add mutations for manipulating users

app/graphql/mutations/delete_user.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Mutations
+  # Deletes an user.
+  class DeleteUser < Mutations::BaseMutation
+    description 'Deletes an user.'
+    argument :id, ID, required: true
+    payload_type Boolean
+
+    def resolve(id:)
+      user = ::User.accessible_by(current_ability).find_by(id: id)
+      if user.nil?
+        raise ActiveRecord::RecordNotFound, I18n.t('errors.messages.resource_not_found', resource: ::User.model_name.human)
+      end
+
+      current_ability.authorize! :destroy, user
+      return true if user.destroy!
+
+      false
+    end
+  end
+end

app/graphql/mutations/update_user.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Mutations
+  # Updates an existing user.
+  class UpdateUser < Mutations::BaseMutation
+    description 'Updates an existing user.'
+    argument :id, ID, required: true
+    argument :attributes, Types::UserInputType, required: true
+    payload_type Types::UserType
+
+    def resolve(id:, attributes:)
+      user = ::User.accessible_by(current_ability).find_by(id: id)
+      raise ActiveRecord::RecordNotFound, I18n.t('errors.messages.resource_not_found', resource: ::User.model_name.human) if user.nil?
+
+      user.attributes = attributes.to_h
+      current_ability.authorize! :update, user
+      return user if user.save!
+    end
+  end
+end

app/graphql/mutations/update_user_role.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Mutations
+  # Updates the role for an user.
+  class UpdateUserRole < Mutations::BaseMutation
+    description 'Updates the role for an user.'
+    argument :id, ID, required: true
+    argument :role, String, required: true, description: '"user" or "admin"'
+    payload_type Boolean
+
+    def resolve(id:, role:)
+      user = ::User.accessible_by(current_ability).find_by(id: id)
+      if user.nil?
+        raise ActiveRecord::RecordNotFound, I18n.t('errors.messages.resource_not_found', resource: ::User.model_name.human)
+      end
+
+      if %w[admin user].include?(role)
+        user.role = role
+        current_ability.authorize! :update, user
+        user.save!
+        return true
+      end
+
+      false
+    end
+  end
+end

spec/graphql/mutations/delete_user_spec.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Mutations::DeleteUser do
+  subject(:graphql!) { result }
+
+  let!(:admin) do
+    create(:user, :admin)
+  end
+
+  let(:result) do
+    GraphqlSchema.execute(
+      query_string,
+      variables: variables,
+      context: context
+    )
+  end
+
+  let(:variables) do
+    {}
+  end
+
+  let(:query_string) do
+    <<-GRAPHQL
+    mutation deleteUser($id: ID!){
+      deleteUser(id: $id)
+    }
+    GRAPHQL
+  end
+
+  describe 'deleteUser' do
+    context 'when not an admin' do
+      let(:user) do
+        create(:user, company_id: admin.company_id)
+      end
+
+      let(:context) do
+        {
+          current_user: user
+        }
+      end
+
+      let(:variables) do
+        {
+          id: user.id
+        }
+      end
+
+      it 'returns errors' do
+        graphql!
+        message = result['errors'][0]['message']
+        expect(message).not_to be_nil
+      end
+    end
+
+    context 'with invalid id' do
+      let(:user) do
+        create(:user, company_id: admin.company_id)
+      end
+
+      let(:context) do
+        {
+          current_user: admin
+        }
+      end
+
+      let(:variables) do
+        {
+          id: 'wrong'
+        }
+      end
+
+      it 'returns nil' do
+        graphql!
+        success = result['data']['deleteUser']
+        expect(success).to be_nil
+      end
+    end
+
+    context 'with valid params' do
+      let!(:user) do
+        create(:user, company_id: admin.company_id)
+      end
+
+      let(:context) do
+        {
+          current_user: admin
+        }
+      end
+
+      let(:variables) do
+        {
+          id: user.id
+        }
+      end
+
+      it 'changes name' do
+        graphql!
+        success = result['data']['deleteUser']
+        expect(success).to eq(true)
+      end
+    end
+  end
+end

spec/graphql/mutations/update_user_role_spec.rb

@@ -0,0 +1,148 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Mutations::UpdateUserRole do
+  subject(:graphql!) { result }
+
+  let!(:admin) do
+    create(:user, :admin)
+  end
+
+  let(:result) do
+    GraphqlSchema.execute(
+      query_string,
+      variables: variables,
+      context: context
+    )
+  end
+
+  let(:variables) do
+    {}
+  end
+
+  let(:query_string) do
+    <<-GRAPHQL
+    mutation updateUserRole($id: ID!, $role: String!){
+      updateUserRole(id: $id, role: $role)
+    }
+    GRAPHQL
+  end
+
+  describe 'updateUser' do
+    context 'when not an admin' do
+      let(:user) do
+        create(:user, company_id: admin.company_id)
+      end
+
+      let(:context) do
+        {
+          current_user: user
+        }
+      end
+
+      let(:variables) do
+        {
+          id: user.id,
+          role: 'admin'
+        }
+      end
+
+      it 'returns errors' do
+        graphql!
+        message = result['errors'][0]['message']
+        expect(message).not_to be_nil
+      end
+
+      it 'not updates user role' do
+        graphql!
+        expect(user.role).to eq('user')
+      end
+    end
+
+    context 'with invalid id' do
+      let(:user) do
+        create(:user, company_id: admin.company_id)
+      end
+
+      let(:context) do
+        {
+          current_user: admin
+        }
+      end
+
+      let(:variables) do
+        {
+          id: 'wrong',
+          role: 'admin'
+        }
+      end
+
+      it 'returns errors' do
+        graphql!
+        message = result['data']['updateUserRolw']
+        expect(message).to be_nil
+      end
+    end
+
+    context 'with invalid params' do
+      let(:user) do
+        create(:user, company_id: admin.company_id)
+      end
+
+      let(:context) do
+        {
+          current_user: admin
+        }
+      end
+
+      let(:variables) do
+        {
+          id: user.id,
+          role: 'superadmin'
+        }
+      end
+
+      it 'returns false' do
+        graphql!
+        success = result['data']['updateUserRole']
+        expect(success).to eq(false)
+      end
+
+      it 'not updates user role' do
+        graphql!
+        expect(user.role).to eq('user')
+      end
+    end
+
+    context 'with valid params' do
+      let!(:user) do
+        create(:user, company_id: admin.company_id)
+      end
+
+      let(:context) do
+        {
+          current_user: admin
+        }
+      end
+
+      let(:variables) do
+        {
+          id: user.id,
+          role: 'admin'
+        }
+      end
+
+      it 'returns true' do
+        graphql!
+        success = result['data']['updateUserRole']
+        expect(success).to eq(true)
+      end
+
+      it 'updates user role' do
+        graphql!
+        expect(user.reload.role).to eq('admin')
+      end
+    end
+  end
+end