From a98459de3c8e0e549bcce30ece2ed6df4eb26fce Mon Sep 17 00:00:00 2001 From: mononoken Date: Tue, 23 Jan 2024 16:59:38 -0800 Subject: [PATCH 001/115] Add action_policy gem --- Gemfile | 3 +++ Gemfile.lock | 4 ++++ app/controllers/application_controller.rb | 3 +++ app/policies/application_policy.rb | 18 ++++++++++++++++++ 4 files changed, 28 insertions(+) create mode 100644 app/policies/application_policy.rb diff --git a/Gemfile b/Gemfile index accd1be2d..82c84c837 100644 --- a/Gemfile +++ b/Gemfile @@ -164,3 +164,6 @@ gem "gretel", "~> 4.5" gem "ransack" gem "rails-controller-testing" + +# Use Action Policy for authorization framework +gem "action_policy", "~> 0.6.8" diff --git a/Gemfile.lock b/Gemfile.lock index bc4e27d51..66d297b0e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,8 @@ GEM remote: https://rubygems.org/ specs: + action_policy (0.6.8) + ruby-next-core (>= 1.0) actioncable (7.0.6) actionpack (= 7.0.6) activesupport (= 7.0.6) @@ -379,6 +381,7 @@ GEM rubocop-performance (1.18.0) rubocop (>= 1.7.0, < 2.0) rubocop-ast (>= 0.4.0) + ruby-next-core (1.0.0) ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) rubyzip (2.3.2) @@ -469,6 +472,7 @@ PLATFORMS x86_64-linux DEPENDENCIES + action_policy (~> 0.6.8) active_link_to active_storage_validations acts_as_tenant diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index bb2a57f9d..60ba0e4fc 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,4 +1,7 @@ class ApplicationController < ActionController::Base + # Turn this on once authorization framework has been applied to all controllers. + # verify_authorized + before_action :set_current_user around_action :switch_locale diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb new file mode 100644 index 000000000..a68373bfb --- /dev/null +++ b/app/policies/application_policy.rb @@ -0,0 +1,18 @@ +# Base class for application policies +class ApplicationPolicy < ActionPolicy::Base + # Configure additional authorization contexts here + # (`user` is added by default). + # + # authorize :account, optional: true + # + # Read more about authorization context: https://actionpolicy.evilmartians.io/#/authorization_context + + private + + # Define shared methods useful for most policies. + # For example: + # + # def owner? + # record.user_id == user.id + # end +end From 8e383886c3899b0c6203fc8c13fca00b24085d44 Mon Sep 17 00:00:00 2001 From: mononoken Date: Fri, 26 Jan 2024 19:55:34 -0800 Subject: [PATCH 002/115] Apply verify_authorized to require authorization on all controllers excpet devise related controllers --- app/controllers/application_controller.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 60ba0e4fc..c59088804 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,5 @@ class ApplicationController < ActionController::Base - # Turn this on once authorization framework has been applied to all controllers. - # verify_authorized + verify_authorized unless: :devise_controller? before_action :set_current_user around_action :switch_locale From a0a1ad6351c983b6aa0dff5af9310ed005fccfde Mon Sep 17 00:00:00 2001 From: mononoken Date: Fri, 26 Jan 2024 19:55:48 -0800 Subject: [PATCH 003/115] Skip authorization for static pages and root --- app/controllers/root_controller.rb | 2 ++ app/controllers/static_pages_controller.rb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/app/controllers/root_controller.rb b/app/controllers/root_controller.rb index fc8160caa..2cb99259d 100644 --- a/app/controllers/root_controller.rb +++ b/app/controllers/root_controller.rb @@ -1,4 +1,6 @@ class RootController < ApplicationController + skip_verify_authorized only: %i[index] + def index if Current.organization redirect_to home_index_path diff --git a/app/controllers/static_pages_controller.rb b/app/controllers/static_pages_controller.rb index d63c85d0c..acb35adc1 100644 --- a/app/controllers/static_pages_controller.rb +++ b/app/controllers/static_pages_controller.rb @@ -1,4 +1,6 @@ class StaticPagesController < ApplicationController + skip_verify_authorized only: %i[about_us cookie_policy donate faq partners privacy_policy terms_and_conditions] + def