersion(_v): CompareApiVersion,
+    AuthenticatedUser(user): AuthenticatedUser,
+    State(app_state): State<AppState>,
+    Json(params): Json<UpdateUserParams>,
+) -> Result<impl IntoResponse, Error> {
+    let updated_user = UserApi::update(app_state.db_conn_ref(), user.id, params).await?;
+    Ok(Json(ApiResponse::new(StatusCode::OK.into(), updated_user)))
+}

web/src/params/mod.rs

@@ -16,3 +16,4 @@ pub(crate) mod agreement;
 pub(crate) mod coaching_session;
 pub(crate) mod jwt;
 pub(crate) mod overarching_goal;
+pub(crate) mod user;

web/src/params/user.rs

@@ -0,0 +1,51 @@
+use sea_orm::Value;
+use serde::Deserialize;
+use utoipa::{IntoParams, ToSchema};
+
+use domain::{IntoUpdateMap, UpdateMap};
+
+#[derive(Debug, Deserialize, IntoParams, ToSchema)]
+pub struct UpdateUserParams {
+    pub email: Option<String>,
+    pub first_name: Option<String>,
+    pub last_name: Option<String>,
+    pub display_name: Option<String>,
+    pub github_profile_url: Option<String>,
+}
+
+impl IntoUpdateMap for UpdateUserParams {
+    fn into_update_map(self) -> UpdateMap {
+        let mut update_map = UpdateMap::new();
+        if let Some(email) = self.email {
+            update_map.insert(
+                "email".to_string(),
+                Some(Value::String(Some(Box::new(email)))),
+            );
+        }
+        if let Some(first_name) = self.first_name {
+            update_map.insert(
+                "first_name".to_string(),
+                Some(Value::String(Some(Box::new(first_name)))),
+            );
+        }
+        if let Some(last_name) = self.last_name {
+            update_map.insert(
+                "last_name".to_string(),
+                Some(Value::String(Some(Box::new(last_name)))),
+            );
+        }
+        if let Some(display_name) = self.display_name {
+            update_map.insert(
+                "display_name".to_string(),
+                Some(Value::String(Some(Box::new(display_name)))),
+            );
+        }
+        if let Some(github_profile_url) = self.github_profile_url {
+            update_map.insert(
+                "github_profile_url".to_string(),
+                Some(Value::String(Some(Box::new(github_profile_url)))),
+            );
+        }
+        update_map
+    }
+}

web/src/router.rs

@@ -1,4 +1,4 @@
-use crate::{protect, AppState};
+use crate::{params, protect, AppState};
 use axum::{
     middleware::from_fn_with_state,
     routing::{delete, get, post, put},
@@ -61,6 +61,7 @@ use self::organization::coaching_relationship_controller;
             overarching_goal_controller::read,
             overarching_goal_controller::update_status,
             user_controller::create,
+            user_controller::update,
             user_session_controller::login,
             user_session_controller::logout,
             jwt_controller::generate_collab_token,
@@ -76,6 +77,8 @@ use self::organization::coaching_relationship_controller;
                 domain::overarching_goals::Model,
                 domain::users::Model,
                 domain::Credentials,
+                params::user::UpdateUserParams,
+
             )
         ),
         modifiers(&SecurityAddon),
@@ -278,6 +281,7 @@ pub fn overarching_goal_routes(app_state: AppState) -> Router {
 pub fn user_routes(app_state: AppState) -> Router {
     Router::new()
         .route("/users", post(user_controller::create))
+        .route("/users", put(user_controller::update))
         .route_layer(login_required!(Backend, login_url = "/login"))
         .with_state(app_state)
 }