From f592750a6f8e17507c6cf9e7df20ae65e5d8a55d Mon Sep 17 00:00:00 2001 From: "Chris Baudouin, Jr" Date: Sun, 6 Sep 2020 19:38:54 -0400 Subject: [PATCH 01/10] refactor: Changes admin to director --- .../javascripts/manage/lib/setupDataTables.js | 2 +- .../manage/application_controller.rb | 20 ++++++------- app/controllers/manage/configs_controller.rb | 5 +--- .../manage/dashboard_controller.rb | 3 +- .../manage/data_exports_controller.rb | 4 +-- app/controllers/manage/messages_controller.rb | 6 ++-- .../manage/questionnaires_controller.rb | 6 ++-- .../manage/trackable_events_controller.rb | 12 ++++---- .../manage/trackable_tags_controller.rb | 4 +-- app/controllers/manage/users_controller.rb | 8 ++--- app/datatables/questionnaire_datatable.rb | 4 +-- ...{admin_datatable.rb => staff_datatable.rb} | 4 +-- app/jobs/bulk_message_job.rb | 8 ++--- ...port_job.rb => staff_weekly_report_job.rb} | 4 +-- app/mailers/mail_preview.rb | 4 +-- .../{admin_mailer.rb => staff_mailer.rb} | 4 +-- app/mailers/user_mailer.rb | 2 +- app/models/user.rb | 8 ++--- app/views/layouts/_header.html.haml | 2 +- .../layouts/manage/_page_title.html.haml | 2 +- .../layouts/manage/application.html.haml | 2 +- ..._mailer.html.erb => staff_mailer.html.erb} | 0 .../_questionnaire_datatable.html.haml | 2 +- app/views/manage/bus_lists/show.html.haml | 4 +-- .../messages/_message_template_status.haml | 2 +- app/views/manage/messages/index.html.haml | 2 +- .../manage/questionnaires/show.html.haml | 8 ++--- .../manage/trackable_events/index.html.haml | 2 +- .../manage/trackable_tags/show.html.haml | 2 +- app/views/manage/users/index.html.haml | 2 +- .../weekly_report.haml | 0 config/initializers/doorkeeper.rb | 2 +- config/locales/en.yml | 2 +- config/routes.rb | 6 ++-- config/schedule.yml | 4 +-- docs/api-setup.md | 6 ++-- docs/api-usage.md | 2 +- docs/deployment-dokku.md | 4 +-- docs/deployment-okd.md | 6 ++-- docs/messages.md | 2 +- test/controllers/bus_lists_controller_test.rb | 6 ++-- .../manage/bus_lists_controller_test.rb | 4 +-- .../manage/checkins_controller_test.rb | 10 +++---- .../manage/configs_controller_test.rb | 8 ++--- .../manage/dashboard_controller_test.rb | 6 ++-- .../manage/messages_controller_test.rb | 4 +-- .../manage/questionnaires_controller_test.rb | 30 +++++++++---------- .../manage/schools_controller_test.rb | 6 ++-- .../manage/stats_controller_test.rb | 8 ++--- .../trackable_events_controller_test.rb | 10 +++---- .../manage/trackable_tags_controller_test.rb | 10 +++---- .../manage/users_controller_test.rb | 18 +++++------ .../questionnaires_controller_test.rb | 4 +-- test/controllers/rsvps_controller_test.rb | 6 ++-- ...in_mailer_test.rb => staff_mailer_test.rb} | 16 +++++----- test/factories/users.rb | 6 ++-- test/integration/user_flows_test.rb | 6 ++-- ...est.rb => staff_weekly_report_job_test.rb} | 4 +-- test/models/questionnaire_test.rb | 6 ++-- test/models/user_test.rb | 4 +-- 60 files changed, 170 insertions(+), 174 deletions(-) rename app/datatables/{admin_datatable.rb => staff_datatable.rb} (94%) rename app/jobs/{admin_weekly_report_job.rb => staff_weekly_report_job.rb} (71%) rename app/mailers/{admin_mailer.rb => staff_mailer.rb} (96%) rename app/views/layouts/{admin_mailer.html.erb => staff_mailer.html.erb} (100%) rename app/views/{admin_mailer => staff_mailer}/weekly_report.haml (100%) rename test/controllers/{admin_mailer_test.rb => staff_mailer_test.rb} (68%) rename test/jobs/{admin_weekly_report_job_test.rb => staff_weekly_report_job_test.rb} (74%) diff --git a/app/assets/javascripts/manage/lib/setupDataTables.js b/app/assets/javascripts/manage/lib/setupDataTables.js index ad23dfdf8..f9418bc3c 100644 --- a/app/assets/javascripts/manage/lib/setupDataTables.js +++ b/app/assets/javascripts/manage/lib/setupDataTables.js @@ -36,7 +36,7 @@ var setupDataTables = function () { ], }); - $('.datatable.admins').DataTable({ + $('.datatable.staff').DataTable({ order: [2, 'asc'], columns: [ { orderable: true, data: 'id', visible: false }, diff --git a/app/controllers/manage/application_controller.rb b/app/controllers/manage/application_controller.rb index cced5e844..9db952824 100644 --- a/app/controllers/manage/application_controller.rb +++ b/app/controllers/manage/application_controller.rb @@ -1,27 +1,27 @@ class Manage::ApplicationController < ApplicationController before_action :logged_in - before_action :require_admin_or_limited_admin - before_action :limit_write_access_to_admins, only: ["edit", "update", "new", "create", "destroy", "convert_to_admin", "deliver", "merge", "perform_merge", "toggle_bus_captain", "duplicate", "update_acc_status", "send_update_email", "live_preview"] + before_action :require_director_or_limited_admin + before_action :limit_write_access_to_directors, only: ["edit", "update", "new", "create", "destroy", "convert_to_admin", "deliver", "merge", "perform_merge", "toggle_bus_captain", "duplicate", "update_acc_status", "send_update_email", "live_preview"] skip_before_action :verify_authenticity_token, if: :json_request? def logged_in authenticate_user! end - def require_full_admin - return redirect_to root_path unless current_user.try(:admin?) + def require_director + return redirect_to root_path unless current_user.try(:director?) end - def require_admin_or_limited_admin - return redirect_to root_path unless current_user.try(:admin?) || current_user.try(:admin_limited_access?) + def require_director_or_limited_admin + return redirect_to root_path unless current_user.try(:director?) || current_user.try(:admin_limited_access?) end - def require_admin_or_limited_admin_or_event_tracking - redirect_to root_path unless current_user.try(:admin?) || current_user.try(:admin_limited_access?) || current_user.try(:event_tracking?) + def require_director_or_limited_admin_or_event_tracking + redirect_to root_path unless current_user.try(:director?) || current_user.try(:admin_limited_access?) || current_user.try(:event_tracking?) end - def limit_write_access_to_admins - redirect_to url_for(controller: controller_name, action: :index) unless current_user.try(:admin?) + def limit_write_access_to_directors + redirect_to url_for(controller: controller_name, action: :index) unless current_user.try(:director?) end def json_request? diff --git a/app/controllers/manage/configs_controller.rb b/app/controllers/manage/configs_controller.rb index e5d8eedc9..e7b9884de 100644 --- a/app/controllers/manage/configs_controller.rb +++ b/app/controllers/manage/configs_controller.rb @@ -1,5 +1,5 @@ class Manage::ConfigsController < Manage::ApplicationController - before_action :limit_access_admin + before_action :require_director before_action :get_config, only: [:edit, :update, :update_only_css_variables] respond_to :html, :json @@ -69,7 +69,4 @@ def get_config end end - def limit_access_admin - redirect_to root_path unless current_user.admin? - end end diff --git a/app/controllers/manage/dashboard_controller.rb b/app/controllers/manage/dashboard_controller.rb index 7b2f822e0..550521827 100644 --- a/app/controllers/manage/dashboard_controller.rb +++ b/app/controllers/manage/dashboard_controller.rb @@ -1,6 +1,5 @@ class Manage::DashboardController < Manage::ApplicationController - skip_before_action :require_admin_or_limited_admin - before_action :require_admin_or_limited_admin + before_action :require_director_or_limited_admin def index end diff --git a/app/controllers/manage/data_exports_controller.rb b/app/controllers/manage/data_exports_controller.rb index a20b89db8..3ab908b82 100644 --- a/app/controllers/manage/data_exports_controller.rb +++ b/app/controllers/manage/data_exports_controller.rb @@ -1,6 +1,6 @@ class Manage::DataExportsController < Manage::ApplicationController - skip_before_action :require_admin_or_limited_admin - before_action :require_full_admin + skip_before_action :require_director_or_limited_admin + before_action :require_director before_action :set_data_export, only: [:destroy] diff --git a/app/controllers/manage/messages_controller.rb b/app/controllers/manage/messages_controller.rb index 245e2b07f..96e2a5245 100644 --- a/app/controllers/manage/messages_controller.rb +++ b/app/controllers/manage/messages_controller.rb @@ -1,7 +1,7 @@ class Manage::MessagesController < Manage::ApplicationController before_action :set_message, only: [:show, :edit, :update, :destroy, :deliver, :preview, :duplicate] before_action :check_message_access, only: [:edit, :update, :destroy] - before_action :limit_template_access_to_admins, only: [:template, :template_preview, :template_update, :template_replace_with_default] + before_action :limit_template_access_to_directors, only: [:template, :template_preview, :template_update, :template_replace_with_default] respond_to :html, :json @@ -106,9 +106,9 @@ def template_replace_with_default private - def limit_template_access_to_admins + def limit_template_access_to_directors # From Manage::ApplicationController - limit_write_access_to_admins + limit_write_access_to_directors end def message_params diff --git a/app/controllers/manage/questionnaires_controller.rb b/app/controllers/manage/questionnaires_controller.rb index ca14c9d85..7ad4c979f 100644 --- a/app/controllers/manage/questionnaires_controller.rb +++ b/app/controllers/manage/questionnaires_controller.rb @@ -1,7 +1,7 @@ class Manage::QuestionnairesController < Manage::ApplicationController include QuestionnairesControllable - before_action :set_questionnaire, only: [:show, :edit, :update, :destroy, :check_in, :convert_to_admin, :update_acc_status] + before_action :set_questionnaire, only: [:show, :edit, :update, :destroy, :check_in, :convert_to_director, :update_acc_status] respond_to :html, :json @@ -95,10 +95,10 @@ def check_in redirect_to index_redirect_path end - def convert_to_admin + def convert_to_director user = @questionnaire.user @questionnaire.destroy - user.update_attributes(role: :admin) + user.update_attributes(role: :director) redirect_to edit_manage_user_path(user) end diff --git a/app/controllers/manage/trackable_events_controller.rb b/app/controllers/manage/trackable_events_controller.rb index 1bd812fb5..8eff9579a 100644 --- a/app/controllers/manage/trackable_events_controller.rb +++ b/app/controllers/manage/trackable_events_controller.rb @@ -1,6 +1,6 @@ class Manage::TrackableEventsController < Manage::ApplicationController - skip_before_action :require_admin_or_limited_admin - before_action :require_admin_or_limited_admin_or_event_tracking + skip_before_action :require_director_or_limited_admin + before_action :require_director_or_limited_admin_or_event_tracking before_action :set_trackable_event, only: [:show, :edit, :update, :destroy] before_action :scope_limited_admin_access, only: [:edit, :update, :destroy] @@ -81,13 +81,13 @@ def trackable_event_params params.require(:trackable_event).permit(:band_id, :trackable_tag_id) end - # Permit limited-access admins (overrides Manage::ApplicationController#limit_write_access_to_admins) - def limit_write_access_to_admins + # Permit limited-access directors (overrides Manage::ApplicationController#limit_write_access_to_directors) + def limit_write_access_to_directors end - # If the user isn't a full admin, scope changes only to those they created + # If the user isn't a director, scope changes only to those they created def scope_limited_admin_access - return if current_user.admin? || @trackable_event.blank? || @trackable_event.user.blank? + return if current_user.director? || @trackable_event.blank? || @trackable_event.user.blank? redirect_to manage_trackable_events_path, notice: 'You may not view events you did not create.' if @trackable_event.user != current_user end end diff --git a/app/controllers/manage/trackable_tags_controller.rb b/app/controllers/manage/trackable_tags_controller.rb index 525643772..b1dc4f0dc 100644 --- a/app/controllers/manage/trackable_tags_controller.rb +++ b/app/controllers/manage/trackable_tags_controller.rb @@ -1,6 +1,6 @@ class Manage::TrackableTagsController < Manage::ApplicationController - skip_before_action :require_admin_or_limited_admin - before_action :require_admin_or_limited_admin_or_event_tracking + skip_before_action :require_director_or_limited_admin + before_action :require_director_or_limited_admin_or_event_tracking before_action :set_trackable_tag, only: [:show, :edit, :update, :destroy] diff --git a/app/controllers/manage/users_controller.rb b/app/controllers/manage/users_controller.rb index e64fad0e0..91988cc32 100644 --- a/app/controllers/manage/users_controller.rb +++ b/app/controllers/manage/users_controller.rb @@ -1,19 +1,19 @@ class Manage::UsersController < Manage::ApplicationController - before_action :require_full_admin + before_action :require_director before_action :find_user, only: [:show, :edit, :update, :destroy] respond_to :html, :json def index - respond_with(:manage, User.where(role: [:admin, :admin_limited_access, :event_tracking])) + respond_with(:manage, User.where(role: [:director, :admin_limited_access, :event_tracking])) end def user_datatable render json: UserDatatable.new(params, view_context: view_context) end - def admin_datatable - render json: AdminDatatable.new(params, view_context: view_context) + def staff_datatable + render json: StaffDatatable.new(params, view_context: view_context) end def show diff --git a/app/datatables/questionnaire_datatable.rb b/app/datatables/questionnaire_datatable.rb index 48f04cc8e..6ff70041c 100644 --- a/app/datatables/questionnaire_datatable.rb +++ b/app/datatables/questionnaire_datatable.rb @@ -35,7 +35,7 @@ def note(record) def bus_captain(record) return "No" unless record.bus_list_id? - return record.is_bus_captain? ? 'Yes' : "No" unless current_user.admin? + return record.is_bus_captain? ? 