Adding the ability to restrict access to patients to the model layer

project-rhex · May 11, 2012 · ae3dc2a · ae3dc2a
1 parent 6949904
commit ae3dc2a
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 4 deletions.
diff --git a/app/models/authorized_user.rb b/app/models/authorized_user.rb
@@ -0,0 +1,3 @@
+class AuthorizedUser < ActiveRecord::Base
+  belongs_to :patient
+end
diff --git a/app/models/patient.rb b/app/models/patient.rb
@@ -1,3 +1,6 @@
 class Patient < ActiveRecord::Base
   has_many :documents
+  has_many :authorized_users
+
+  scope :accessible_to, ->(email) {joins(:authorized_users).where(authorized_users: {email: email})}
 end
diff --git a/db/migrate/20120510205538_create_authorized_users.rb b/db/migrate/20120510205538_create_authorized_users.rb
@@ -0,0 +1,11 @@
+class CreateAuthorizedUsers < ActiveRecord::Migration
+  def change
+    create_table :authorized_users do |t|
+      t.string :email
+      t.references :patient
+
+      t.timestamps
+    end
+    add_index :authorized_users, :patient_id
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -11,7 +11,16 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20120410180102) do
+ActiveRecord::Schema.define(:version => 20120510205538) do
+
+  create_table "authorized_users", :force => true do |t|
+    t.string   "email"
+    t.integer  "patient_id"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+  add_index "authorized_users", ["patient_id"], :name => "index_authorized_users_on_patient_id"
 
   create_table "documents", :force => true do |t|
     t.string   "name"

diff --git a/test/fixtures/authorized_users.yml b/test/fixtures/authorized_users.yml
@@ -0,0 +1,13 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
+
+one:
+  email: [email protected]
+  patient: one
+
+two:
+  email: [email protected]
+  patient: two
+
+three:
+  email: [email protected]
+  patient: two
diff --git a/test/unit/authorized_user_test.rb b/test/unit/authorized_user_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class AuthorizedUserTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/test/unit/patient_test.rb b/test/unit/patient_test.rb
@@ -1,7 +1,9 @@
 require 'test_helper'
 
 class PatientTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
+  test 'users can only see patients they have access to' do
+    assert_equal 2, Patient.accessible_to('[email protected]').count
+    assert_equal 1, Patient.accessible_to('[email protected]').count
+    assert_equal 0, Patient.accessible_to('[email protected]').count
+  end
 end