home if !current_tenant render :no_tenant and return From f5f321f3f57546b552d78cfdae72d4eab407c931 Mon Sep 17 00:00:00 2001 From: mononoken Date: Tue, 30 Jan 2024 21:07:27 -0800 Subject: [PATCH 004/115] Create AdoptablePetPolicy tests --- .../adoptable_pets_controller_test.rb | 16 +++++ test/policies/adoptable_pet_policy_test.rb | 61 +++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 test/controllers/adoptable_pets_controller_test.rb create mode 100644 test/policies/adoptable_pet_policy_test.rb diff --git a/test/controllers/adoptable_pets_controller_test.rb b/test/controllers/adoptable_pets_controller_test.rb new file mode 100644 index 000000000..d94f583f5 --- /dev/null +++ b/test/controllers/adoptable_pets_controller_test.rb @@ -0,0 +1,16 @@ +require "test_helper" +require "action_policy/test_helper" + +class AdoptablePetsControllerTest < ActionDispatch::IntegrationTest + include ActionPolicy::TestHelper + + setup do + @pet = create(:pet) + end + + test "show is authorized" do + assert_authorized_to(:show?, @pet, with: AdoptablePetPolicy) do + get adoptable_pet_path(@pet) + end + end +end diff --git a/test/policies/adoptable_pet_policy_test.rb b/test/policies/adoptable_pet_policy_test.rb new file mode 100644 index 000000000..c3db35f7a --- /dev/null +++ b/test/policies/adoptable_pet_policy_test.rb @@ -0,0 +1,61 @@ +require "test_helper" + +# See https://actionpolicy.evilmartians.io/#/testing?id=testing-policies +class AdoptablePetPolicyTest < ActiveSupport::TestCase + def setup + @policy = -> { AdoptablePetPolicy.new(@pet, user: @user) } + end + + context "#show?" do + setup do + @action = -> { @policy.call.apply(:show?) } + end + + context "when pet is not published" do + setup do + @pet = create(:pet, published: false) + end + + context "when user is nil" do + setup do + @user = nil + end + + should "return false" do + assert_equal @action.call, false + end + end + + context "when user is adopter" do + setup do + @user = create(:user, :adopter_without_profile) + end + + should "return false" do + assert_equal @action.call, false + end + end + + context "when user is staff" do + setup do + @user = create(:user, :activated_staff) + end + + should "return true" do + assert_equal @action.call, true + end + end + end + + context "when pet is published" do + setup do + @pet = create(:pet, published: true) + @user = nil + end + + should "return true" do + assert_equal @action.call, true + end + end + end +end From a7b67736f0a5ffcaeb5449c63604d88a5d15041e Mon Sep 17 00:00:00 2001 From: mononoken Date: Tue, 30 Jan 2024 21:07:58 -0800 Subject: [PATCH 005/115] Skip authorization for Organizations::HomeController#index --- app/controllers/organizations/home_controller.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/controllers/organizations/home_controller.rb b/app/controllers/organizations/home_controller.rb index 43a556d0f..a3cb7b020 100644 --- a/app/controllers/organizations/home_controller.rb +++ b/app/controllers/organizations/home_controller.rb @@ -1,4 +1,6 @@ class Organizations::HomeController < Organizations::BaseController + skip_verify_authorized only: %i[index] + def index end end From 998adc718135c009892bef84ee2383fca7112aa8 Mon Sep 17 00:00:00 2001 From: mononoken Date: Tue, 30 Jan 2024 21:08:07 -0800 Subject: [PATCH 006/115] Implement AdoptablePetPolicy --- app/controllers/adoptable_pets_controller.rb | 6 +++--- app/policies/adoptable_pet_policy.rb | 21 ++++++++++++++++++++ 2 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 app/policies/adoptable_pet_policy.rb diff --git a/app/controllers/adoptable_pets_controller.rb b/app/controllers/adoptable_pets_controller.rb index 19457fbd7..83646da15 100644 --- a/app/controllers/adoptable_pets_controller.rb +++ b/app/controllers/adoptable_pets_controller.rb @@ -1,4 +1,6 @@ class AdoptablePetsController < Organizations::BaseController + skip_verify_authorized only: %i[index] + def index @pets = Pet.includes(:adopter_applications, images_attachments: :blob) .published @@ -8,9 +10,7 @@ def index def show @pet = Pet.find(params[:id]) - unless @pet.published - redirect_to adoptable_pets_path, alert: "You can only view published pets." - end + authorize! @pet, with: AdoptablePetPolicy if AdopterApplication.adoption_exists?