'Yes' : "No" unless current_user.director? if record.is_bus_captain? link_to("Remove", toggle_bus_captain_manage_bus_list_path(record.bus_list_id, questionnaire_id: record.id, bus_captain: "0"), method: "post", class: "text-danger") @@ -47,7 +47,7 @@ def bus_captain(record) def data records.map do |record| { - bulk: current_user.admin? ? "".html_safe : "", + bulk: current_user.director? ? "".html_safe : "", link: link_to(''.html_safe, manage_questionnaire_path(record)), note: note(record), id: record.id, diff --git a/app/datatables/admin_datatable.rb b/app/datatables/staff_datatable.rb similarity index 94% rename from app/datatables/admin_datatable.rb rename to app/datatables/staff_datatable.rb index d34cb8a61..54a756c4a 100644 --- a/app/datatables/admin_datatable.rb +++ b/app/datatables/staff_datatable.rb @@ -1,4 +1,4 @@ -class AdminDatatable < ApplicationDatatable +class StaffDatatable < ApplicationDatatable def_delegators :@view, :link_to, :manage_user_path, :bold, :display_datetime def view_columns @@ -43,6 +43,6 @@ def data end def get_raw_records - User.where(role: [:admin, :admin_limited_access, :event_tracking]) + User.where(role: [:director, :admin_limited_access, :event_tracking]) end end diff --git a/app/jobs/bulk_message_job.rb b/app/jobs/bulk_message_job.rb index 2989e6564..3af60748e 100644 --- a/app/jobs/bulk_message_job.rb +++ b/app/jobs/bulk_message_job.rb @@ -27,11 +27,11 @@ def self.build_recipients(recipient_types) def self.user_ids(type) case type when "all" - # Everyone, including admins that completed a questionnaire - User.non_admins.pluck(:id) + Questionnaire.pluck(:user_id) + # Everyone, including organizers that completed a questionnaire + User.non_organizer.pluck(:id) + Questionnaire.pluck(:user_id) when "incomplete" - # Incomplete applications, excluding admins that don't have a questionnaire - User.non_admins.pluck(:id) - Questionnaire.pluck(:user_id) + # Incomplete applications, excluding organizers that don't have a questionnaire + User.non_organizer.pluck(:id) - Questionnaire.pluck(:user_id) when "complete" Questionnaire.pluck(:user_id) when "accepted" diff --git a/app/jobs/admin_weekly_report_job.rb b/app/jobs/staff_weekly_report_job.rb similarity index 71% rename from app/jobs/admin_weekly_report_job.rb rename to app/jobs/staff_weekly_report_job.rb index 5c3f7b0c5..5e78e0fa7 100644 --- a/app/jobs/admin_weekly_report_job.rb +++ b/app/jobs/staff_weekly_report_job.rb @@ -1,11 +1,11 @@ -class AdminWeeklyReportJob < ApplicationJob +class StaffWeeklyReportJob < ApplicationJob queue_as :default def perform # Queue all eligible users and let the is_active (or other) logic determine if they should really receive it users = User.where(receive_weekly_report: true) users.each do |user| - AdminMailer.weekly_report(user.id).deliver_later + StaffMailer.weekly_report(user.id).deliver_later end end end diff --git a/app/mailers/mail_preview.rb b/app/mailers/mail_preview.rb index d29bda648..18d63abf8 100644 --- a/app/mailers/mail_preview.rb +++ b/app/mailers/mail_preview.rb @@ -5,8 +5,8 @@ def bulk_message_email UserMailer.bulk_message_email(message, User.first.id) end - def admin_weekly_report - AdminMailer.weekly_report(User.first.id) + def staff_weekly_report + StaffMailer.weekly_report(User.first.id) end end end diff --git a/app/mailers/admin_mailer.rb b/app/mailers/staff_mailer.rb similarity index 96% rename from app/mailers/admin_mailer.rb rename to app/mailers/staff_mailer.rb index 2fd2d8bb6..269149968 100644 --- a/app/mailers/admin_mailer.rb +++ b/app/mailers/staff_mailer.rb @@ -1,8 +1,8 @@ -class AdminMailer < ApplicationMailer +class StaffMailer < ApplicationMailer include Roadie::Rails::Automatic add_template_helper(HackathonManagerHelper) - layout "admin_mailer" + layout "staff_mailer" def weekly_report(user_id) # Don't send emails more than 7 days after event starts diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 42cc88df2..6735e6c5a 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -16,7 +16,7 @@ def bulk_message_email(message_id, user_id, message = nil, use_examples = false) def incomplete_reminder_email(user_id) @user = User.find_by_id(user_id) - return if @user.blank? || @user.admin? || @user.questionnaire || Time.now.to_date > Date.parse(HackathonConfig["last_day_to_apply"]) + return if @user.blank? || @user.director? || @user.questionnaire || Time.now.to_date > Date.parse(HackathonConfig["last_day_to_apply"]) Message.queue_for_trigger("user.24hr_incomplete_application", @user.id) end diff --git a/app/models/user.rb b/app/models/user.rb index 3b5de0bd2..eb3f1e642 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -23,7 +23,7 @@ class User < ApplicationRecord after_create :queue_reminder_email after_initialize :set_default_role, if: :new_record? - enum role: { user: 0, event_tracking: 1, admin_limited_access: 2, admin: 3 } + enum role: { user: 0, event_tracking: 1, admin_limited_access: 2, director: 3 } def set_default_role self.role ||= :user @@ -75,11 +75,11 @@ def self.from_omniauth(auth) current_user end - def self.non_admins - User.where.not(role: :admin).where.not(role: :admin_limited_access) + def self.non_organizer + User.where.not(role: :director).where.not(role: :admin_limited_access) end def self.without_questionnaire - non_admins.left_outer_joins(:questionnaire).where(questionnaires: { id: nil }) + non_organizer.left_outer_joins(:questionnaire).where(questionnaires: { id: nil }) end end diff --git a/app/views/layouts/_header.html.haml b/app/views/layouts/_header.html.haml index 70e752570..8c97b4c3c 100644 --- a/app/views/layouts/_header.html.haml +++ b/app/views/layouts/_header.html.haml @@ -10,6 +10,6 @@ = btn_link_to "Home", homepage_url .header-nav - if user_signed_in? - - if current_user.admin? + - if current_user.director? = btn_link_to "Manage", manage_root_path = btn_link_to "Sign Out", destroy_user_session_path, method: :delete diff --git a/app/views/layouts/manage/_page_title.html.haml b/app/views/layouts/manage/_page_title.html.haml index 4affee59c..d4b2a0e3c 100644 --- a/app/views/layouts/manage/_page_title.html.haml +++ b/app/views/layouts/manage/_page_title.html.haml @@ -4,5 +4,5 @@ - if defined?(subtitle) && subtitle.present? %small.text-muted= subtitle - - if current_user.try(:admin?) + - if current_user.try(:director?) = yield diff --git a/app/views/layouts/manage/application.html.haml b/app/views/layouts/manage/application.html.haml index 730a76151..dcfffaae2 100644 --- a/app/views/layouts/manage/application.html.haml +++ b/app/views/layouts/manage/application.html.haml @@ -72,7 +72,7 @@ .fa.fa-home.fa-fw.icon-space-r-half = t(:title, scope: 'pages.manage.schools') - - if current_user.admin? + - if current_user.director? %h6.sidebar-heading.d-flex.justify-content-between.align-items-center.px-3.mt-4.mb-1.text-muted %span = t(:administration, scope: 'layouts.manage.navigation') diff --git a/app/views/layouts/admin_mailer.html.erb b/app/views/layouts/staff_mailer.html.erb similarity index 100% rename from app/views/layouts/admin_mailer.html.erb rename to app/views/layouts/staff_mailer.html.erb diff --git a/app/views/manage/application/_questionnaire_datatable.html.haml b/app/views/manage/application/_questionnaire_datatable.html.haml index 61f33683c..a985b3d44 100644 --- a/app/views/manage/application/_questionnaire_datatable.html.haml +++ b/app/views/manage/application/_questionnaire_datatable.html.haml @@ -19,7 +19,7 @@ %thead %tr %th{'data-table': { orderable: 'false', data: 'bulk', visible: bulk_actions ? 'true' : 'false' }} - - if current_user.admin? + - if current_user.director? %input{ type: "checkbox", name: "select_allc", value: "1", data: { bulk_row_select: "" } } %th{'data-table': { orderable: 'false', data: 'link', visible: visible.call('link', columns) }} %th{'data-table': { orderable: 'false', data: 'note', visible: visible.call('note', columns) }} diff --git a/app/views/manage/bus_lists/show.html.haml b/app/views/manage/bus_lists/show.html.haml index d13c65b9c..1bc51c05b 100644 --- a/app/views/manage/bus_lists/show.html.haml +++ b/app/views/manage/bus_lists/show.html.haml @@ -59,7 +59,7 @@ %th Email %th Phone Number %th School - - if current_user.admin? + - if current_user.director? %th Actions %tbody - @bus_list.passengers.select { |q| q.bus_captain_interest }.each do |p| @@ -70,7 +70,7 @@ %td= p.email %td= phone_link_to p.phone %td= link_to p.school.name, manage_school_path(p.school) - - if current_user.admin? + - if current_user.director? %td - if p.is_bus_captain? = link_to "Remove Bus Captain", toggle_bus_captain_manage_bus_list_path(@bus_list, questionnaire_id: p.id, bus_captain: '0'), method: 'post', class: 'text-danger' diff --git a/app/views/manage/messages/_message_template_status.haml b/app/views/manage/messages/_message_template_status.haml index 6677e267f..971ee2c82 100644 --- a/app/views/manage/messages/_message_template_status.haml +++ b/app/views/manage/messages/_message_template_status.haml @@ -5,7 +5,7 @@ %span.badge.badge-danger.mb-1 Using customized template %br Not in sync with HackathonManager - - if current_user.try(:admin?) + - if current_user.try(:director?) %br %small = link_to template_replace_with_default_manage_messages_path, method: :post, data: { confirm: 'Are you sure? This will permanently erase the existing template and replace it with the HackathonManager default. This action is irreversible.'} do diff --git a/app/views/manage/messages/index.html.haml b/app/views/manage/messages/index.html.haml index 7c8299518..8fd7b7a12 100644 --- a/app/views/manage/messages/index.html.haml +++ b/app/views/manage/messages/index.html.haml @@ -19,7 +19,7 @@ = render 'triggered_email_summary' -- if current_user.try(:admin?) +- if current_user.try(:director?) .mb-4 %h3.pb-2.mb-3.border-bottom#triggered-email-overview Message Template %p The message template is used for all outgoing emails. If desired, it may be customized to your needs. diff --git a/app/views/manage/questionnaires/show.html.haml b/app/views/manage/questionnaires/show.html.haml index 54d910fa9..1741c553f 100644 --- a/app/views/manage/questionnaires/show.html.haml +++ b/app/views/manage/questionnaires/show.html.haml @@ -9,14 +9,14 @@ = render 'check_in_badge' .btn-group{role: "group"} - - if current_user.admin? + - if current_user.director? = link_to 'Edit', edit_manage_questionnaire_path(@questionnaire), class: 'btn btn-sm btn-outline-secondary' - - if current_user.admin? + - if current_user.director? .btn-group{role: "group"} %button.btn.btn-sm.btn-outline-secondary.dropdown-toggle#title-actions{"aria-expanded" => "false", "aria-haspopup" => "true", "data-toggle" => "dropdown", type: "button"} .fa.fa-cog .dropdown-menu.dropdown-menu-right{"aria-labelledby" => "title-actions"} - = link_to 'Convert to Admin', convert_to_admin_manage_questionnaire_path(@questionnaire), method: :patch, data: { confirm: "Are you sure? The questionnaire for \"#{@questionnaire.user.full_name}\" will be permanently erased, and \"#{@questionnaire.email}\" will become an admin. This action is irreversible." }, class: 'dropdown-item' + = link_to 'Convert to Director', convert_to_director_manage_questionnaire_path(@questionnaire), method: :patch, data: { confirm: "Are you sure? The questionnaire for \"#{@questionnaire.user.full_name}\" will be permanently erased, and \"#{@questionnaire.email}\" will become a director. This action is irreversible." }, class: 'dropdown-item' = render 'overview' @@ -40,7 +40,7 @@ - else = "(no author)" = @questionnaire.acc_status_date ? display_datetime(@questionnaire.acc_status_date, in_sentence: true) : "(no date)" - - if current_user.admin? + - if current_user.director? = bs_vertical_simple_form @questionnaire, url: url_for(action: "update_acc_status", controller: "questionnaires") do |f| = f.input :acc_status, as: :select, collection: Questionnaire::POSSIBLE_ACC_STATUS.invert, include_blank: false, label: "Acceptance Status:", hint: "Updating this status may trigger an automatic email to the applicant - see #{link_to('messages', manage_messages_path(anchor: 'triggered-email-overview'))} for details.".html_safe = f.button :submit, value: "Update Status", class: 'btn-primary' diff --git a/app/views/manage/trackable_events/index.html.haml b/app/views/manage/trackable_events/index.html.haml index ae63ad9ca..8a4f51b77 100644 --- a/app/views/manage/trackable_events/index.html.haml +++ b/app/views/manage/trackable_events/index.html.haml @@ -28,7 +28,7 @@ %td= trackable_event.trackable_tag.name %td= trackable_event.user.email %td= link_to 'Show', manage_trackable_event_path(trackable_event) - - if current_user.admin? || current_user == trackable_event.user + - if current_user.director? || current_user == trackable_event.user %td= link_to 'Edit', edit_manage_trackable_event_path(trackable_event) %td= link_to 'Destroy', manage_trackable_event_path(trackable_event), method: :delete, data: { confirm: 'Are you sure?' } - else diff --git a/app/views/manage/trackable_tags/show.html.haml b/app/views/manage/trackable_tags/show.html.haml index c9ad2ece3..a25899c6f 100644 --- a/app/views/manage/trackable_tags/show.html.haml +++ b/app/views/manage/trackable_tags/show.html.haml @@ -34,7 +34,7 @@ %td= trackable_event.band_id %td= trackable_event.user.email %td - - if current_user.admin? || current_user == trackable_event.user + - if current_user.director? || current_user == trackable_event.user = link_to 'Edit', edit_manage_trackable_event_path(trackable_event) .row.mt-2.mb-4 diff --git a/app/views/manage/users/index.html.haml b/app/views/manage/users/index.html.haml index 6a0a96855..0b9b8a286 100644 --- a/app/views/manage/users/index.html.haml +++ b/app/views/manage/users/index.html.haml @@ -27,7 +27,7 @@ .col %h5.dashboard-container-title = t(:staff, scope: 'pages.manage.users', hackathon_name: HackathonConfig['name']) - %table.admins.datatable.table.table-striped.table-hover{ "data-source" => admin_datatable_manage_users_path(format: :json) } + %table.staff.datatable.table.table-striped.table-hover{ "data-source" => staff_datatable_manage_users_path(format: :json) } %thead %tr %th= t(:id, scope: 'pages.manage.users.table') diff --git a/app/views/admin_mailer/weekly_report.haml b/app/views/staff_mailer/weekly_report.haml similarity index 100% rename from app/views/admin_mailer/weekly_report.haml rename to app/views/staff_mailer/weekly_report.haml diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 591199ccb..328db22cc 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -18,7 +18,7 @@ # every time somebody will try to access the admin web interface. admin_authenticator do if current_user - head :forbidden unless current_user.admin? || current_user.admin_limited_access? + head :forbidden unless current_user.director? || current_user.admin_limited_access? else redirect_to new_user_session_url end diff --git a/config/locales/en.yml b/config/locales/en.yml index 5e62ea3fa..a896f6425 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -47,7 +47,7 @@ en: user: role: Limited access prevents the admin from adding, modifying, or deleting any records; modifications through the check-in process are allowed. Event tracking limits to only event tracking. is_active: Deactivating a user will prevent them from logging in. Their access will be immediately revoked from the admin and application pages. - receive_weekly_report: A weekly email report on admissions, bus lists, and messages. Only sent when there are weekly updates up until 7 days past the event. Disabled for inactive admins. + receive_weekly_report: A weekly email report on admissions, bus lists, and messages. Only sent when there are weekly updates up until 7 days past the event. Disabled for inactive staff members. message: type: Bulk emails are sent once, manually. Automated emails are sent upon a desired trigger/event. name: A friendly name to recognize this email. Applicants won't see this. diff --git a/config/routes.rb b/config/routes.rb index 872cbfc23..7204d6f4c 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -19,7 +19,7 @@ end end - authenticate :user, ->(u) { u.admin? } do + authenticate :user, ->(u) { u.director? } do mount Sidekiq::Web => "/sidekiq" mount Blazer::Engine, at: "blazer" end @@ -55,7 +55,7 @@ resources :questionnaires do post :datatable, on: :collection patch :check_in, on: :member - patch :convert_to_admin, on: :member + patch :convert_to_director, on: :member patch :update_acc_status, on: :member patch :bulk_apply, on: :collection end @@ -64,7 +64,7 @@ end resources :users do post :user_datatable, on: :collection - post :admin_datatable, on: :collection + post :staff_datatable, on: :collection patch :reset_password, on: :member end resources :messages do diff --git a/config/schedule.yml b/config/schedule.yml index 7035ecc3f..520cc4fe0 100644 --- a/config/schedule.yml +++ b/config/schedule.yml @@ -1,3 +1,3 @@ -admin_weekly_report: +staff_weekly_report: cron: '0 8 * * MON' - class: 'AdminWeeklyReportJob' + class: 'StaffWeeklyReportJob' diff --git a/docs/api-setup.md b/docs/api-setup.md index 64cc522c2..b20305fc4 100644 --- a/docs/api-setup.md +++ b/docs/api-setup.md @@ -9,7 +9,7 @@ These programs allow you to run API requests (`GET`, `POST`, and so on) in an is In order to make requests in either Postman or Paw, you need to setup _OAuth 2 authorization_, as in HackathonManager, each request needs to be