Blogs

app/controllers/v1/blogs_controller.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module V1
+  class BlogsController < ApplicationController
+    before_action :set_blog, only: %i[show update destroy]
+
+    def index
+      @blogs = policy_scope Blog.all
+    end
+
+    def show; end
+
+    def create
+      @blog = Blog.new(blog_params)
+      @blog.user_id = current_user.id
+
+      authorize @blog
+
+      if @blog.save
+        render :show, status: :created, location: v1_blogs_url(@blog)
+      else
+        render json: @blog.errors, status: :unprocessable_entity
+      end
+    end
+
+    def update
+      if @blog.update(blog_params)
+        render :show, status: :ok, location: v1_blogs_url(@blog)
+      else
+        render json: @blog.errors, status: :unprocessable_entity
+      end
+    end
+
+    def destroy
+      @blog.destroy
+    end
+
+    private
+
+      def set_blog
+        @blog = Blog.find(params[:id])
+        authorize @blog
+      end
+
+      def blog_params
+        params.require(:blog).permit(policy(Blog).permitted_attributes)
+      end
+  end
+end

app/models/blog.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: blogs
+#
+#  id             :integer          not null, primary key
+#  article        :text             not null
+#  published_date :string           default(""), not null
+#  title          :string           not null
+#  created_at     :datetime         not null
+#  updated_at     :datetime         not null
+#  user_id        :integer
+#
+# Indexes
+#
+#  index_blogs_on_user_id  (user_id)
+#
+
+class Blog < ApplicationRecord
+  belongs_to :author, class_name: "User", foreign_key: :user_id, inverse_of: :blogs
+
+  scope :published, -> { where("published_date <= ?", Time.zone.now) }
+
+  def published?
+    return false if published_date.empty?
+
+    Time.zone.parse(published_date) <= Time.zone.now
+  end
+end

app/models/user.rb

@@ -20,6 +20,8 @@
 class User < ApplicationRecord
   has_secure_password
 
+  has_many :blogs, dependent: :destroy
+
   validates :display_name, presence: true
   validates :email, presence: true, email_format: true, uniqueness: true
   validates :password_confirmation, presence: true, if: ->(m) { m.password.present? }

app/policies/blog_policy.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+class BlogPolicy < ApplicationPolicy
+  def show?
+    return true if update?
+
+    record.published?
+  end
+
+  def update?
+    return true if user&.acts_as_admin?
+
+    record.user_id == user&.id
+  end
+
+  def destroy?
+    update?
+  end
+
+  def create?
+    user&.acts_as_author?
+  end
+
+  def permitted_attributes
+    return base_attributes + %i[user_id] if user&.acts_as_admin?
+
+    base_attributes
+  end
+
+  def base_attributes
+    %i[
+      title
+      article
+    ]
+  end
+
+  class Scope < Scope
+    def resolve
+      return scope if user&.acts_as_admin?
+      return scope.published.or(user.blogs) if user&.acts_as_author?
+
+      scope.published
+    end
+  end
+end

app/views/v1/blogs/_blog.json.jbuilder

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+json.url v1_blog_url(blog, format: :json)
+
+json.extract! blog,
+              :title,
+              :article,
+              :published_date,
+              :id
+
+json.author do
+  json.name blog.author.display_name
+  json.url  v1_user_url(blog.author, format: :json)
+end

app/views/v1/blogs/index.json.jbuilder

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+json.array! @blogs, partial: 'v1/blogs/blog', as: :blog

app/views/v1/blogs/show.json.jbuilder

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+json.partial! "v1/blogs/blog", blog: @blog