(current_user&.adopter_account&.id, @pet.id) @adoption_application = AdopterApplication.where(pet_id: @pet.id, diff --git a/app/policies/adoptable_pet_policy.rb b/app/policies/adoptable_pet_policy.rb new file mode 100644 index 000000000..73a674a65 --- /dev/null +++ b/app/policies/adoptable_pet_policy.rb @@ -0,0 +1,21 @@ +class AdoptablePetPolicy < ApplicationPolicy + authorize :user, allow_nil: true + + def show? + staff? || published? + end + + private + + def published? + record.published? + end + + def staff? + user&.staff_account.present? + end + + def adopter? + user&.adopter_account.present? + end +end From 61bef2f5c87452f21bfe742ed8d36e766332fa41 Mon Sep 17 00:00:00 2001 From: mononoken Date: Wed, 31 Jan 2024 21:05:57 -0800 Subject: [PATCH 007/115] Fix typos in seed file --- db/seeds/01_alta.rb | 4 ++-- db/seeds/02_baja.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/db/seeds/01_alta.rb b/db/seeds/01_alta.rb index 3bc547148..8645efc07 100644 --- a/db/seeds/01_alta.rb +++ b/db/seeds/01_alta.rb @@ -25,7 +25,7 @@ user_id: @user_staff_one.id ) - @staff_account_one.add_role(:admin, @organizaton) + @staff_account_one.add_role(:admin, @organization) @user_staff_two = User.create!( email: "staff2@alta.com", @@ -40,7 +40,7 @@ user_id: @user_staff_two.id ) - @staff_account_two.add_role(:admin, @organizaton) + @staff_account_two.add_role(:admin, @organization) @user_adopter_one = User.create!( email: "adopter1@alta.com", diff --git a/db/seeds/02_baja.rb b/db/seeds/02_baja.rb index 4ac901c27..9d8516d45 100644 --- a/db/seeds/02_baja.rb +++ b/db/seeds/02_baja.rb @@ -25,7 +25,7 @@ user_id: @user_staff_one.id ) - @staff_account_one.add_role(:admin, @organizaton) + @staff_account_one.add_role(:admin, @organization) @user_staff_two = User.create!( email: "staff2@baja.com", @@ -40,7 +40,7 @@ user_id: @user_staff_two.id ) - @staff_account_two.add_role(:admin, @organizaton) + @staff_account_two.add_role(:admin, @organization) @user_adopter_one = User.create!( email: "adopter1@baja.com", From 0054de3a303b4f2d015ee9ebd012b763ce30ba4d Mon Sep 17 00:00:00 2001 From: mononoken Date: Thu, 1 Feb 2024 02:08:00 -0800 Subject: [PATCH 008/115] Remove rolify to StaffAccount --- app/models/organization.rb | 2 -- app/models/role.rb | 29 ------------------- app/models/staff_account.rb | 1 - app/models/task.rb | 1 + config/initializers/rolify.rb | 10 ------- ...73756_remove_rolify_with_staff_accounts.rb | 6 ++++ db/schema.rb | 21 ++------------ test/models/role_test.rb | 14 --------- 8 files changed, 9 insertions(+), 75 deletions(-) delete mode 100644 app/models/role.rb delete mode 100644 config/initializers/rolify.rb create mode 100644 db/migrate/20240201073756_remove_rolify_with_staff_accounts.rb delete mode 100644 test/models/role_test.rb diff --git a/app/models/organization.rb b/app/models/organization.rb index b1c951664..afcaf5cd9 100644 --- a/app/models/organization.rb +++ b/app/models/organization.rb @@ -13,8 +13,6 @@ # index_organizations_on_slug (slug) UNIQUE # class Organization < ApplicationRecord - resourcify # rolify - has_many :staff_accounts has_many :users, through: :staff_accounts has_many :pets diff --git a/app/models/role.rb b/app/models/role.rb deleted file mode 100644 index ad6903edf..000000000 --- a/app/models/role.rb +++ /dev/null @@ -1,29 +0,0 @@ -# == Schema Information -# -# Table name: roles -# -# id :bigint not null, primary key -# name :string -# resource_type :string -# created_at :datetime not null -# updated_at :datetime not null -# resource_id :bigint -# -# Indexes -# -# index_roles_on_name_and_resource_type_and_resource_id (name,resource_type,resource_id) -# index_roles_on_resource (resource_type,resource_id) -# -class Role < ApplicationRecord - has_and_belongs_to_many :staff_accounts, join_table: :staff_accounts_roles - - belongs_to :resource, - polymorphic: true, - optional: true - - validates :resource_type, - inclusion: {in: Rolify.resource_types}, - allow_nil: true - - scopify -end diff --git a/app/models/staff_account.rb b/app/models/staff_account.rb index 11f7a507c..499cc27f2 100644 --- a/app/models/staff_account.rb +++ b/app/models/staff_account.rb @@ -22,7 +22,6 @@ class StaffAccount < ApplicationRecord acts_as_tenant(:organization) belongs_to :user - rolify def email user.email.to_s diff --git a/app/models/task.rb b/app/models/task.rb index 5ada094de..bcd922c37 100644 --- a/app/models/task.rb +++ b/app/models/task.rb @@ -5,6 +5,7 @@ # id :bigint not null, primary key # completed :boolean # description :text +# due_date :datetime # name :string not null # created_at :datetime not null # updated_at :datetime not null diff --git a/config/initializers/rolify.rb b/config/initializers/rolify.rb deleted file mode 100644 index da8907ef1..000000000 --- a/config/initializers/rolify.rb +++ /dev/null @@ -1,10 +0,0 @@ -Rolify.configure do |config| - # By default ORM adapter is ActiveRecord. uncomment to use mongoid - # config.use_mongoid - - # Dynamic shortcuts for User class (user.is_admin? like methods). Default is: false - # config.use_dynamic_shortcuts - - # Configuration to remove roles from database once the last resource is removed. Default is: true - # config.remove_role_if_empty = false -end diff --git a/db/migrate/20240201073756_remove_rolify_with_staff_accounts.rb b/db/migrate/20240201073756_remove_rolify_with_staff_accounts.rb new file mode 100644 index 000000000..84660b9a0 --- /dev/null +++ b/db/migrate/20240201073756_remove_rolify_with_staff_accounts.rb @@ -0,0 +1,6 @@ +class RemoveRolifyWithStaffAccounts < ActiveRecord::Migration[7.0] + def change + drop_table :roles + drop_table :staff_accounts_roles + end +end diff --git a/db/schema.rb b/db/schema.rb index 3b57f21a1..2599dd513 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.0].define(version: 2024_01_22_001134) do +ActiveRecord::Schema[7.0].define(version: 2024_02_01_073756) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -205,16 +205,6 @@ t.index ["organization_id"], name: "index_pets_on_organization_id" end - create_table "roles", force: :cascade do |t| - t.string "name" - t.string "resource_type" - t.bigint "resource_id" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - t.index ["name", "resource_type", "resource_id"], name: "index_roles_on_name_and_resource_type_and_resource_id" - t.index ["resource_type", "resource_id"], name: "index_roles_on_resource" - end - create_table "staff_accounts", force: :cascade do |t| t.datetime "created_at", null: false t.datetime "updated_at", null: false @@ -225,14 +215,6 @@ t.index ["user_id"], name: "index_staff_accounts_on_user_id" end - create_table "staff_accounts_roles", id: false, force: :cascade do |t| - t.bigint "staff_account_id" - t.bigint "role_id" - t.index ["role_id"], name: "index_staff_accounts_roles_on_role_id" - t.index ["staff_account_id", "role_id"], name: "index_staff_accounts_roles_on_staff_account_id_and_role_id" - t.index ["staff_account_id"], name: "index_staff_accounts_roles_on_staff_account_id" - end - create_table "tasks", force: :cascade do |t| t.string "name", null: false t.text "description" @@ -240,6 +222,7 @@ t.bigint "pet_id", null: false t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.datetime "due_date" t.index ["pet_id"], name: "index_tasks_on_pet_id" end diff --git a/test/models/role_test.rb b/test/models/role_test.rb deleted file mode 100644 index 3b51ebe52..000000000 --- a/test/models/role_test.rb +++ /dev/null @@ -1,14 +0,0 @@ -# frozen_string_literal: true - -require "test_helper" - -class RoleTest < ActiveSupport::TestCase - context "associations" do - should have_and_belong_to_many(:staff_accounts).join_table(:staff_accounts_roles) - should belong_to(:resource).optional - end - - context "validations" do - should validate_inclusion_of(:resource_type).in_array(Rolify.resource_types).allow_nil - end -end From dd0d25dba552a5df95e230cc0a96347c610f197b Mon Sep 17 00:00:00 2001 From: mononoken Date: Thu, 1 Feb 2024 02:27:02 -0800 Subject: [PATCH 009/115] Add rolify Role back but paired with User --- app/models/role.rb | 29 +++++++++++++++++++ app/models/user.rb | 1 + config/initializers/rolify.rb | 10 +++++++ ...01102207_rolify_create_roles_with_users.rb | 18 ++++++++++++ db/schema.rb | 20 ++++++++++++- test/models/role_test.rb | 7 +++++ 6 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 app/models/role.rb create mode 100644 config/initializers/rolify.rb create mode 100644 db/migrate/20240201102207_rolify_create_roles_with_users.rb create mode 100644 test/models/role_test.rb diff --git a/app/models/role.rb b/app/models/role.rb new file mode 100644 index 000000000..d0dafedf3 --- /dev/null +++ b/app/models/role.rb @@ -0,0 +1,29 @@ +# == Schema Information +# +# Table name: roles +# +# id :bigint not null, primary key +# name :string +# resource_type :string +# created_at :datetime not null +# updated_at :datetime not null +# resource_id :bigint +# +# Indexes +# +# index_roles_on_name_and_resource_type_and_resource_id (name,resource_type,resource_id) +# index_roles_on_resource (resource_type,resource_id) +# +class Role < ApplicationRecord + has_and_belongs_to_many :users, join_table: :users_roles + + belongs_to :resource, + polymorphic: true, + optional: true + + validates :resource_type, + inclusion: {in: Rolify.resource_types}, + allow_nil: true + + scopify +end diff --git a/app/models/user.rb b/app/models/user.rb index 6d882ccc0..0d335bd0f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -34,6 +34,7 @@ # class User < ApplicationRecord include Avatarable + rolify acts_as_tenant(:organization) default_scope do diff --git a/config/initializers/rolify.rb b/config/initializers/rolify.rb new file mode 100644 index 000000000..bbf8fe263 --- /dev/null +++ b/config/initializers/rolify.rb @@ -0,0 +1,10 @@ +Rolify.configure do |config| + # By default ORM adapter is ActiveRecord. uncomment to use mongoid + # config.use_mongoid + + # Dynamic shortcuts for User class (user.is_admin? like methods). Default is: false + # config.use_dynamic_shortcuts + + # Configuration to remove roles from database once the last resource is removed. Default is: true + # config.remove_role_if_empty = false +end diff --git a/db/migrate/20240201102207_rolify_create_roles_with_users.rb b/db/migrate/20240201102207_rolify_create_roles_with_users.rb new file mode 100644 index 000000000..08b07c454 --- /dev/null +++ b/db/migrate/20240201102207_rolify_create_roles_with_users.rb @@ -0,0 +1,18 @@ +class RolifyCreateRolesWithUsers < ActiveRecord::Migration[7.0] + def change + create_table(:roles) do |t| + t.string :name + t.references :resource, polymorphic: true + + t.timestamps + end + + create_table(:users_roles, id: false) do |t| + t.references :user + t.references :role + end + + add_index(:roles, [:name, :resource_type, :resource_id]) + add_index(:users_roles, [:user_id, :role_id]) + end +end diff --git a/db/schema.rb b/db/schema.rb index 2599dd513..5c66176ab 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.0].define(version: 2024_02_01_073756) do +ActiveRecord::Schema[7.0].define(version: 2024_02_01_102207) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -205,6 +205,16 @@ t.index ["organization_id"], name: "index_pets_on_organization_id" end + create_table "roles", force: :cascade do |t| + t.string "name" + t.string "resource_type" + t.bigint "resource_id" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["name", "resource_type", "resource_id"], name: "index_roles_on_name_and_resource_type_and_resource_id" + t.index ["resource_type", "resource_id"], name: "index_roles_on_resource" + end + create_table "staff_accounts", force: :cascade do |t| t.datetime "created_at", null: false t.datetime "updated_at", null: false @@ -254,6 +264,14 @@ t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true end + create_table "users_roles", id: false, force: :cascade do |t| + t.bigint "user_id" + t.bigint "role_id" + t.index ["role_id"], name: "index_users_roles_on_role_id" + t.index ["user_id", "role_id"], name: "index_users_roles_on_user_id_and_role_id" + t.index ["user_id"], name: "index_users_roles_on_user_id" + end + add_foreign_key "active_storage_attachments", "active_storage_blobs", column: "blob_id" add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id" add_foreign_key "adopter_accounts", "users" diff --git a/test/models/role_test.rb b/test/models/role_test.rb new file mode 100644 index 000000000..5e1a9aeb1 --- /dev/null +++ b/test/models/role_test.rb @@ -0,0 +1,7 @@ +require "test_helper" + +class RoleTest < ActiveSupport::TestCase + # test "the truth" do + # assert true + # end +end From 89cb0b94969a577ac739104ee359adcc5b1a627d Mon Sep 17 00:00:00 2001 From: mononoken Date: Thu, 1 Feb 2024 21:32:49 -0800 Subject: [PATCH 010/115] Remove global authorization temporarily --- app/controllers/adoptable_pets_controller.rb | 2 +- app/controllers/application_controller.rb | 2 +- app/controllers/organizations/home_controller.rb | 2 +- app/controllers/root_controller.rb | 2 +- app/controllers/static_pages_controller.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/controllers/adoptable_pets_controller.rb b/app/controllers/adoptable_pets_controller.rb index 83646da15..4f5b3d9b3 100644 --- a/app/controllers/adoptable_pets_controller.rb +++ b/app/controllers/adoptable_pets_controller.rb @@ -1,5 +1,5 @@ class AdoptablePetsController < Organizations::BaseController - skip_verify_authorized only: %i[index] + # skip_verify_authorized only: %i[index] def index @pets = Pet.includes(:adopter_applications, images_attachments: :blob) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c59088804..20837dc73 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,5 @@ class ApplicationController < ActionController::Base - verify_authorized unless: :devise_controller? + # verify_authorized unless: :devise_controller? before_action :set_current_user around_action :switch_locale diff --git a/app/controllers/organizations/home_controller.rb b/app/controllers/organizations/home_controller.rb index a3cb7b020..371ffd70f 100644 --- a/app/controllers/organizations/home_controller.rb +++ b/app/controllers/organizations/home_controller.rb @@ -1,5 +1,5 @@ class Organizations::HomeController < Organizations::BaseController - skip_verify_authorized only: %i[index] + # skip_verify_authorized only: %i[index] def index end diff --git a/app/controllers/root_controller.rb b/app/controllers/root_controller.rb index 2cb99259d..65648f759 100644 --- a/app/controllers/root_controller.rb +++ b/app/controllers/root_controller.rb @@ -1,5 +1,5 @@ class RootController < ApplicationController - skip_verify_authorized only: %i[index] + # skip_verify_authorized only: %i[index] def index if Current.organization diff --git a/app/controllers/static_pages_controller.rb b/app/controllers/static_pages_controller.rb index acb35adc1..41bede023 100644 --- a/app/controllers/static_pages_controller.rb +++ b/app/controllers/static_pages_controller.rb @@ -1,5 +1,5 @@ class StaticPagesController < ApplicationController - skip_verify_authorized only: %i[about_us cookie_policy donate faq partners privacy_policy terms_and_conditions] + # skip_verify_authorized only: %i[about_us cookie_policy donate faq partners privacy_policy terms_and_conditions] def home if !current_tenant From d30ed8601f5ed2a911c73cd0a1c99af2ada1b4b2 Mon Sep 17 00:00:00 2001 From: mononoken Date: Thu, 1 Feb 2024 21:38:29 -0800 Subject: [PATCH 011/115] Refactor app from StaffAccount roles to User roles and get existing tests back to green --- app/controllers/application_controller.rb | 2 +- .../organizations/invitations_controller.rb | 7 +++---- app/models/organization.rb | 3 +++ app/policies/adoptable_pet_policy.rb | 1 + app/services/organizations/create_service.rb | 4 ++-- app/views/layouts/dashboard/_sidebar.html.erb | 2 +- app/views/layouts/shared/_navbar.html.erb | 2 +- app/views/organizations/dashboard/_navbar.html.erb | 4 ++-- app/views/organizations/invitations/_form.html.erb | 11 +++++------ app/views/organizations/staff/index.html.erb | 4 ++-- db/seeds/01_alta.rb | 4 ++-- db/seeds/02_baja.rb | 4 ++-- test/factories.rb | 11 ++++------- test/integration/organizations/invite_staff_test.rb | 4 ++-- 14 files changed, 31 insertions(+), 32 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 20837dc73..3c7eccc9c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -42,7 +42,7 @@ def pet_in_same_organization?