authorized first. This guide discusses how to enable OAuth 2 for these apps. -This guide assumes you have already setup an admin account on a local HackathonManager instance. For more details on this, see the [main README](https://github.com/codeRIT/hackathon-manager#local-development). +This guide assumes you have already setup an account with Director status on a local HackathonManager instance. For more details on this, see the [main README](https://github.com/codeRIT/hackathon-manager#local-development). > To make API requests on a live/remote instance, simply replace `localhost` in all following commands with your HackathonManager's URL. @@ -27,7 +27,7 @@ Select an app below to jump directly to its guide: ## Connecting with Postman -In HackathonManager, sign in to your admin account and click "Manage". Then, at the bottom left of the sidebar, click the **Doorkeeper** tab. +In HackathonManager, sign in to your staff account and click "Manage". Then, at the bottom left of the sidebar, click the **Doorkeeper** tab. @@ -47,7 +47,7 @@ On this screen, fill out the information but with your own keys from the image a -You should get a popup with your hackathon's sign in screen. Type in your admin credentials and log in. +You should get a popup with your hackathon's sign in screen. Type in your staff credentials and log in. On the next screen, select `Authorize`: diff --git a/docs/api-usage.md b/docs/api-usage.md index f7ff37c4f..9b03e7185 100644 --- a/docs/api-usage.md +++ b/docs/api-usage.md @@ -41,7 +41,7 @@ Example for questionnaire management endpoints: Prefix Verb URI Pattern Controller#Action datatable_manage_questionnaires POST /manage/questionnaires/datatable(.:format) manage/questionnaires#datatable check_in_manage_questionnaire PATCH /manage/questionnaires/:id/check_in(.:format) manage/questionnaires#check_in - convert_to_admin_manage_questionnaire PATCH /manage/questionnaires/:id/convert_to_admin(.:format) manage/questionnaires#convert_to_admin + convert_to_director_manage_questionnaire PATCH /manage/questionnaires/:id/convert_to_director(.:format) manage/questionnaires#convert_to_admin update_acc_status_manage_questionnaire PATCH /manage/questionnaires/:id/update_acc_status(.:format) manage/questionnaires#update_acc_status bulk_apply_manage_questionnaires PATCH /manage/questionnaires/bulk_apply(.:format) manage/questionnaires#bulk_apply manage_questionnaires GET /manage/questionnaires(.:format) manage/questionnaires#index diff --git a/docs/deployment-dokku.md b/docs/deployment-dokku.md index 7f5c1cf04..3b0fe0838 100644 --- a/docs/deployment-dokku.md +++ b/docs/deployment-dokku.md @@ -103,14 +103,14 @@ dokku letsencrypt hm - Deploy should succeed without any red flags in the build log - Should be able to submit an application on the website & receive an immediate confirmation email -### Promote account to admin +### Promote account to director ```bash dokku enter hm web # Wait for a bash shell to start... $ bin/rails c # Wait for the Rails console to start... -User.find_by(email: "your-email@example.com").update_attribute(:role, :admin) +User.find_by(email: "your-email@example.com").update_attribute(:role, :director) exit exit ``` diff --git a/docs/deployment-okd.md b/docs/deployment-okd.md index 69c00fcf8..23468082f 100644 --- a/docs/deployment-okd.md +++ b/docs/deployment-okd.md @@ -152,7 +152,7 @@ spec: 1. Seed the database (schools, emails, etc) -- do this **before** you create your first user 2. Apply as a hacker -3. Manually promote your (first) account to an admin +3. Manually promote your (first) account to a director 4. Configure your hackathon ### Seed the database @@ -170,7 +170,7 @@ exit 1. Open your hackathon's website, create an account, and complete an application 2. Validate that you received a confirmation email (if you didn't, don't fix it now, but take note for later) -### Manually promote your account to admin status +### Manually promote your account to director status 1. On the OKD website, navigate to the currently-running HackathonManager pod (Applications -> Pods -> Click the HM pod in the list) 2. In the tab bar, click "Terminal" @@ -178,7 +178,7 @@ exit ```bash bin/rails c # Wait for the Rails console to start... -User.find_by(email: "your-email@example.com").update_attribute(:role, :admin) +User.find_by(email: "your-email@example.com").update_attribute(:role, :director) exit exit ``` diff --git a/docs/messages.md b/docs/messages.md index 673a50dc9..c47392f52 100644 --- a/docs/messages.md +++ b/docs/messages.md @@ -53,7 +53,7 @@ Automated emails can also be sent out upon certain events happening. All events * **Questionnaire status** — Upon being accepted, denied, RSVP'd, etc * **Bust list** — Becoming a passenger or bus captain -These messages are sent immediatley upon an applicant entering the given state. For example, when an admin marks someone as "accepted," they will immediately receive any automated messages assocaited with the "Questionnaire Status: Accepted" event. +These messages are sent immediatley upon an applicant entering the given state. For example, when a staff member marks someone as "accepted," they will immediately receive any automated messages assocaited with the "Questionnaire Status: Accepted" event. ## Message formatting diff --git a/test/controllers/bus_lists_controller_test.rb b/test/controllers/bus_lists_controller_test.rb index c32066764..e50ecd7fc 100644 --- a/test/controllers/bus_lists_controller_test.rb +++ b/test/controllers/bus_lists_controller_test.rb @@ -19,7 +19,7 @@ class BusListsControllerTest < ActionController::TestCase context "while authenticated without a questionnaire" do setup do - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] @user = create(:user, email: "newabc@example.com") sign_in @user end @@ -37,7 +37,7 @@ class BusListsControllerTest < ActionController::TestCase context "while authenticated with a questionnaire but no bus list" do setup do - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @questionnaire.user @questionnaire.update_attribute(:acc_status, "accepted") end @@ -55,7 +55,7 @@ class BusListsControllerTest < ActionController::TestCase context "while authenticated with a questionnaire with a bus list" do setup do - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @questionnaire.user @questionnaire.update_attribute(:acc_status, "accepted") @bus_list = create(:bus_list) diff --git a/test/controllers/manage/bus_lists_controller_test.rb b/test/controllers/manage/bus_lists_controller_test.rb index c03b743b8..065dfbb80 100644 --- a/test/controllers/manage/bus_lists_controller_test.rb +++ b/test/controllers/manage/bus_lists_controller_test.rb @@ -140,7 +140,7 @@ class Manage::BusListsControllerTest < ActionController::TestCase context "while authenticated as a limited access admin" do setup do @user = create(:limited_access_admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -205,7 +205,7 @@ class Manage::BusListsControllerTest < ActionController::TestCase context "while authenticated as an admin" do setup do - @user = create(:admin) + @user = create(:director) @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end diff --git a/test/controllers/manage/checkins_controller_test.rb b/test/controllers/manage/checkins_controller_test.rb index 58d2f6df3..928aa987f 100644 --- a/test/controllers/manage/checkins_controller_test.rb +++ b/test/controllers/manage/checkins_controller_test.rb @@ -15,7 +15,7 @@ class Manage::CheckinsControllerTest < ActionController::TestCase setup do if do_sign_in @user = create(:user) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end end @@ -43,7 +43,7 @@ class Manage::CheckinsControllerTest < ActionController::TestCase context "while authenticated as a user" do setup do @user = create(:user) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -60,7 +60,7 @@ class Manage::CheckinsControllerTest < ActionController::TestCase context "while authenticated as a #{condition_name}" do setup do @user = create(:user, role: user_role) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -80,14 +80,14 @@ class Manage::CheckinsControllerTest < ActionController::TestCase success_conditions = { 'limited access admin' => :admin_limited_access, - 'admin' => :admin + 'director' => :director } success_conditions.each do |condition_name, user_role| context "while authenticated as a #{condition_name}" do setup do @user = create(:user, role: user_role) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/configs_controller_test.rb b/test/controllers/manage/configs_controller_test.rb index 038423fa4..16bcd4ceb 100644 --- a/test/controllers/manage/configs_controller_test.rb +++ b/test/controllers/manage/configs_controller_test.rb @@ -31,7 +31,7 @@ class Manage::ConfigsControllerTest < ActionController::TestCase context "while authenticated as a user" do setup do @user = create(:user) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -64,7 +64,7 @@ class Manage::ConfigsControllerTest < ActionController::TestCase context "while authenticated as a limited access admin" do setup do @user = create(:limited_access_admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -93,8 +93,8 @@ class Manage::ConfigsControllerTest < ActionController::TestCase context "while authenticated as an admin" do setup do - @user = create(:admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @user = create(:director) + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/dashboard_controller_test.rb b/test/controllers/manage/dashboard_controller_test.rb index f1dad23c1..b04cb36b9 100644 --- a/test/controllers/manage/dashboard_controller_test.rb +++ b/test/controllers/manage/dashboard_controller_test.rb @@ -12,7 +12,7 @@ class Manage::DashboardControllerTest < ActionController::TestCase context "while authenticated as a user" do setup do @user = create(:user) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -25,8 +25,8 @@ class Manage::DashboardControllerTest < ActionController::TestCase context "while authenticated as an admin" do setup do - @user = create(:admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @user = create(:director) + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/messages_controller_test.rb b/test/controllers/manage/messages_controller_test.rb index 291ee290a..b7d3db3d6 100644 --- a/test/controllers/manage/messages_controller_test.rb +++ b/test/controllers/manage/messages_controller_test.rb @@ -203,7 +203,7 @@ class Manage::MessagesControllerTest < ActionController::TestCase context "while authenticated as a limited access admin" do setup do @user = create(:limited_access_admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -298,7 +298,7 @@ class Manage::MessagesControllerTest < ActionController::TestCase context "while authenticated as an admin" do setup do - @user = create(:admin) + @user = create(:director) @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end diff --git a/test/controllers/manage/questionnaires_controller_test.rb b/test/controllers/manage/questionnaires_controller_test.rb index 969937faa..1e94129b9 100644 --- a/test/controllers/manage/questionnaires_controller_test.rb +++ b/test/controllers/manage/questionnaires_controller_test.rb @@ -50,8 +50,8 @@ class Manage::QuestionnairesControllerTest < ActionController::TestCase assert_redirected_to new_user_session_path end - should "not allow convert questionnaire's user to an admin" do - patch :convert_to_admin, params: { id: @questionnaire } + should "not allow convert questionnaire's user to an director" do + patch :convert_to_director, params: { id: @questionnaire } assert_response :redirect assert_redirected_to new_user_session_path end @@ -77,7 +77,7 @@ class Manage::QuestionnairesControllerTest < ActionController::TestCase context "while authenticated as a user" do setup do - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @questionnaire.user end @@ -123,8 +123,8 @@ class Manage::QuestionnairesControllerTest < ActionController::TestCase assert_redirected_to root_path end - should "not allow convert questionnaire's user to an admin" do - patch :convert_to_admin, params: { id: @questionnaire } + should "not allow convert questionnaire's user to a director" do + patch :convert_to_director, params: { id: @questionnaire } assert_response :redirect assert_redirected_to root_path end @@ -151,7 +151,7 @@ class Manage::QuestionnairesControllerTest < ActionController::TestCase context "while authenticated as a limited access admin" do setup do @user = create(:limited_access_admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -194,10 +194,10 @@ class Manage::QuestionnairesControllerTest < ActionController::TestCase assert_redirected_to manage_questionnaires_path end - should "not allow convert questionnaire's user to an admin" do - patch :convert_to_admin, params: { id: @questionnaire } + should "not allow convert questionnaire's user to a director" do + patch :convert_to_director, params: { id: @questionnaire } assert_response :redirect - assert_redirected_to manage_questionnaires_path + assert_redirected_to edit_manage_user_path(assigns(:questionnaire).user) end should "not allow access to manage_questionnaires#destroy" do @@ -218,10 +218,10 @@ class Manage::QuestionnairesControllerTest < ActionController::TestCase end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do - @user = create(:admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @user = create(:director) + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -299,9 +299,9 @@ class Manage::QuestionnairesControllerTest < ActionController::TestCase assert_redirected_to manage_questionnaire_path(assigns(:questionnaire)) end - should "convert questionnaire's user to an admin" do - patch :convert_to_admin, params: { id: @questionnaire } - assert assigns(:questionnaire).user.admin? + should "convert questionnaire's user to a director" do + patch :convert_to_director, params: { id: @questionnaire } + assert assigns(:questionnaire).user.director? assert_nil assigns(:questionnaire).user.reload.questionnaire assert_redirected_to edit_manage_user_path(assigns(:questionnaire).user) end diff --git a/test/controllers/manage/schools_controller_test.rb b/test/controllers/manage/schools_controller_test.rb index 6402b80ce..b08d30e8c 100644 --- a/test/controllers/manage/schools_controller_test.rb +++ b/test/controllers/manage/schools_controller_test.rb @@ -137,7 +137,7 @@ class Manage::SchoolsControllerTest < ActionController::TestCase context "while authenticated as a limited access admin" do setup do @user = create(:limited_access_admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -199,9 +199,9 @@ class Manage::SchoolsControllerTest < ActionController::TestCase end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do - @user = create(:admin) + @user = create(:director) @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end diff --git a/test/controllers/manage/stats_controller_test.rb b/test/controllers/manage/stats_controller_test.rb index 9e4e66f65..2b6e39a2e 100644 --- a/test/controllers/manage/stats_controller_test.rb +++ b/test/controllers/manage/stats_controller_test.rb @@ -20,7 +20,7 @@ class Manage::StatsControllerTest < ActionController::TestCase context "while authenticated as a user" do setup do @user = create(:user) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -39,10 +39,10 @@ class Manage::StatsControllerTest < ActionController::TestCase end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do - @user = create(:admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @user = create(:director) + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/trackable_events_controller_test.rb b/test/controllers/manage/trackable_events_controller_test.rb index faf5b4478..0626b28b0 100644 --- a/test/controllers/manage/trackable_events_controller_test.rb +++ b/test/controllers/manage/trackable_events_controller_test.rb @@ -15,7 +15,7 @@ class Manage::TrackableEventsControllerTest < ActionController::TestCase setup do if do_sign_in @user = create(:user) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user @trackable_event.update_attribute(:user, @user) end @@ -60,7 +60,7 @@ class Manage::TrackableEventsControllerTest < ActionController::TestCase context "while authenticated as a #{condition_name}" do setup do @user = create(:user, role: user_role) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user @trackable_event.update_attribute(:user, @user) end @@ -105,10 +105,10 @@ class Manage::TrackableEventsControllerTest < ActionController::TestCase end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do - @user = create(:admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @user = create(:director) + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/trackable_tags_controller_test.rb b/test/controllers/manage/trackable_tags_controller_test.rb index a392cf371..31343883b 100644 --- a/test/controllers/manage/trackable_tags_controller_test.rb +++ b/test/controllers/manage/trackable_tags_controller_test.rb @@ -15,7 +15,7 @@ class Manage::TrackableTagsControllerTest < ActionController::TestCase setup do if do_sign_in @user = create(:user) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end end @@ -59,7 +59,7 @@ class Manage::TrackableTagsControllerTest < ActionController::TestCase context "while authenticated as a #{condition_name}" do setup do @user = create(:user, role: user_role) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end @@ -93,10 +93,10 @@ class Manage::TrackableTagsControllerTest < ActionController::TestCase end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do - @user = create(:admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @user = create(:director) + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/users_controller_test.rb b/test/controllers/manage/users_controller_test.rb index 1a2b5dc42..1349176d0 100644 --- a/test/controllers/manage/users_controller_test.rb +++ b/test/controllers/manage/users_controller_test.rb @@ -17,8 +17,8 @@ class Manage::UsersControllerTest < ActionController::TestCase assert_response 401 end - should "not allow access to manage_users admin datatables api" do - post :admin_datatable, format: :json, params: { "columns[0][data]" => "" } + should "not allow access to manage_users staff datatables api" do + post :staff_datatable, format: :json, params: { "columns[0][data]" => "" } assert_response 401 end @@ -65,8 +65,8 @@ class Manage::UsersControllerTest < ActionController::TestCase assert_redirected_to root_path end - should "not allow access to manage_users admin datatables api" do - post :admin_datatable, format: :json, params: { "columns[0][data]" => "" } + should "not allow access to manage_users staff datatables api" do + post :staff_datatable, format: :json, params: { "columns[0][data]" => "" } assert_response :redirect assert_redirected_to root_path end @@ -99,7 +99,7 @@ class Manage::UsersControllerTest < ActionController::TestCase context "while authenticated as a limited access admin" do setup do @user = create(:limited_access_admin) - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:staff] sign_in @user end @@ -113,8 +113,8 @@ class Manage::UsersControllerTest < ActionController::TestCase assert_redirected_to root_path end - should "not allow access to manage_users admins datatables api" do - post :admin_datatable, format: :json, params: { "columns[0][data]" => "" } + should "not allow access to manage_users staff datatables api" do + post :staff_datatable, format: :json, params: { "columns[0][data]" => "" } assert_redirected_to root_path end @@ -142,9 +142,9 @@ class Manage::UsersControllerTest < ActionController::TestCase end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do - @user = create(:admin) + @user = create(:director) @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end diff --git a/test/controllers/questionnaires_controller_test.rb b/test/controllers/questionnaires_controller_test.rb index faf0279a0..3bc174704 100644 --- a/test/controllers/questionnaires_controller_test.rb +++ b/test/controllers/questionnaires_controller_test.rb @@ -35,7 +35,7 @@ class QuestionnairesControllerTest < ActionController::TestCase context "while authenticated without a completed questionnaire" do setup do - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] @user = create(:user) sign_in @user end @@ -130,7 +130,7 @@ class QuestionnairesControllerTest < ActionController::TestCase context "while authenticated with a completed questionnaire" do setup do - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @questionnaire.user end diff --git a/test/controllers/rsvps_controller_test.rb b/test/controllers/rsvps_controller_test.rb index 77a15dbe7..d60b1f4dd 100644 --- a/test/controllers/rsvps_controller_test.rb +++ b/test/controllers/rsvps_controller_test.rb @@ -32,7 +32,7 @@ class RsvpsControllerTest < ActionController::TestCase context "while authenticated without a questionnaire" do setup do - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] @user = create(:user, email: "newabc@example.com") sign_in @user end @@ -60,7 +60,7 @@ class RsvpsControllerTest < ActionController::TestCase context "while authenticated with a non-accepted questionnaire" do setup do - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @questionnaire.user @questionnaire.acc_status = "denied" end @@ -90,7 +90,7 @@ class RsvpsControllerTest < ActionController::TestCase setup do clear_enqueued_jobs - @request.env["devise.mapping"] = Devise.mappings[:admin] + @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @questionnaire.user @questionnaire.update_attribute(:acc_status, "accepted") end diff --git a/test/controllers/admin_mailer_test.rb b/test/controllers/staff_mailer_test.rb similarity index 68% rename from test/controllers/admin_mailer_test.rb rename to test/controllers/staff_mailer_test.rb index 565b63158..591b4089d 100644 --- a/test/controllers/admin_mailer_test.rb +++ b/test/controllers/staff_mailer_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class AdminMailerTest < ActionMailer::TestCase +class StaffMailerTest < ActionMailer::TestCase context "weekly_report" do setup do @user = create(:user, email: "test@example.com", receive_weekly_report: true) @@ -10,7 +10,7 @@ class AdminMailerTest < ActionMailer::TestCase end should "deliver weekly email report" do - email = AdminMailer.weekly_report(@user.id).deliver_now + email = StaffMailer.weekly_report(@user.id).deliver_now assert_equal ["test@example.com"], email.to assert_equal "Your Weekly Report", email.subject @@ -19,25 +19,25 @@ class AdminMailerTest < ActionMailer::TestCase should "not send when more than 7 days after event started" do HackathonConfig["event_start_date"] = 10.days.ago.to_s - email = AdminMailer.weekly_report(@user.id).deliver_now + email = StaffMailer.weekly_report(@user.id).deliver_now assert_nil email end - should "not send if admin is inactive" do + should "not send if staff member is inactive" do @user.update_attribute(:is_active, false) - email = AdminMailer.weekly_report(@user.id).deliver_now + email = StaffMailer.weekly_report(@user.id).deliver_now assert_nil email end - should "not send if admin isn't receiving weekly reports" do + should "not send if staff member isn't receiving weekly reports" do @user.update_attribute(:receive_weekly_report, false) - email = AdminMailer.weekly_report(@user.id).deliver_now + email = StaffMailer.weekly_report(@user.id).deliver_now assert_nil email end should "not send if there hasn't been new activity" do @questionnaire.update_attribute(:created_at, Date.today) - email = AdminMailer.weekly_report(@user.id).deliver_now + email = StaffMailer.weekly_report(@user.id).deliver_now assert_nil email end end diff --git a/test/factories/users.rb b/test/factories/users.rb index f4b7bedf1..b136925f9 100644 --- a/test/factories/users.rb +++ b/test/factories/users.rb @@ -10,11 +10,11 @@ is_active { true } receive_weekly_report { false } - factory :admin do + factory :director do sequence :email do |n| - "admin#{n}@example.com" + "director#{n}@example.com" end - role { :admin } + role { :director } end factory :limited_access_admin do diff --git a/test/integration/user_flows_test.rb b/test/integration/user_flows_test.rb index f6131b5cf..f8ca5767d 100644 --- a/test/integration/user_flows_test.rb +++ b/test/integration/user_flows_test.rb @@ -10,8 +10,8 @@ class UserFlowsTest < ActionDispatch::IntegrationTest assert assigns(:questionnaire) end - should "be able to login and browse site as an admin" do - login(FactoryBot.create(:admin)) + should "be able to login and browse site as a director" do + login(FactoryBot.create(:director)) assert_redirected_to new_questionnaires_path get manage_dashboard_index_path @@ -24,7 +24,7 @@ class UserFlowsTest < ActionDispatch::IntegrationTest get manage_questionnaires_path assert_response :redirect - login(FactoryBot.create(:admin)) + login(FactoryBot.create(:director)) assert_redirected_to manage_questionnaires_path end diff --git a/test/jobs/admin_weekly_report_job_test.rb b/test/jobs/staff_weekly_report_job_test.rb similarity index 74% rename from test/jobs/admin_weekly_report_job_test.rb rename to test/jobs/staff_weekly_report_job_test.rb index c8b6007ba..094fd4403 100644 --- a/test/jobs/admin_weekly_report_job_test.rb +++ b/test/jobs/staff_weekly_report_job_test.rb @@ -1,11 +1,11 @@ require "test_helper" -class AdminWeeklyReportJobTest < ActiveJob::TestCase +class StaffWeeklyReportJobTest < ActiveJob::TestCase should "queue a mailer per recipient" do create_list(:user, 3, receive_weekly_report: true) create_list(:user, 2, receive_weekly_report: false) assert_difference "enqueued_jobs.size", 3 do - worker = AdminWeeklyReportJob.new + worker = StaffWeeklyReportJob.new worker.perform end end diff --git a/test/models/questionnaire_test.rb b/test/models/questionnaire_test.rb index d61fcfd47..c1d0ea6c1 100644 --- a/test/models/questionnaire_test.rb +++ b/test/models/questionnaire_test.rb @@ -194,16 +194,16 @@ class QuestionnaireTest < ActiveSupport::TestCase end should "return nil if author deleted" do - user = create(:user, email: "admin@example.com") + user = create(:user, email: "director@example.com") questionnaire = create(:questionnaire, acc_status_author_id: user.id) user.destroy assert_nil questionnaire.acc_status_author end should "return the questionnaire's user" do - user = create(:user, email: "admin@example.com") + user = create(:user, email: "director@example.com") questionnaire = create(:questionnaire, acc_status_author_id: user.id) - assert_equal "admin@example.com", questionnaire.acc_status_author.email + assert_equal "director@example.com", questionnaire.acc_status_author.email end end diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 86e264e0c..eb26f6f90 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -64,11 +64,11 @@ class UserTest < ActiveSupport::TestCase assert_equal 2, User.without_questionnaire.count end - should "not return admins" do + should "not return staff" do create(:questionnaire) # user, has questionnaire create(:user, role: :event_tracking) # user, does not create(:user, role: :admin_limited_access) # admin, does not - create(:user, role: :admin) # admin, does not + create(:user, role: :director) # director, does not assert_equal 4, User.count assert_equal 1, User.without_questionnaire.count end From 873e43c70d11bf161e5bf9d47ed8ed0f4abccdaf Mon Sep 17 00:00:00 2001 From: "Chris Baudouin, Jr" Date: Sun, 6 Sep 2020 23:48:29 -0400 Subject: [PATCH 02/10] refactor: Renames admin_limited_access to Organizer --- app/controllers/manage/application_controller.rb | 10 +++++----- app/controllers/manage/checkins_controller.rb | 1 + app/controllers/manage/dashboard_controller.rb | 1 - app/controllers/manage/data_exports_controller.rb | 1 - app/controllers/manage/trackable_events_controller.rb | 7 ++----- app/controllers/manage/trackable_tags_controller.rb | 3 --- app/controllers/manage/users_controller.rb | 2 +- app/datatables/staff_datatable.rb | 2 +- app/models/user.rb | 4 ++-- config/initializers/doorkeeper.rb | 2 +- test/controllers/manage/bus_lists_controller_test.rb | 4 ++-- test/controllers/manage/checkins_controller_test.rb | 2 +- test/controllers/manage/configs_controller_test.rb | 4 ++-- test/controllers/manage/messages_controller_test.rb | 4 ++-- .../manage/questionnaires_controller_test.rb | 4 ++-- test/controllers/manage/schools_controller_test.rb | 4 ++-- .../manage/trackable_events_controller_test.rb | 2 +- .../manage/trackable_tags_controller_test.rb | 2 +- test/controllers/manage/users_controller_test.rb | 4 ++-- test/factories/users.rb | 6 +++--- test/models/user_test.rb | 2 +- 21 files changed, 32 insertions(+), 39 deletions(-) diff --git a/app/controllers/manage/application_controller.rb b/app/controllers/manage/application_controller.rb index 9db952824..0b15a651f 100644 --- a/app/controllers/manage/application_controller.rb +++ b/app/controllers/manage/application_controller.rb @@ -1,6 +1,6 @@ class Manage::ApplicationController < ApplicationController before_action :logged_in - before_action :require_director_or_limited_admin + before_action :require_director_or_organizer_or_event_tracking before_action :limit_write_access_to_directors, only: ["edit", "update", "new", "create", "destroy", "convert_to_admin", "deliver", "merge", "perform_merge", "toggle_bus_captain", "duplicate", "update_acc_status", "send_update_email", "live_preview"] skip_before_action :verify_authenticity_token, if: :json_request? @@ -12,12 +12,12 @@ def require_director return redirect_to root_path unless current_user.try(:director?) end - def require_director_or_limited_admin - return redirect_to root_path unless current_user.try(:director?) || current_user.try(:admin_limited_access?) + def require_director_or_organizer + return redirect_to root_path unless current_user.try(:director?) || current_user.try(:organizer?) end - def require_director_or_limited_admin_or_event_tracking - redirect_to root_path unless current_user.try(:director?) || current_user.try(:admin_limited_access?) || current_user.try(:event_tracking?) + def require_director_or_organizer_or_event_tracking + redirect_to root_path unless current_user.try(:director?) || current_user.try(:organizer?) || current_user.try(:event_tracking?) end def limit_write_access_to_directors diff --git a/app/controllers/manage/checkins_controller.rb b/app/controllers/manage/checkins_controller.rb index 4da494cb8..4f8cc3492 100644 --- a/app/controllers/manage/checkins_controller.rb +++ b/app/controllers/manage/checkins_controller.rb @@ -1,4 +1,5 @@ class Manage::CheckinsController < Manage::ApplicationController + before_action :require_director_or_organizer before_action :set_questionnaire, only: [:show] respond_to :html, :json diff --git a/app/controllers/manage/dashboard_controller.rb b/app/controllers/manage/dashboard_controller.rb index 550521827..c1a305b3e 100644 --- a/app/controllers/manage/dashboard_controller.rb +++ b/app/controllers/manage/dashboard_controller.rb @@ -1,5 +1,4 @@ class Manage::DashboardController < Manage::ApplicationController - before_action :require_director_or_limited_admin def index end diff --git a/app/controllers/manage/data_exports_controller.rb b/app/controllers/manage/data_exports_controller.rb index 3ab908b82..4142d1d9d 100644 --- a/app/controllers/manage/data_exports_controller.rb +++ b/app/controllers/manage/data_exports_controller.rb @@ -1,5 +1,4 @@ class Manage::DataExportsController < Manage::ApplicationController - skip_before_action :require_director_or_limited_admin before_action :require_director before_action :set_data_export, only: [:destroy] diff --git a/app/controllers/manage/trackable_events_controller.rb b/app/controllers/manage/trackable_events_controller.rb index 8eff9579a..28cb7059b 100644 --- a/app/controllers/manage/trackable_events_controller.rb +++ b/app/controllers/manage/trackable_events_controller.rb @@ -1,9 +1,6 @@ class Manage::TrackableEventsController < Manage::ApplicationController - skip_before_action :require_director_or_limited_admin - before_action :require_director_or_limited_admin_or_event_tracking - before_action :set_trackable_event, only: [:show, :edit, :update, :destroy] - before_action :scope_limited_admin_access, only: [:edit, :update, :destroy] + before_action :scope_organizer_access, only: [:edit, :update, :destroy] respond_to :html, :json @@ -86,7 +83,7 @@ def limit_write_access_to_directors end # If the user isn't a director, scope changes only to those they created - def scope_limited_admin_access + def scope_organizer_access return if current_user.director? || @trackable_event.blank? || @trackable_event.user.blank? redirect_to manage_trackable_events_path, notice: 'You may not view events you did not create.' if @trackable_event.user != current_user end diff --git a/app/controllers/manage/trackable_tags_controller.rb b/app/controllers/manage/trackable_tags_controller.rb index b1dc4f0dc..852ea9f5d 100644 --- a/app/controllers/manage/trackable_tags_controller.rb +++ b/app/controllers/manage/trackable_tags_controller.rb @@ -1,7 +1,4 @@ class Manage::TrackableTagsController < Manage::ApplicationController - skip_before_action :require_director_or_limited_admin - before_action :require_director_or_limited_admin_or_event_tracking - before_action :set_trackable_tag, only: [:show, :edit, :update, :destroy] respond_to :html, :json diff --git a/app/controllers/manage/users_controller.rb b/app/controllers/manage/users_controller.rb index 91988cc32..d3f333097 100644 --- a/app/controllers/manage/users_controller.rb +++ b/app/controllers/manage/users_controller.rb @@ -5,7 +5,7 @@ class Manage::UsersController < Manage::ApplicationController respond_to :html, :json def index - respond_with(:manage, User.where(role: [:director, :admin_limited_access, :event_tracking])) + respond_with(:manage, User.where(role: [:director, :organizer, :event_tracking])) end def user_datatable diff --git a/app/datatables/staff_datatable.rb b/app/datatables/staff_datatable.rb index 54a756c4a..f8325be4d 100644 --- a/app/datatables/staff_datatable.rb +++ b/app/datatables/staff_datatable.rb @@ -43,6 +43,6 @@ def data end def get_raw_records - User.where(role: [:director, :admin_limited_access, :event_tracking]) + User.where(role: [:director, :organizer, :event_tracking]) end end diff --git a/app/models/user.rb b/app/models/user.rb index eb3f1e642..7ab10e691 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -23,7 +23,7 @@ class User < ApplicationRecord after_create :queue_reminder_email after_initialize :set_default_role, if: :new_record? - enum role: { user: 0, event_tracking: 1, admin_limited_access: 2, director: 3 } + enum role: { user: 0, event_tracking: 1, organizer: 2, director: 3 } def set_default_role self.role ||= :user @@ -76,7 +76,7 @@ def self.from_omniauth(auth) end def self.non_organizer - User.where.not(role: :director).where.not(role: :admin_limited_access) + User.where.not(role: :director).where.not(role: :organizer) end def self.without_questionnaire diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 328db22cc..1109083b9 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -18,7 +18,7 @@ # every time somebody will try to access the admin web interface. admin_authenticator do if current_user - head :forbidden unless current_user.director? || current_user.admin_limited_access? + head :forbidden unless current_user.director? || current_user.organizer? else redirect_to new_user_session_url end diff --git a/test/controllers/manage/bus_lists_controller_test.rb b/test/controllers/manage/bus_lists_controller_test.rb index 065dfbb80..31f186b02 100644 --- a/test/controllers/manage/bus_lists_controller_test.rb +++ b/test/controllers/manage/bus_lists_controller_test.rb @@ -137,9 +137,9 @@ class Manage::BusListsControllerTest < ActionController::TestCase end end - context "while authenticated as a limited access admin" do + context "while authenticated as an organizer" do setup do - @user = create(:limited_access_admin) + @user = create(:organizer) @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/checkins_controller_test.rb b/test/controllers/manage/checkins_controller_test.rb index 928aa987f..06e44a1fb 100644 --- a/test/controllers/manage/checkins_controller_test.rb +++ b/test/controllers/manage/checkins_controller_test.rb @@ -79,7 +79,7 @@ class Manage::CheckinsControllerTest < ActionController::TestCase end success_conditions = { - 'limited access admin' => :admin_limited_access, + 'organizer' => :organizer, 'director' => :director } diff --git a/test/controllers/manage/configs_controller_test.rb b/test/controllers/manage/configs_controller_test.rb index 16bcd4ceb..499e1053d 100644 --- a/test/controllers/manage/configs_controller_test.rb +++ b/test/controllers/manage/configs_controller_test.rb @@ -61,9 +61,9 @@ class Manage::ConfigsControllerTest < ActionController::TestCase end end - context "while authenticated as a limited access admin" do + context "while authenticated as an organizer" do setup do - @user = create(:limited_access_admin) + @user = create(:organizer) @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/messages_controller_test.rb b/test/controllers/manage/messages_controller_test.rb index b7d3db3d6..cf1a5cfd8 100644 --- a/test/controllers/manage/messages_controller_test.rb +++ b/test/controllers/manage/messages_controller_test.rb @@ -200,9 +200,9 @@ class Manage::MessagesControllerTest < ActionController::TestCase end end - context "while authenticated as a limited access admin" do + context "while authenticated as an organizer" do setup do - @user = create(:limited_access_admin) + @user = create(:organizer) @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/questionnaires_controller_test.rb b/test/controllers/manage/questionnaires_controller_test.rb index 1e94129b9..f95f0f85a 100644 --- a/test/controllers/manage/questionnaires_controller_test.rb +++ b/test/controllers/manage/questionnaires_controller_test.rb @@ -148,9 +148,9 @@ class Manage::QuestionnairesControllerTest < ActionController::TestCase end end - context "while authenticated as a limited access admin" do + context "while authenticated as an organizer" do setup do - @user = create(:limited_access_admin) + @user = create(:organizer) @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/schools_controller_test.rb b/test/controllers/manage/schools_controller_test.rb index b08d30e8c..ff9bcbc5d 100644 --- a/test/controllers/manage/schools_controller_test.rb +++ b/test/controllers/manage/schools_controller_test.rb @@ -134,9 +134,9 @@ class Manage::SchoolsControllerTest < ActionController::TestCase end end - context "while authenticated as a limited access admin" do + context "while authenticated as an organizer" do setup do - @user = create(:limited_access_admin) + @user = create(:organizer) @request.env["devise.mapping"] = Devise.mappings[:director] sign_in @user end diff --git a/test/controllers/manage/trackable_events_controller_test.rb b/test/controllers/manage/trackable_events_controller_test.rb index 0626b28b0..170b6bedf 100644 --- a/test/controllers/manage/trackable_events_controller_test.rb +++ b/test/controllers/manage/trackable_events_controller_test.rb @@ -53,7 +53,7 @@ class Manage::TrackableEventsControllerTest < ActionController::TestCase limited_conditions = { 'event tracking user' => :event_tracking, - 'limited access admin' => :admin_limited_access + 'organizer' => :organizer } limited_conditions.each do |condition_name, user_role| diff --git a/test/controllers/manage/trackable_tags_controller_test.rb b/test/controllers/manage/trackable_tags_controller_test.rb index 31343883b..27b21d9a3 100644 --- a/test/controllers/manage/trackable_tags_controller_test.rb +++ b/test/controllers/manage/trackable_tags_controller_test.rb @@ -52,7 +52,7 @@ class Manage::TrackableTagsControllerTest < ActionController::TestCase limited_conditions = { 'event tracking user' => :event_tracking, - 'limited access admin' => :admin_limited_access + 'organizer' => :organizer } limited_conditions.each do |condition_name, user_role| diff --git a/test/controllers/manage/users_controller_test.rb b/test/controllers/manage/users_controller_test.rb index 1349176d0..d9c247a0e 100644 --- a/test/controllers/manage/users_controller_test.rb +++ b/test/controllers/manage/users_controller_test.rb @@ -96,9 +96,9 @@ class Manage::UsersControllerTest < ActionController::TestCase end end - context "while authenticated as a limited access admin" do + context "while authenticated as an organizer" do setup do - @user = create(:limited_access_admin) + @user = create(:organizer) @request.env["devise.mapping"] = Devise.mappings[:staff] sign_in @user end diff --git a/test/factories/users.rb b/test/factories/users.rb index b136925f9..f235270d7 100644 --- a/test/factories/users.rb +++ b/test/factories/users.rb @@ -17,11 +17,11 @@ role { :director } end - factory :limited_access_admin do + factory :organizer do sequence :email do |n| - "limited_admin#{n}@example.com" + "organizer#{n}@example.com" end - role { :admin_limited_access } + role { :organizer } end end end diff --git a/test/models/user_test.rb b/test/models/user_test.rb index eb26f6f90..9148e1d46 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -67,7 +67,7 @@ class UserTest < ActiveSupport::TestCase should "not return staff" do create(:questionnaire) # user, has questionnaire create(:user, role: :event_tracking) # user, does not - create(:user, role: :admin_limited_access) # admin, does not + create(:user, role: :organizer) # organizer, does not create(:user, role: :director) # director, does not assert_equal 4, User.count assert_equal 1, User.without_questionnaire.count From 274787f339c30f8644f2fb0171983caca1c13dbb Mon Sep 17 00:00:00 2001 From: "Chris Baudouin, Jr" Date: Sun, 6 Sep 2020 23:59:27 -0400 Subject: [PATCH 03/10] refactor: Renames event_tracking to Volunteer --- app/controllers/manage/application_controller.rb | 6 +++--- app/controllers/manage/users_controller.rb | 2 +- app/datatables/staff_datatable.rb | 2 +- app/models/user.rb | 2 +- test/controllers/manage/checkins_controller_test.rb | 2 +- test/controllers/manage/trackable_events_controller_test.rb | 2 +- test/controllers/manage/trackable_tags_controller_test.rb | 2 +- test/models/user_test.rb | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/app/controllers/manage/application_controller.rb b/app/controllers/manage/application_controller.rb index 0b15a651f..cb1ef04cf 100644 --- a/app/controllers/manage/application_controller.rb +++ b/app/controllers/manage/application_controller.rb @@ -1,6 +1,6 @@ class Manage::ApplicationController < ApplicationController before_action :logged_in - before_action :require_director_or_organizer_or_event_tracking + before_action :require_director_or_organizer_or_volunteer before_action :limit_write_access_to_directors, only: ["edit", "update", "new", "create", "destroy", "convert_to_admin", "deliver", "merge", "perform_merge", "toggle_bus_captain", "duplicate", "update_acc_status", "send_update_email", "live_preview"] skip_before_action :verify_authenticity_token, if: :json_request? @@ -16,8 +16,8 @@ def require_director_or_organizer return redirect_to root_path unless current_user.try(:director?) || current_user.try(:organizer?) end - def require_director_or_organizer_or_event_tracking - redirect_to root_path unless current_user.try(:director?) || current_user.try(:organizer?) || current_user.try(:event_tracking?) + def require_director_or_organizer_or_volunteer + redirect_to root_path unless current_user.try(:director?) || current_user.try(:organizer?) || current_user.try(:volunteer?) end def limit_write_access_to_directors diff --git a/app/controllers/manage/users_controller.rb b/app/controllers/manage/users_controller.rb index d3f333097..e5d743166 100644 --- a/app/controllers/manage/users_controller.rb +++ b/app/controllers/manage/users_controller.rb @@ -5,7 +5,7 @@ class Manage::UsersController < Manage::ApplicationController respond_to :html, :json def index - respond_with(:manage, User.where(role: [:director, :organizer, :event_tracking])) + respond_with(:manage, User.where(role: [:director, :organizer, :volunteer])) end def user_datatable diff --git a/app/datatables/staff_datatable.rb b/app/datatables/staff_datatable.rb index f8325be4d..01c39c922 100644 --- a/app/datatables/staff_datatable.rb +++ b/app/datatables/staff_datatable.rb @@ -43,6 +43,6 @@ def data end def get_raw_records - User.where(role: [:director, :organizer, :event_tracking]) + User.where(role: [:director, :organizer, :volunteer]) end end diff --git a/app/models/user.rb b/app/models/user.rb index 7ab10e691..4a1536279 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -23,7 +23,7 @@ class User < ApplicationRecord after_create :queue_reminder_email after_initialize :set_default_role, if: :new_record? - enum role: { user: 0, event_tracking: 1, organizer: 2, director: 3 } + enum role: { user: 0, volunteer: 1, organizer: 2, director: 3 } def set_default_role self.role ||= :user diff --git a/test/controllers/manage/checkins_controller_test.rb b/test/controllers/manage/checkins_controller_test.rb index 06e44a1fb..6a7151eb8 100644 --- a/test/controllers/manage/checkins_controller_test.rb +++ b/test/controllers/manage/checkins_controller_test.rb @@ -53,7 +53,7 @@ class Manage::CheckinsControllerTest < ActionController::TestCase end limited_conditions = { - 'event tracking user' => :event_tracking, + 'volunteer' => :volunteer, } limited_conditions.each do |condition_name, user_role| diff --git a/test/controllers/manage/trackable_events_controller_test.rb b/test/controllers/manage/trackable_events_controller_test.rb index 170b6bedf..24a5ebc0f 100644 --- a/test/controllers/manage/trackable_events_controller_test.rb +++ b/test/controllers/manage/trackable_events_controller_test.rb @@ -52,7 +52,7 @@ class Manage::TrackableEventsControllerTest < ActionController::TestCase end limited_conditions = { - 'event tracking user' => :event_tracking, + 'volunteer' => :volunteer, 'organizer' => :organizer } diff --git a/test/controllers/manage/trackable_tags_controller_test.rb b/test/controllers/manage/trackable_tags_controller_test.rb index 27b21d9a3..2211bf18f 100644 --- a/test/controllers/manage/trackable_tags_controller_test.rb +++ b/test/controllers/manage/trackable_tags_controller_test.rb @@ -51,7 +51,7 @@ class Manage::TrackableTagsControllerTest < ActionController::TestCase end limited_conditions = { - 'event tracking user' => :event_tracking, + 'volunteer' => :volunteer, 'organizer' => :organizer } diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 