add basic library permissions

app/controllers/libraries_controller.rb

@@ -13,4 +13,14 @@ def edit
 
   # GET /libraries/1 or /libraries/1.json
   def show; end
+
+  def users
+    @library = Library.find(params[:id])
+    @users = @library.users
+
+    respond_to do |format|
+      format.html # renders users.html.erb
+      format.json { render json: @users }
+    end
+  end
 end

app/models/library.rb

@@ -4,4 +4,7 @@ class Library < ApplicationRecord
   has_many :documents
   validates :name, presence: true
   belongs_to :user
+
+  has_many :library_users
+  has_many :users, through: :library_users
 end

app/models/library_user.rb

@@ -0,0 +1,6 @@
+class LibraryUser < ApplicationRecord
+  belongs_to :user
+  belongs_to :library
+
+  enum role: { admin: 0, editor: 1 }
+end

app/models/user.rb

@@ -6,6 +6,9 @@ class User < ApplicationRecord
   has_secure_password validations: false
   validate :password_strength
 
+  has_many :library_users
+  has_many :libraries, through: :library_users
+
   private
 
   def password_strength

app/policies/document_policy.rb

@@ -9,10 +9,17 @@ def initialize(user, document)
   end
 
   def create?
-    user.admin? || document.library.user_id == user.id
+    user.admin? || document.library.user_id == user.id || user_is_editor?
   end
 
   def update?
-    user.admin? || document.library.user_id == user.id
+    user.admin? || document.library.user_id == user.id || user_is_editor?
+  end
+
+  private
+
+  def user_is_editor?
+    library_user = LibraryUser.find_by(user: user, library: document.library)
+    library_user&.editor?
   end
 end

app/policies/library_policy.rb

@@ -13,6 +13,13 @@ def create?
   end
 
   def update?
-    user.admin? || library.user_id == user.id
+    user.admin? || user_is_editor? || library.user_id == user.id
+  end
+
+  private
+
+  def user_is_editor?
+    library_user = LibraryUser.find_by(user: user, library: library)
+    library_user&.editor?
   end
 end

app/views/libraries/show.html.erb

@@ -5,7 +5,8 @@
     <div class="flex space-x-2">
       <% if policy(@library).edit? %>
         <%= link_to 'New Document', new_document_path(library_id: @library.id), class: "rounded-lg p-2 bg-sky-600 text-white" %>
-        <%= link_to 'Edit', edit_library_path(@library), class: "rounded-lg p-2 bg-sky-600 text-white" %>
+        <%= link_to 'Edit', edit_library_path(@library), title: "Edit Library", class: "rounded-lg p-2 bg-sky-600 text-white" %>
+        <%= link_to 'Users', users_library_path(@library), class: "rounded-lg p-2 bg-sky-600 text-white" %>
       <% end %>
     </div>
   </div>

app/views/libraries/users.html.erb

@@ -0,0 +1,17 @@
+<!-- app/views/libraries/users.html.erb -->
+
+<h1 class="text-3xl font-semibold text-stone-900 mb-6"><span class="text-sky-500"><%= link_to @library.name, library_path(@library) %> </span> > Users </h1>
+
+<div class="bg-white shadow-md rounded-lg overflow-hidden">
+  <div class="grid grid-cols-3 gap-4 p-4 bg-gray-200 font-semibold">
+    <div>Email</div>
+    <div>Role</div>
+  </div>
+
+  <% @users.each do |user| %>
+    <div class="grid grid-cols-3 gap-4 p-4 border-b border-gray-200">
+      <div><%= user.email %></div>
+      <div><%= user.library_users.find_by(library: @library).role.capitalize %></div>
+    </div>
+  <% end %>
+</div>

config/routes.rb

@@ -21,6 +21,9 @@
   # Nested Resources
   resources :libraries do
     resources :documents
+    member do
+      get 'users'
+    end
   end
 
   resources :delayed_jobs, only: %i[index destroy]

db/migrate/20240514224325_create_library_users.rb

@@ -0,0 +1,13 @@
+class CreateLibraryUsers < ActiveRecord::Migration[6.1]
+  def change
+    create_table :library_users do |t|
+      t.references :user, null: false, foreign_key: true
+      t.references :library, null: false, foreign_key: true
+      t.integer :role, null: false, default: 0
+
+      t.timestamps
+    end
+
+    add_index :library_users, [:user_id, :library_id], unique: true
+  end
+end

spec/controllers/libraries_controller_spec.rb

@@ -5,6 +5,9 @@
 RSpec.describe LibrariesController, type: :controller do
   let(:user) { User.create!(email: '[email protected]', password: 'Password1!') }
   let(:admin) { User.create!(email: '[email protected]', password: 'Password1!', admin: true) }
+  let(:editor) { User.create!(email: '[email protected]', password: 'Password1!') }
+  let(:library) { Library.create!(name: 'Library', user: admin) }
+  let!(:library_user) { LibraryUser.create!(user: editor, library: library, role: :editor) }
   let(:valid_attributes) { { name: 'Library', user: admin } }
 
   context 'as an admin user' do
@@ -21,10 +24,10 @@
     end
 
     describe 'POST #create' do
-      it 'does create a new Library' do
+      it 'creates a new Library' do
         expect do
           post :create, params: { library: valid_attributes }
-        end.to change(Library, :count)
+        end.to change(Library, :count).by(1)
       end
     end
   end
@@ -55,4 +58,38 @@
       end
     end
   end
+
+  context 'as an editor user' do
+    before do
+      allow_any_instance_of(LibrariesController).to receive(:current_user).and_return(editor)
+    end
+
+    describe 'GET #index' do
+      it 'returns a success response' do
+        get :index
+        expect(response).to be_successful
+      end
+    end
+
+    describe 'POST #create' do
+      it 'does not create a new Library' do
+        expect do
+          post :create, params: { library: valid_attributes }
+        end.to_not change(Library, :count)
+      end
+
+      it 'redirects to a certain page or renders an error' do
+        post :create, params: { library: valid_attributes }
+        expect(response).to redirect_to(root_path)
+      end
+    end
+
+    describe 'PUT #update' do
+      it 'allows the editor to update the library' do
+        put :update, params: { id: library.id, library: { name: 'Updated Library' } }
+        library.reload
+        expect(library.name).to eq('Updated Library')
+      end
+    end
+  end
 end