(org_id) def require_organization_admin return if user_signed_in? && current_user.staff_account && - current_user.staff_account.has_role?(:admin, current_user.staff_account.organization) + current_user.has_role?(:admin, current_user.staff_account.organization) redirect_to root_path, alert: "Unauthorized action." end diff --git a/app/controllers/organizations/invitations_controller.rb b/app/controllers/organizations/invitations_controller.rb index 2945683a9..c2d85a79a 100644 --- a/app/controllers/organizations/invitations_controller.rb +++ b/app/controllers/organizations/invitations_controller.rb @@ -10,11 +10,11 @@ def new end def create - @user = User.new(user_params.merge(password: SecureRandom.hex(8)).except(:staff_account_attributes)) + @user = User.new(user_params.merge(password: SecureRandom.hex(8)).except(:roles)) @user.staff_account = StaffAccount.new if @user.save - @user.staff_account.add_role(user_params[:staff_account_attributes][:roles]) + @user.add_role(user_params[:roles], Current.organization) @user.invite!(current_user) redirect_to staff_index_path, notice: "Invite sent!" else @@ -26,8 +26,7 @@ def create def user_params params.require(:user) - .permit(:first_name, :last_name, :email, - staff_account_attributes: [:roles]) + .permit(:first_name, :last_name, :email, :roles) end def after_accept_path_for(_resource) diff --git a/app/models/organization.rb b/app/models/organization.rb index afcaf5cd9..e1a2e3ea3 100644 --- a/app/models/organization.rb +++ b/app/models/organization.rb @@ -13,6 +13,9 @@ # index_organizations_on_slug (slug) UNIQUE # class Organization < ApplicationRecord + # Rolify resource + resourcify + has_many :staff_accounts has_many :users, through: :staff_accounts has_many :pets diff --git a/app/policies/adoptable_pet_policy.rb b/app/policies/adoptable_pet_policy.rb index 73a674a65..b991628dd 100644 --- a/app/policies/adoptable_pet_policy.rb +++ b/app/policies/adoptable_pet_policy.rb @@ -3,6 +3,7 @@ class AdoptablePetPolicy < ApplicationPolicy def show? staff? || published? + # permission?(:manage_pets) || published? end private diff --git a/app/services/organizations/create_service.rb b/app/services/organizations/create_service.rb index 2ebd3828a..3babb078c 100644 --- a/app/services/organizations/create_service.rb +++ b/app/services/organizations/create_service.rb @@ -86,9 +86,9 @@ def create_staff_account end def add_admin_role_to_staff_account - @staff_account.add_role(:admin) + @user.add_role(:admin) - if !@staff_account.has_role?(:admin) + if !@user.has_role?(:admin) raise StandardError, "Failed to add admin role" end end diff --git a/app/views/layouts/dashboard/_sidebar.html.erb b/app/views/layouts/dashboard/_sidebar.html.erb index 3bbb37bb4..8c7f7ea23 100644 --- a/app/views/layouts/dashboard/_sidebar.html.erb +++ b/app/views/layouts/dashboard/_sidebar.html.erb @@ -45,7 +45,7 @@ Default Pet Tasks <% end %> - <% if current_user.staff_account && current_user.staff_account.has_role?(:admin, current_user.staff_account.organization) %> + <% if current_user.staff_account && current_user.has_role?(:admin, current_user.staff_account.organization) %>
  • <%= active_link_to edit_organization_profile_path, class: "nav-link" do %> Settings diff --git a/app/views/layouts/shared/_navbar.html.erb b/app/views/layouts/shared/_navbar.html.erb index a85ca7db0..197f3dcbc 100644 --- a/app/views/layouts/shared/_navbar.html.erb +++ b/app/views/layouts/shared/_navbar.html.erb @@ -64,7 +64,7 @@ <% end %>
    • - <% if current_user.staff_account && current_user.staff_account.has_role?(:admin, current_user.staff_account.organization) %> + <% if current_user.staff_account && current_user.has_role?(:admin, current_user.staff_account.organization) %>
    *Admin*
    <% end %> <% end %> diff --git a/app/views/organizations/dashboard/_navbar.html.erb b/app/views/organizations/dashboard/_navbar.html.erb index fdef63c6d..18af24824 100644 --- a/app/views/organizations/dashboard/_navbar.html.erb +++ b/app/views/organizations/dashboard/_navbar.html.erb @@ -7,7 +7,7 @@