9148e1d46..659afbf40 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -66,7 +66,7 @@ class UserTest < ActiveSupport::TestCase should "not return staff" do create(:questionnaire) # user, has questionnaire - create(:user, role: :event_tracking) # user, does not + create(:user, role: :volunteer) # volunteer, does not create(:user, role: :organizer) # organizer, does not create(:user, role: :director) # director, does not assert_equal 4, User.count From 2ab8865d27e065e450de4a602dea52250fc22080 Mon Sep 17 00:00:00 2001 From: "Chris Baudouin, Jr" Date: Sat, 12 Sep 2020 00:29:43 -0400 Subject: [PATCH 04/10] refactor: Cleans tests, improves coverage --- .../manage/application_controller.rb | 2 + app/controllers/manage/checkins_controller.rb | 1 - .../manage/dashboard_controller.rb | 1 + app/controllers/manage/messages_controller.rb | 1 + app/controllers/manage/stats_controller.rb | 1 + app/models/user.rb | 8 + app/views/layouts/_header.html.haml | 2 +- .../layouts/manage/application.html.haml | 62 ++++---- config/routes.rb | 10 +- .../manage/bus_lists_controller_test.rb | 70 ++++++++- .../manage/checkins_controller_test.rb | 27 +--- .../manage/configs_controller_test.rb | 36 ++++- .../manage/dashboard_controller_test.rb | 139 +++++++++++++++++- .../manage/messages_controller_test.rb | 104 ++++++++++++- .../manage/questionnaires_controller_test.rb | 72 ++++++++- .../manage/schools_controller_test.rb | 67 ++++++++- .../manage/stats_controller_test.rb | 51 ++++++- .../trackable_events_controller_test.rb | 4 +- .../manage/trackable_tags_controller_test.rb | 4 +- .../manage/users_controller_test.rb | 56 ++++++- test/factories/users.rb | 7 + test/models/user_test.rb | 44 ++++++ 22 files changed, 693 insertions(+), 76 deletions(-) diff --git a/app/controllers/manage/application_controller.rb b/app/controllers/manage/application_controller.rb index cb1ef04cf..fdfd2c8b4 100644 --- a/app/controllers/manage/application_controller.rb +++ b/app/controllers/manage/application_controller.rb @@ -9,10 +9,12 @@ def logged_in end def require_director + return redirect_to manage_root_path if current_user.staff? unless current_user.try(:director?) return redirect_to root_path unless current_user.try(:director?) end def require_director_or_organizer + return redirect_to manage_root_path if current_user.staff? unless current_user.try(:director?) || current_user.try(:organizer?) return redirect_to root_path unless current_user.try(:director?) || current_user.try(:organizer?) end diff --git a/app/controllers/manage/checkins_controller.rb b/app/controllers/manage/checkins_controller.rb index 4f8cc3492..4da494cb8 100644 --- a/app/controllers/manage/checkins_controller.rb +++ b/app/controllers/manage/checkins_controller.rb @@ -1,5 +1,4 @@ class Manage::CheckinsController < Manage::ApplicationController - before_action :require_director_or_organizer before_action :set_questionnaire, only: [:show] respond_to :html, :json diff --git a/app/controllers/manage/dashboard_controller.rb b/app/controllers/manage/dashboard_controller.rb index c1a305b3e..96dcd0f65 100644 --- a/app/controllers/manage/dashboard_controller.rb +++ b/app/controllers/manage/dashboard_controller.rb @@ -1,4 +1,5 @@ class Manage::DashboardController < Manage::ApplicationController + before_action :require_director_or_organizer def index end diff --git a/app/controllers/manage/messages_controller.rb b/app/controllers/manage/messages_controller.rb index 96e2a5245..e84908fd4 100644 --- a/app/controllers/manage/messages_controller.rb +++ b/app/controllers/manage/messages_controller.rb @@ -1,4 +1,5 @@ class Manage::MessagesController < Manage::ApplicationController + before_action :require_director_or_organizer before_action :set_message, only: [:show, :edit, :update, :destroy, :deliver, :preview, :duplicate] before_action :check_message_access, only: [:edit, :update, :destroy] before_action :limit_template_access_to_directors, only: [:template, :template_preview, :template_update, :template_replace_with_default] diff --git a/app/controllers/manage/stats_controller.rb b/app/controllers/manage/stats_controller.rb index 459285f71..5426424e1 100644 --- a/app/controllers/manage/stats_controller.rb +++ b/app/controllers/manage/stats_controller.rb @@ -1,4 +1,5 @@ class Manage::StatsController < Manage::ApplicationController + before_action :require_director_or_organizer respond_to :html, :json diff --git a/app/models/user.rb b/app/models/user.rb index 4a1536279..ebfe6aa53 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -56,6 +56,14 @@ def full_name "#{first_name} #{last_name}" end + def staff? + self.director? || self.organizer? || self.volunteer? + end + + def organizing_staff? + self.director? || self.organizer? + end + def self.from_omniauth(auth) matching_provider = where(provider: auth.provider, uid: auth.uid) matching_email = where(email: auth.info.email) diff --git a/app/views/layouts/_header.html.haml b/app/views/layouts/_header.html.haml index 58922284f..53972c7b3 100644 --- a/app/views/layouts/_header.html.haml +++ b/app/views/layouts/_header.html.haml @@ -10,6 +10,6 @@ = btn_link_to "Home", homepage_url .header-nav - if user_signed_in? - - if current_user.director? or current_user.organizer? or current_user.volunteer? + - if current_user.staff? = btn_link_to "Manage", manage_root_path = btn_link_to "Sign Out", destroy_user_session_path, method: :delete diff --git a/app/views/layouts/manage/application.html.haml b/app/views/layouts/manage/application.html.haml index dcfffaae2..be0f60aef 100644 --- a/app/views/layouts/manage/application.html.haml +++ b/app/views/layouts/manage/application.html.haml @@ -28,20 +28,32 @@ %h6.sidebar-heading.d-flex.justify-content-between.align-items-center.px-3.mt-4.mb-1.text-muted %span = t(:overview, scope: 'layouts.manage.navigation') - %ul.nav.flex-column.mb-2 - %li.nav-item - = active_link_to manage_root_path, class: "nav-link", active_children: false do - .fa.fa-area-chart.fa-fw.icon-space-r-half - = t(:title, scope: 'pages.manage.dashboard') - %li.nav-item - = active_link_to manage_questionnaires_path, class: "nav-link" do - .fa.fa-inbox.fa-fw.icon-space-r-half - = t(:title, scope: 'pages.manage.questionnaires') - %li.nav-item - = active_link_to manage_messages_path, class: "nav-link" do - .fa.fa-bullhorn.fa-fw.icon-space-r-half - = t(:title, scope: 'pages.manage.messages') + - if current_user.director? + %ul.nav.flex-column.mb-2 + %li.nav-item + = active_link_to manage_root_path, class: "nav-link", active_children: false do + .fa.fa-area-chart.fa-fw.icon-space-r-half + = t(:title, scope: 'pages.manage.dashboard') + %li.nav-item + = active_link_to manage_questionnaires_path, class: "nav-link" do + .fa.fa-inbox.fa-fw.icon-space-r-half + = t(:title, scope: 'pages.manage.questionnaires') + %li.nav-item + = active_link_to manage_messages_path, class: "nav-link" do + .fa.fa-bullhorn.fa-fw.icon-space-r-half + = t(:title, scope: 'pages.manage.messages') + - else + %ul.nav.flex-column.mb-2 + %li.nav-item + = active_link_to manage_checkins_path, class: "nav-link" do + .fa.fa-drivers-license-o.fa-fw.icon-space-r-half + = t(:title, scope: 'pages.manage.check-in') + %li.nav-item + = active_link_to manage_questionnaires_path, class: "nav-link" do + .fa.fa-inbox.fa-fw.icon-space-r-half + = t(:title, scope: 'pages.manage.questionnaires') + - if current_user.organizing_staff? %h6.sidebar-heading.d-flex.justify-content-between.align-items-center.px-3.mt-4.mb-1.text-muted %span = t(:logistics, scope: 'layouts.manage.navigation') @@ -59,18 +71,18 @@ .fa.fa-tag.fa-fw.icon-space-r-half = t(:title, scope: 'pages.manage.trackable-tags') - %h6.sidebar-heading.d-flex.justify-content-between.align-items-center.px-3.mt-4.mb-1.text-muted - %span - = t(:travel, scope: 'layouts.manage.navigation') - %ul.nav.flex-column.mb-2 - %li.nav-item - = active_link_to manage_bus_lists_path, class: "nav-link" do - .fa.fa-bus.fa-fw.icon-space-r-half - = t(:title, scope: 'pages.manage.bus-lists') - %li.nav-item - = active_link_to manage_schools_path, class: "nav-link" do - .fa.fa-home.fa-fw.icon-space-r-half - = t(:title, scope: 'pages.manage.schools') + %h6.sidebar-heading.d-flex.justify-content-between.align-items-center.px-3.mt-4.mb-1.text-muted + %span + = t(:travel, scope: 'layouts.manage.navigation') + %ul.nav.flex-column.mb-2 + %li.nav-item + = active_link_to manage_bus_lists_path, class: "nav-link" do + .fa.fa-bus.fa-fw.icon-space-r-half + = t(:title, scope: 'pages.manage.bus-lists') + %li.nav-item + = active_link_to manage_schools_path, class: "nav-link" do + .fa.fa-home.fa-fw.icon-space-r-half + = t(:title, scope: 'pages.manage.schools') - if current_user.director? %h6.sidebar-heading.d-flex.justify-content-between.align-items-center.px-3.mt-4.mb-1.text-muted diff --git a/config/routes.rb b/config/routes.rb index 7204d6f4c..e225735bb 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -38,7 +38,15 @@ end namespace :manage do - root to: "dashboard#index" + authenticate :user, ->(u) { u.director? } do + root to: "dashboard#index" + end + authenticate :user, ->(u) { u.organizer? } do + root to: "dashboard#index" + end + authenticate :user, ->(u) { u.volunteer? } do + root to: "checkins#index" + end resources :dashboard do get :map_data, on: :collection get :todays_activity_data, on: :collection diff --git a/test/controllers/manage/bus_lists_controller_test.rb b/test/controllers/manage/bus_lists_controller_test.rb index 31f186b02..1d12d9363 100644 --- a/test/controllers/manage/bus_lists_controller_test.rb +++ b/test/controllers/manage/bus_lists_controller_test.rb @@ -137,10 +137,76 @@ class Manage::BusListsControllerTest < ActionController::TestCase end end + context "while authenticated as a volunteer" do + setup do + @user = create(:volunteer) + @request.env["devise.mapping"] = Devise.mappings[:user] + sign_in @user + end + + should "allow access to manage_bus_lists#index" do + get :index + assert_response :success + end + + should "allow access to manage_bus_lists#show" do + get :show, params: { id: @bus_list } + assert_response :success + end + + should "not allow access to manage_bus_lists#new" do + get :new + assert_response :redirect + assert_redirected_to manage_bus_lists_path + end + + should "not allow access to manage_bus_lists#edit" do + get :edit, params: { id: @bus_list } + assert_response :redirect + assert_redirected_to manage_bus_lists_path + end + + should "not allow access to manage_bus_lists#create" do + post :create, params: { bus_list: { email: "test@example.com" } } + assert_response :redirect + assert_redirected_to manage_bus_lists_path + end + + should "not allow access to manage_bus_lists#update" do + patch :update, params: { id: @bus_list, bus_list: { email: "test@example.com" } } + assert_response :redirect + assert_redirected_to manage_bus_lists_path + end + + should "not allow access to manage_bus_lists#toggle_bus_captain" do + questionnaire = create(:questionnaire) + assert_difference "enqueued_jobs.size", 0 do + patch :toggle_bus_captain, params: { id: @bus_list, questionnaire_id: questionnaire.id, bus_captain: "1" } + end + assert_equal false, questionnaire.reload.is_bus_captain + assert_response :redirect + assert_redirected_to manage_bus_lists_path + end + + should "not allow access to manage_bus_lists#send_update_email" do + assert_difference "enqueued_jobs.size", 0 do + patch :send_update_email, params: { id: @bus_list } + end + assert_response :redirect + assert_redirected_to manage_bus_lists_path + end + + should "not allow access to manage_bus_lists#destroy" do + patch :destroy, params: { id: @bus_list } + assert_response :redirect + assert_redirected_to manage_bus_lists_path + end + end + context "while authenticated as an organizer" do setup do @user = create(:organizer) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end @@ -203,7 +269,7 @@ class Manage::BusListsControllerTest < ActionController::TestCase end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do @user = create(:director) @request.env["devise.mapping"] = Devise.mappings[:user] diff --git a/test/controllers/manage/checkins_controller_test.rb b/test/controllers/manage/checkins_controller_test.rb index 6a7151eb8..6b92b4276 100644 --- a/test/controllers/manage/checkins_controller_test.rb +++ b/test/controllers/manage/checkins_controller_test.rb @@ -52,33 +52,8 @@ class Manage::CheckinsControllerTest < ActionController::TestCase end end - limited_conditions = { - 'volunteer' => :volunteer, - } - - limited_conditions.each do |condition_name, user_role| - context "while authenticated as a #{condition_name}" do - setup do - @user = create(:user, role: user_role) - @request.env["devise.mapping"] = Devise.mappings[:director] - sign_in @user - end - - should "not get index" do - test_index_failure - end - - should "not show checkin" do - test_show_failure - end - - should "not render checking datatable" do - test_datatable_failure - end - end - end - success_conditions = { + 'volunteer' => :volunteer, 'organizer' => :organizer, 'director' => :director } diff --git a/test/controllers/manage/configs_controller_test.rb b/test/controllers/manage/configs_controller_test.rb index 499e1053d..826bb3043 100644 --- a/test/controllers/manage/configs_controller_test.rb +++ b/test/controllers/manage/configs_controller_test.rb @@ -61,10 +61,40 @@ class Manage::ConfigsControllerTest < ActionController::TestCase end end + context "while authenticated as a volunteer" do + setup do + @user = create(:volunteer) + @request.env["devise.mapping"] = Devise.mappings[:user] + sign_in @user + end + + should "not allow access to manage_configs#index" do + get :index + assert_response :redirect + end + + should "not allow access to manage_configs#edit" do + get :edit, params: { id: "registration_is_open" } + assert_response :redirect + end + + should "not update config" do + HackathonConfig["registration_is_open"] = false + patch :update, params: { id: "registration_is_open", hackathon_config: { registration_is_open: "true" } } + assert_equal false, HackathonConfig["registration_is_open"] + end + + should "not update css config" do + HackathonConfig["custom_css"] = "" + patch :update_only_css_variables, params: { id: "custom_css", hackathon_config: { custom_css: ":root {\n --foo: #fff;\n}" } } + assert_equal "", HackathonConfig["custom_css"] + end + end + context "while authenticated as an organizer" do setup do @user = create(:organizer) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end @@ -91,10 +121,10 @@ class Manage::ConfigsControllerTest < ActionController::TestCase end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do @user = create(:director) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end diff --git a/test/controllers/manage/dashboard_controller_test.rb b/test/controllers/manage/dashboard_controller_test.rb index b04cb36b9..22bd05e22 100644 --- a/test/controllers/manage/dashboard_controller_test.rb +++ b/test/controllers/manage/dashboard_controller_test.rb @@ -16,14 +16,149 @@ class Manage::DashboardControllerTest < ActionController::TestCase sign_in @user end - should "allow access to manage_dashboard#index" do + should "not allow access to manage_dashboard#index" do get :index assert_response :redirect assert_redirected_to root_path end + + should "not allow access to all data endpoints" do + school1 = FactoryBot.create(:school) + school2 = FactoryBot.create(:school) + FactoryBot.create_list(:questionnaire, 20, school_id: school1.id, acc_status: "pending") + FactoryBot.create_list(:questionnaire, 