Add ConversationPart controller with create endpoint, changeset and policy

[begedin]

Problem

See #1286 for an explanation of how a Message system works.

Once we have created a Message and it's associated Conversation, any side of the conversation can post a reply.

Each of these replies then creates a ConversationPart containing its contents.

In order to do that, we need a create endpoint

Subtasks

• [ ] implement create_changeset
  • we keep putting this into the schema module, but I really think that does not fit well with the context paradigm, so I'm open to suggestions on where to put it. I'm thinking Messages.ConversationPart. Could even be private
  • casts [:body, :author_id, :conversation_id]
  • ensures author and conversation exist
  • :read_at is null initially
• [ ] test create_changeset, or testing Messages.create_conversation_part/1 might be enough
• [ ] implement Policy.ConversationPart.create?
  • current_user is authorized if current_user.id == params["author_id"]
  • current_user is authorized if current_user.id == (params |> get_conversation).user_id
  • current_user is authorized if current_user.id == (params |> get_message).author_id
  • current_user is authorized if admin or higher on (params |> get_project)
• [ ] write tests for Policy.ConversationPart.create?
• [ ] implement Messages.create_conversation_part(params)
  • probably delegates to Messages.ConversationPart.create
  • uses create_changeset
• [ ] test Messages.create_conversation_part(params)
  • if create_changeset is private, make sure to test casting behavior to
• [ ] implement ConversationPartController :create endpoint
  • authorizes using policy
  • creates record using Messages.create_conversation_part
• [ ] write tests for :create endpoint

[joshsmith]

I think the policy here really needs to be different, probably more like:

• current_user is authorized if they're the target of the conversation
• current_user is authorized if they're a project admin or higher

Anything else is superfluous.