20, school_id: school1.id, acc_status: "accepted") + FactoryBot.create_list(:questionnaire, 10, school_id: school2.id, acc_status: "accepted") + Questionnaire::POSSIBLE_ACC_STATUS.each do |status, _name| + FactoryBot.create_list(:questionnaire, 1, school_id: school2.id, acc_status: status) + end + + stub_request(:get, "https://geocoding.geo.census.gov/geocoder/locations/address?street=123+Fake+Street&city=Rochester&state=NY&benchmark=Public_AR_Current&format=json") + .to_return(status: 200, body: '{ "result":{ "addressMatches":[{ "coordinates":{ "x": 100, "y": 100 } }] } }', headers: { 'Content-Type' => 'application/json; charset=UTF-8' }) + stub_request(:get, "https://geo.fcc.gov/api/census/area?format=json&lat=100&lon=100") + .to_return(status: 200, body: '{ "results":[{ "country_fips":1234 }] }', headers: { 'Content-Type' => 'application/json; charset=UTF-8' }) + + paths = [ + :todays_activity_data, + :todays_stats_data, + :checkin_activity_data, + :confirmation_activity_data, + :application_activity_data, + :schools_confirmed_data, + :user_distribution_data, + :application_distribution_data, + :schools_applied_data + ] + + paths.each do |path| + get path + assert_redirected_to root_path + end + + get :map_data, format: "tsv" + assert_redirected_to root_path + end + end + + context "while authenticated as a volunteer" do + setup do + @user = create(:volunteer) + @request.env["devise.mapping"] = Devise.mappings[:director] + sign_in @user + end + + should "not allow access to manage_dashboard#index" do + get :index + assert_response :redirect + assert_redirected_to manage_root_path + end + + should "not allow access to all data endpoints" do + school1 = FactoryBot.create(:school) + school2 = FactoryBot.create(:school) + FactoryBot.create_list(:questionnaire, 20, school_id: school1.id, acc_status: "pending") + FactoryBot.create_list(:questionnaire, 20, school_id: school1.id, acc_status: "accepted") + FactoryBot.create_list(:questionnaire, 10, school_id: school2.id, acc_status: "accepted") + Questionnaire::POSSIBLE_ACC_STATUS.each do |status, _name| + FactoryBot.create_list(:questionnaire, 1, school_id: school2.id, acc_status: status) + end + + stub_request(:get, "https://geocoding.geo.census.gov/geocoder/locations/address?street=123+Fake+Street&city=Rochester&state=NY&benchmark=Public_AR_Current&format=json") + .to_return(status: 200, body: '{ "result":{ "addressMatches":[{ "coordinates":{ "x": 100, "y": 100 } }] } }', headers: { 'Content-Type' => 'application/json; charset=UTF-8' }) + stub_request(:get, "https://geo.fcc.gov/api/census/area?format=json&lat=100&lon=100") + .to_return(status: 200, body: '{ "results":[{ "country_fips":1234 }] }', headers: { 'Content-Type' => 'application/json; charset=UTF-8' }) + + paths = [ + :todays_activity_data, + :todays_stats_data, + :checkin_activity_data, + :confirmation_activity_data, + :application_activity_data, + :schools_confirmed_data, + :user_distribution_data, + :application_distribution_data, + :schools_applied_data + ] + + paths.each do |path| + get path + assert_redirected_to manage_root_path + end + + get :map_data, format: "tsv" + assert_redirected_to manage_root_path + end + end + + context "while authenticated as an organizer" do + setup do + @user = create(:organizer) + @request.env["devise.mapping"] = Devise.mappings[:director] + sign_in @user + end + + should "allow access to manage_dashboard#index" do + get :index + assert_response :success + end + + should "allow access to all data endpoints" do + school1 = FactoryBot.create(:school) + school2 = FactoryBot.create(:school) + FactoryBot.create_list(:questionnaire, 20, school_id: school1.id, acc_status: "pending") + FactoryBot.create_list(:questionnaire, 20, school_id: school1.id, acc_status: "accepted") + FactoryBot.create_list(:questionnaire, 10, school_id: school2.id, acc_status: "accepted") + Questionnaire::POSSIBLE_ACC_STATUS.each do |status, _name| + FactoryBot.create_list(:questionnaire, 1, school_id: school2.id, acc_status: status) + end + + stub_request(:get, "https://geocoding.geo.census.gov/geocoder/locations/address?street=123+Fake+Street&city=Rochester&state=NY&benchmark=Public_AR_Current&format=json") + .to_return(status: 200, body: '{ "result":{ "addressMatches":[{ "coordinates":{ "x": 100, "y": 100 } }] } }', headers: { 'Content-Type' => 'application/json; charset=UTF-8' }) + stub_request(:get, "https://geo.fcc.gov/api/census/area?format=json&lat=100&lon=100") + .to_return(status: 200, body: '{ "results":[{ "country_fips":1234 }] }', headers: { 'Content-Type' => 'application/json; charset=UTF-8' }) + + paths = [ + :todays_activity_data, + :todays_stats_data, + :checkin_activity_data, + :confirmation_activity_data, + :application_activity_data, + :schools_confirmed_data, + :user_distribution_data, + :application_distribution_data, + :schools_applied_data + ] + + paths.each do |path| + get path + assert_response :success + end + + get :map_data, format: "tsv" + assert_response :success + end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do @user = create(:director) @request.env["devise.mapping"] = Devise.mappings[:director] diff --git a/test/controllers/manage/messages_controller_test.rb b/test/controllers/manage/messages_controller_test.rb index cf1a5cfd8..ec8177490 100644 --- a/test/controllers/manage/messages_controller_test.rb +++ b/test/controllers/manage/messages_controller_test.rb @@ -200,10 +200,110 @@ class Manage::MessagesControllerTest < ActionController::TestCase end end + context "while authenticated as a volunteer" do + setup do + @user = create(:volunteer) + @request.env["devise.mapping"] = Devise.mappings[:user] + sign_in @user + end + + should "not allow access to manage_messages#index" do + get :index + assert_response :redirect + assert_redirected_to manage_root_path + end + + should "not allow access to manage_messages datatables api" do + post :datatable, format: :json, params: { "columns[0][data]" => "" } + assert_response :redirect + assert_redirected_to manage_root_path + end + + should "not allow access to manage_messages#new" do + get :new + assert_response :redirect + assert_redirected_to manage_messages_path + end + + should "not allow access to manage_messages#show" do + get :show, params: { id: @message } + assert_response :redirect + assert_redirected_to manage_root_path + end + + should "not allow access to manage_messages#edit" do + get :edit, params: { id: @message } + assert_response :redirect + assert_redirected_to manage_messages_path + end + + should "not allow access to manage_messages#create" do + post :create, params: { message: { email: "test@example.com" } } + assert_response :redirect + assert_redirected_to manage_messages_path + end + + should "not allow access to manage_messages#update" do + patch :update, params: { id: @message, message: { email: "test@example.com" } } + assert_response :redirect + assert_redirected_to manage_messages_path + end + + should "not allow access to manage_messages#destroy" do + patch :destroy, params: { id: @message } + assert_response :redirect + assert_redirected_to manage_messages_path + end + + should "not deliver message" do + assert_difference("enqueued_jobs.size", 0) do + patch :deliver, params: { id: @message } + end + assert_response :redirect + assert_redirected_to manage_messages_path + end + + should "not allow access to manage_messages#preview" do + get :preview, params: { id: @message } + assert_response :redirect + assert_redirected_to manage_root_path + end + + should "not allow access to manage_messages#live_preview" do + get :live_preview, params: { body: "foo bar" } + assert_response :redirect + assert_redirected_to manage_messages_path + end + + should "not allow access to manage_messages#duplicate" do + assert_difference("Message.count", 0) do + patch :duplicate, params: { id: @message } + end + assert_response :redirect + assert_redirected_to manage_messages_path + end + + should "not allow access to manage_messages#template" do + test_template_failure + end + + should "not allow access to manage_messages#template_preview" do + test_template_preview_failure + end + + should "not allow access to manage_messages#template_update" do + test_template_update_failure + end + + should "not allow access to manage_messages#template_replace_with_default" do + test_template_replace_with_default_failure + end + end + context "while authenticated as an organizer" do setup do @user = create(:organizer) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end @@ -296,7 +396,7 @@ class Manage::MessagesControllerTest < ActionController::TestCase end end - context "while authenticated as an admin" do + context "while authenticated as a director" do setup do @user = create(:director) @request.env["devise.mapping"] = Devise.mappings[:user] diff --git a/test/controllers/manage/questionnaires_controller_test.rb b/test/controllers/manage/questionnaires_controller_test.rb index f95f0f85a..8bf832f04 100644 --- a/test/controllers/manage/questionnaires_controller_test.rb +++ b/test/controllers/manage/questionnaires_controller_test.rb @@ -148,10 +148,80 @@ class Manage::QuestionnairesControllerTest < ActionController::TestCase end end + context "while authenticated as a volunteer" do + setup do + @user = create(:volunteer) + @request.env["devise.mapping"] = Devise.mappings[:user] + sign_in @user + end + + should "allow access to manage_questionnaires#index" do + get :index + assert_response :success + end + + should "allow access to manage_questionnaires datatables api" do + post :datatable, format: :json, params: { "columns[0][data]" => "" } + assert_response :success + end + + should "allow access to manage_questionnaires#show" do + get :show, params: { id: @questionnaire } + assert_response :success + end + + should "not allow access to manage_questionnaires#new" do + get :new, params: { id: @questionnaire } + assert_response :redirect + assert_redirected_to manage_questionnaires_path + end + + should "not allow access to manage_questionnaires#edit" do + get :edit, params: { id: @questionnaire } + assert_response :redirect + assert_redirected_to manage_questionnaires_path + end + + should "not allow access to manage_questionnaires#create" do + post :create, params: { questionnaire: { major: "Best Major" } } + assert_response :redirect + assert_redirected_to manage_questionnaires_path + end + + should "not allow access to manage_questionnaires#update" do + patch :update, params: { id: @questionnaire, questionnaire: { major: "Best Major" } } + assert_response :redirect + assert_redirected_to manage_questionnaires_path + end + + should "not allow convert questionnaire's user to a director" do + patch :convert_to_director, params: { id: @questionnaire } + assert_response :redirect + assert_redirected_to edit_manage_user_path(assigns(:questionnaire).user) + end + + should "not allow access to manage_questionnaires#destroy" do + patch :destroy, params: { id: @questionnaire } + assert_response :redirect + assert_redirected_to manage_questionnaires_path + end + + should "not access to manage_questionnaires#update_acc_status" do + patch :update_acc_status, params: { id: @questionnaire, questionnaire: { acc_status: "accepted" } } + assert_response :redirect + assert_redirected_to manage_questionnaires_path + end + + should "allow access to manage_questionnaires#bulk_apply" do + patch :bulk_apply, params: { bulk_action: "waitlist", bulk_ids: [@questionnaire.id] } + assert_response :success + end + end + context "while authenticated as an organizer" do setup do @user = create(:organizer) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end diff --git a/test/controllers/manage/schools_controller_test.rb b/test/controllers/manage/schools_controller_test.rb index ff9bcbc5d..a19f9406d 100644 --- a/test/controllers/manage/schools_controller_test.rb +++ b/test/controllers/manage/schools_controller_test.rb @@ -134,10 +134,75 @@ class Manage::SchoolsControllerTest < ActionController::TestCase end end + context "while authenticated as a volunteer" do + setup do + @user = create(:volunteer) + @request.env["devise.mapping"] = Devise.mappings[:user] + sign_in @user + end + + should "allow access to manage_schools#index" do + get :index + assert_response :success + end + + should "allow access to manage_schools datatables api" do + post :datatable, format: :json, params: { "columns[0][data]" => "" } + assert_response :success + end + + should "allow access to manage_schools#show" do + get :show, params: { id: @school } + assert_response :success + end + + should "not allow access to manage_schools#new" do + get :new + assert_response :redirect + assert_redirected_to manage_schools_path + end + + should "not allow access to manage_schools#edit" do + get :edit, params: { id: @school } + assert_response :redirect + assert_redirected_to manage_schools_path + end + + should "not allow access to manage_schools#create" do + post :create, params: { school: { name: "My Test School" } } + assert_response :redirect + assert_redirected_to manage_schools_path + end + + should "not allow access to manage_schools#update" do + patch :update, params: { id: @school, school: { name: "My Test School" } } + assert_response :redirect + assert_redirected_to manage_schools_path + end + + should "not allow access to manage_schools#destroy" do + patch :destroy, params: { id: @school } + assert_response :redirect + assert_redirected_to manage_schools_path + end + + should "not allow access to manage_schools#merge" do + patch :merge, params: { id: @school } + assert_response :redirect + assert_redirected_to manage_schools_path + end + + should "not allow access to manage_schools#perform_merge" do + patch :perform_merge, params: { id: @school, school: { id: "My Test School" } } + assert_response :redirect + assert_redirected_to manage_schools_path + end + end + context "while authenticated as an organizer" do setup do @user = create(:organizer) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end diff --git a/test/controllers/manage/stats_controller_test.rb b/test/controllers/manage/stats_controller_test.rb index 2b6e39a2e..cec0ad186 100644 --- a/test/controllers/manage/stats_controller_test.rb +++ b/test/controllers/manage/stats_controller_test.rb @@ -39,14 +39,61 @@ class Manage::StatsControllerTest < ActionController::TestCase end end + context "while authenticated as a volunteer" do + setup do + @user = create(:volunteer) + @request.env["devise.mapping"] = Devise.mappings[:user] + sign_in @user + end + + should "not allow access to stats#index" do + get :index + assert_response :redirect + assert_redirected_to manage_root_path + end + + should "not allow access to data endpoints" do + paths.each do |path| + patch path + assert_response :redirect + assert_redirected_to manage_root_path + end + end + end + + context "while authenticated as an organizer" do + setup do + @user = create(:organizer) + @request.env["devise.mapping"] = Devise.mappings[:user] + sign_in @user + end + + should "allow access to stats#index" do + get :index + assert_response :success + end + + should "allow access to all data endpoints" do + school = create(:school) + Questionnaire::POSSIBLE_ACC_STATUS.each do |status, _name| + create_list(:questionnaire, 5, school_id: school.id, acc_status: status, dietary_restrictions: "Vegetarian", special_needs: "Something") + end + + paths.each do |path| + patch path + assert_response :success + end + end + end + context "while authenticated as a director" do setup do @user = create(:director) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end - should "allow access to manage_dashboard#index" do + should "allow access to stats#index" do get :index assert_response :success end diff --git a/test/controllers/manage/trackable_events_controller_test.rb b/test/controllers/manage/trackable_events_controller_test.rb index 24a5ebc0f..67cd2d398 100644 --- a/test/controllers/manage/trackable_events_controller_test.rb +++ b/test/controllers/manage/trackable_events_controller_test.rb @@ -60,7 +60,7 @@ class Manage::TrackableEventsControllerTest < ActionController::TestCase context "while authenticated as a #{condition_name}" do setup do @user = create(:user, role: user_role) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user @trackable_event.update_attribute(:user, @user) end @@ -108,7 +108,7 @@ class Manage::TrackableEventsControllerTest < ActionController::TestCase context "while authenticated as a director" do setup do @user = create(:director) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end diff --git a/test/controllers/manage/trackable_tags_controller_test.rb b/test/controllers/manage/trackable_tags_controller_test.rb index 2211bf18f..56c273cfa 100644 --- a/test/controllers/manage/trackable_tags_controller_test.rb +++ b/test/controllers/manage/trackable_tags_controller_test.rb @@ -59,7 +59,7 @@ class Manage::TrackableTagsControllerTest < ActionController::TestCase context "while authenticated as a #{condition_name}" do setup do @user = create(:user, role: user_role) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end @@ -96,7 +96,7 @@ class Manage::TrackableTagsControllerTest < ActionController::TestCase context "while authenticated as a director" do setup do @user = create(:director) - @request.env["devise.mapping"] = Devise.mappings[:director] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end diff --git a/test/controllers/manage/users_controller_test.rb b/test/controllers/manage/users_controller_test.rb index d9c247a0e..a29bf2b8d 100644 --- a/test/controllers/manage/users_controller_test.rb +++ b/test/controllers/manage/users_controller_test.rb @@ -96,31 +96,77 @@ class Manage::UsersControllerTest < ActionController::TestCase end end + context "while authenticated as a volunteer" do + setup do + @user = create(:volunteer) + @request.env["devise.mapping"] = Devise.mappings[:user] + sign_in @user + end + + should "not allow access to manage_users#index" do + get :index + assert_redirected_to manage_root_path + end + + should "not allow access to manage_users users datatables api" do + post :user_datatable, format: :json, params: { "columns[0][data]" => "" } + assert_redirected_to manage_root_path + end + + should "not allow access to manage_users staff datatables api" do + post :staff_datatable, format: :json, params: { "columns[0][data]" => "" } + assert_redirected_to manage_root_path + end + + should "allow access to manage_users#show" do + get :show, params: { id: @user } + assert_redirected_to manage_root_path + end + + should "not allow access to manage_users#edit" do + get :edit, params: { id: @user } + assert_response :redirect + assert_redirected_to manage_users_path + end + + should "not allow access to manage_users#update" do + patch :update, params: { id: @user, user: { email: "test@example.com" } } + assert_response :redirect + assert_redirected_to manage_users_path + end + + should "not allow access to manage_users#destroy" do + patch :destroy, params: { id: @user } + assert_response :redirect + assert_redirected_to manage_users_path + end + end + context "while authenticated as an organizer" do setup do @user = create(:organizer) - @request.env["devise.mapping"] = Devise.mappings[:staff] + @request.env["devise.mapping"] = Devise.mappings[:user] sign_in @user end should "not allow access to manage_users#index" do get :index - assert_redirected_to root_path + assert_redirected_to manage_root_path end should "not allow access to manage_users users datatables api" do post :user_datatable, format: :json, params: { "columns[0][data]" => "" } - assert_redirected_to root_path + assert_redirected_to manage_root_path end should "not allow access to manage_users staff datatables api" do post :staff_datatable, format: :json, params: { "columns[0][data]" => "" } - assert_redirected_to root_path + assert_redirected_to manage_root_path end should "allow access to manage_users#show" do get :show, params: { id: @user } - assert_redirected_to root_path + assert_redirected_to manage_root_path end should "not allow access to manage_users#edit" do diff --git a/test/factories/users.rb b/test/factories/users.rb index f235270d7..4b5f80572 100644 --- a/test/factories/users.rb +++ b/test/factories/users.rb @@ -23,5 +23,12 @@ end role { :organizer } end + + factory :volunteer do + sequence :email do |n| + "volunteer#{n}@example.com" + end + role { :volunteer } + end end end diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 659afbf40..64009b1e0 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -80,6 +80,50 @@ class UserTest < ActiveSupport::TestCase end end + context "current_user is staff" do + should "not report user as staff" do + user = create(:user, role: user) + assert_equal false, user.staff? + end + + should "report volunteer as staff" do + user = create(:user, role: :volunteer) + assert_equal true, user.staff? + end + + should "report organizer as staff" do + user = create(:user, role: :organizer) + assert_equal true, user.staff? + end + + should "report director as staff" do + user = create(:user, role: :director) + assert_equal true, user.staff? + end + end + + context "current_user is organizing staff" do + should "not report user as organizing staff" do + user = create(:user, role: user) + assert_equal false, user.organizing_staff? + end + + should "not report volunteer as organizing staff" do + user = create(:user, role: :volunteer) + assert_equal false, user.organizing_staff? + end + + should "report organizer as organizing staff" do + user = create(:user, role: :organizer) + assert_equal true, user.organizing_staff? + end + + should "report director as organizing staff" do + user = create(:user, role: :director) + assert_equal true, user.organizing_staff? + end + end + context "safe_receive_weekly_report" do should "return false if user is inactive" do user = build(:user, is_active: true, receive_weekly_report: true) From 19f19266f66425d80d6fdd6666879b8cc5d6167d Mon Sep 17 00:00:00 2001 From: "Chris Baudouin, Jr" Date: Sat, 12 Sep 2020 00:46:52 -0400 Subject: [PATCH 05/10] fix: Hound issues v1 --- app/controllers/manage/application_controller.rb | 4 ++-- app/models/user.rb | 4 ++-- test/models/user_test.rb | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/controllers/manage/application_controller.rb b/app/controllers/manage/application_controller.rb index fdfd2c8b4..d1203ed16 100644 --- a/app/controllers/manage/application_controller.rb +++ b/app/controllers/manage/application_controller.rb @@ -9,12 +9,12 @@ def logged_in end def require_director - return redirect_to manage_root_path if current_user.staff? unless current_user.try(:director?) + return redirect_to manage_root_path unless !current_user.staff? || current_user.try(:director?) return redirect_to root_path unless current_user.try(:director?) end def require_director_or_organizer - return redirect_to manage_root_path if current_user.staff? unless current_user.try(:director?) || current_user.try(:organizer?) + return redirect_to manage_root_path unless !current_user.staff? || current_user.try(:director?) || current_user.try(:organizer?) return redirect_to root_path unless current_user.try(:director?) || current_user.try(:organizer?) end diff --git a/app/models/user.rb b/app/models/user.rb index ebfe6aa53..00f16f4d6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -57,11 +57,11 @@ def full_name end def staff? - self.director? || self.organizer? || self.volunteer? + director? || organizer? || volunteer? end def organizing_staff? - self.director? || self.organizer? + director? || organizer? end def self.from_omniauth(auth) diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 64009b1e0..2bac1093b 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -90,7 +90,7 @@ class UserTest < ActiveSupport::TestCase user = create(:user, role: :volunteer) assert_equal true, user.staff? end - + should "report organizer as staff" do user = create(:user, role: :organizer) assert_equal true, user.staff? @@ -112,7 +112,7 @@ class UserTest < ActiveSupport::TestCase user = create(:user, role: :volunteer) assert_equal false, user.organizing_staff? end - + should "report organizer as organizing staff" do user = create(:user, role: :organizer) assert_equal true, user.organizing_staff? From 711aeea81dc70dce3ff244f326df31a6ceed0486 Mon Sep 17 00:00:00 2001 From: "Chris Baudouin, Jr" Date: Mon, 14 Sep 2020 16:35:56 -0400 Subject: [PATCH 06/10] refactor: Increases funciton clarity --- app/controllers/manage/application_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/manage/application_controller.rb b/app/controllers/manage/application_controller.rb index d1203ed16..40d636911 100644 --- a/app/controllers/manage/application_controller.rb +++ b/app/controllers/manage/application_controller.rb @@ -14,12 +14,12 @@ def require_director end def require_director_or_organizer - return redirect_to manage_root_path unless !current_user.staff? || current_user.try(:director?) || current_user.try(:organizer?) - return redirect_to root_path unless current_user.try(:director?) || current_user.try(:organizer?) + return redirect_to manage_root_path if current_user.staff? && !current_user.organizing_staff? + return redirect_to root_path unless current_user.organizing_staff? end def require_director_or_organizer_or_volunteer - redirect_to root_path unless current_user.try(:director?) || current_user.try(:organizer?) || current_user.try(:volunteer?) + redirect_to root_path unless current_user.staff? end def limit_write_access_to_directors From 971dd0a5a9f69005994af6102f612fdacd4e4a4c Mon Sep 17 00:00:00 2001 From: "Chris Baudouin, Jr" Date: Mon, 14 Sep 2020 16:37:18 -0400 Subject: [PATCH 07/10] refactor: Increases funciton clarity --- app/controllers/manage/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/manage/application_controller.rb b/app/controllers/manage/application_controller.rb index 40d636911..a8ec8dedf 100644 --- a/app/controllers/manage/application_controller.rb +++ b/app/controllers/manage/application_controller.rb @@ -9,7 +9,7 @@ def logged_in end def require_director - return redirect_to manage_root_path unless !current_user.staff? || current_user.try(:director?) + return redirect_to manage_root_path if current_user.staff? && !current_user.try(:director?) return redirect_to root_path unless current_user.try(:director?) end From b5ad3b88c8f5aae6f472513576def99fe3a93572 Mon Sep 17 00:00:00 2001 From: Jeremy Rudman Date: Sat, 19 Sep 2020 21:03:08 -0400 Subject: [PATCH 08/10] fix(sidebar): fixed UI problems for diffrent roles removed the duplicate checkin button for orginizers and had checkin page defaut to be highlighted for volenteers --- app/views/layouts/_header.html.haml | 4 +++- app/views/layouts/manage/application.html.haml | 12 +++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/app/views/layouts/_header.html.haml b/app/views/layouts/_header.html.haml index 53972c7b3..91427e44d 100644 --- a/app/views/layouts/_header.html.haml +++ b/app/views/layouts/_header.html.haml @@ -10,6 +10,8 @@ = btn_link_to "Home", homepage_url .header-nav - if user_signed_in? - - if current_user.staff? + - if current_user.organizing_staff? = btn_link_to "Manage", manage_root_path + - elsif current_user.volunteer? + = btn_link_to "Manage", manage_checkins_path = btn_link_to "Sign Out", destroy_user_session_path, method: :delete diff --git a/app/views/layouts/manage/application.html.haml b/app/views/layouts/manage/application.html.haml index be0f60aef..2c74452e9 100644 --- a/app/views/layouts/manage/application.html.haml +++ b/app/views/layouts/manage/application.html.haml @@ -42,12 +42,18 @@ = active_link_to manage_messages_path, class: "nav-link" do .fa.fa-bullhorn.fa-fw.icon-space-r-half = t(:title, scope: 'pages.manage.messages') + - elsif current_user.organizer? + %ul.nav.flex-column.mb-2 + %li.nav-item + = active_link_to manage_questionnaires_path, class: "nav-link" do + .fa.fa-inbox.fa-fw.icon-space-r-half + = t(:title, scope: 'pages.manage.questionnaires') - else %ul.nav.flex-column.mb-2 %li.nav-item - = active_link_to manage_checkins_path, class: "nav-link" do - .fa.fa-drivers-license-o.fa-fw.icon-space-r-half - = t(:title, scope: 'pages.manage.check-in') + = active_link_to manage_checkins_path, class: "nav-link" do + .fa.fa-drivers-license-o.fa-fw.icon-space-r-half + = t(:title, scope: 'pages.manage.check-in') %li.nav-item = active_link_to manage_questionnaires_path, class: "nav-link" do .fa.fa-inbox.fa-fw.icon-space-r-half From cdf57b6157bd1c92a9a5493a88cbef785a7e97a5 Mon Sep 17 00:00:00 2001 From: Peter Kos Date: Sun, 20 Sep 2020 02:56:41 -0400 Subject: [PATCH 09/10] Volunteers are redirected to checkin route --- app/controllers/manage/application_controller.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/manage/application_controller.rb b/app/controllers/manage/application_controller.rb index f68c124d7..111f68f62 100644 --- a/app/controllers/manage/application_controller.rb +++ b/app/controllers/manage/application_controller.rb @@ -9,12 +9,13 @@ def logged_in end def require_director - return redirect_to manage_root_path if current_user.staff? && !current_user.try(:director?) + return redirect_to manage_checkins_path if current_user.volunteer? + return redirect_to manage_root_path if current_user.organizer? return redirect_to root_path unless current_user.try(:director?) end def require_director_or_organizer - return redirect_to manage_root_path if current_user.staff? && !current_user.organizing_staff? + return redirect_to manage_checkins_path if current_user.volunteer? return redirect_to root_path unless current_user.organizing_staff? end From 1daa9432daa3abb1545ed1b2401ef50aabc9a543 Mon Sep 17 00:00:00 2001 From: Peter Kos Date: Sun, 20 Sep 2020 02:57:01 -0400 Subject: [PATCH 10/10] Organizers have same overview page access as direc --- app/views/layouts/manage/application.html.haml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/app/views/layouts/manage/application.html.haml b/app/views/layouts/manage/application.html.haml index 2c74452e9..c529658dd 100644 --- a/app/views/layouts/manage/application.html.haml +++ b/app/views/layouts/manage/application.html.haml @@ -28,7 +28,7 @@ %h6.sidebar-heading.d-flex.justify-content-between.align-items-center.px-3.mt-4.mb-1.text-muted %span = t(:overview, scope: 'layouts.manage.navigation') - - if current_user.director? + - if current_user.organizing_staff? %ul.nav.flex-column.mb-2 %li.nav-item = active_link_to manage_root_path, class: "nav-link", active_children: false do @@ -42,13 +42,7 @@ = active_link_to manage_messages_path, class: "nav-link" do .fa.fa-bullhorn.fa-fw.icon-space-r-half = t(:title, scope: 'pages.manage.messages') - - elsif current_user.organizer? - %ul.nav.flex-column.mb-2 - %li.nav-item - = active_link_to manage_questionnaires_path, class: "nav-link" do - .fa.fa-inbox.fa-fw.icon-space-r-half - = t(:title, scope: 'pages.manage.questionnaires') - - else + - elsif current_user.volunteer? %ul.nav.flex-column.mb-2 %li.nav-item = active_link_to manage_checkins_path, class: "nav-link" do