NPO-Accounting/houdini
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rubocop controller concerns and specs

Browse source
This commit is contained in:
Eric Schultz 2021-02-24 12:27:48 -06:00 committed by Eric Schultz
parent 03a425b329
commit 8c47573501
11 changed files with 232 additions and 214 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.rubocop.yml
View file

@ -210,15 +210,6 @@ AllCops:
- 'app/controllers/users/sessions_controller.rb'
- 'app/controllers/users/registrations_controller.rb'
- 'app/controllers/users/confirmations_controller.rb'
- 'app/controllers/concerns/controllers/nonprofit/authorization.rb'
- 'app/controllers/concerns/controllers/nonprofit/current.rb'
- 'app/controllers/concerns/controllers/supporter/current.rb'
- 'app/controllers/concerns/controllers/campaign/authorization.rb'
- 'app/controllers/concerns/controllers/campaign/current.rb'
- 'app/controllers/concerns/controllers/event/authorization.rb'
- 'app/controllers/concerns/controllers/event/current.rb'
- 'app/controllers/concerns/controllers/user/authorization.rb'
- 'app/controllers/concerns/controllers/locale.rb'
- 'app/controllers/image_attachments_controller.rb'
- 'app/controllers/ticket_levels_controller.rb'
- 'app/controllers/campaigns/supporters_controller.rb'
@ -635,7 +626,6 @@ AllCops:
- 'spec/controllers/direct_debit_details_spec.rb'
- 'spec/controllers/emails_spec.rb'
- 'spec/controllers/ticket_levels_spec.rb'
- 'spec/controllers/concerns/supporter/current_spec.rb'
- 'spec/controllers/support/new_controller_user_context.rb'
- 'spec/controllers/support/shared_user_context.rb'
- 'spec/controllers/campaigns/donations_spec.rb'
@ -753,9 +743,10 @@ Layout/IndentationStyle:
Layout/IndentationWidth:
Width: 1
Metric/BlockLength:
Metrics/BlockLength:
Exclude:
- '**/*_spec.rb'
RSpec/ExampleLength:
Max: 20

34
app/controllers/concerns/controllers/campaign/authorization.rb
View file

@ -3,18 +3,24 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Campaign::Authorization
extend ActiveSupport::Concern
include Controllers::Nonprofit::Authorization
extend ActiveSupport::Concern
include Controllers::Nonprofit::Authorization
included do
private
def current_campaign_editor?
!params[:preview] && (current_nonprofit_user? || current_role?(:campaign_editor, current_campaign.id) || current_role?(:super_admin))
end
def authenticate_campaign_editor!
unless current_campaign_editor?
reject_with_sign_in 'You need to be a campaign editor to do that.'
end
end
end
end
included do
private
def current_campaign_editor?
!params[:preview] && (
current_nonprofit_user? ||
current_role?(:campaign_editor, current_campaign.id) ||
current_role?(:super_admin)
)
end
def authenticate_campaign_editor!
return if current_campaign_editor?
reject_with_sign_in 'You need to be a campaign editor to do that.'
end
end
end

25
app/controllers/concerns/controllers/campaign/current.rb
View file

@ -3,16 +3,17 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Campaign::Current
extend ActiveSupport::Concern
include Controllers::Nonprofit::Current
extend ActiveSupport::Concern
include Controllers::Nonprofit::Current
included do
private
def current_campaign
@campaign ||= FetchCampaign.with_params params, current_nonprofit
raise ActionController::RoutingError, 'Campaign not found' if @campaign.nil?
@campaign
end
end
end
included do
private
def current_campaign
@campaign ||= FetchCampaign.with_params params, current_nonprofit
raise ActionController::RoutingError, 'Campaign not found' if @campaign.nil?
@campaign
end
end
end

39
app/controllers/concerns/controllers/event/authorization.rb
View file

@ -3,24 +3,29 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Event::Authorization
extend ActiveSupport::Concern
include Controllers::Nonprofit::Authorization
extend ActiveSupport::Concern
include Controllers::Nonprofit::Authorization
included do
private
included do
private
def current_event_admin?
current_nonprofit_admin?
end
def current_event_admin?
current_nonprofit_admin?
end
def current_event_editor?
!params[:preview] && (current_nonprofit_user? || current_role?(:event_editor, current_event.id) || current_role?(:super_admin))
end
def current_event_editor?
!params[:preview] && (
current_nonprofit_user? || current_role?(
:event_editor,
current_event.id
) || current_role?(:super_admin)
)
end
def authenticate_event_editor!
unless current_event_editor?
reject_with_sign_in 'You need to be the event organizer or a nonprofit administrator before doing that.'
end
end
end
end
def authenticate_event_editor!
return if current_event_editor?
reject_with_sign_in 'You need to be the event organizer or a nonprofit administrator before doing that.'
end
end
end

23
app/controllers/concerns/controllers/event/current.rb
View file

@ -3,16 +3,17 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Event::Current
extend ActiveSupport::Concern
include Controllers::Nonprofit::Current
extend ActiveSupport::Concern
include Controllers::Nonprofit::Current
included do
private
def current_event
@event ||= FetchEvent.with_params params, current_nonprofit
raise ActionController::RoutingError, 'Event not found' if @event.nil?
included do
private
@event
end
end
end
def current_event
@event ||= FetchEvent.with_params params, current_nonprofit
raise ActionController::RoutingError, 'Event not found' if @event.nil?
@event
end
end
end

29
app/controllers/concerns/controllers/locale.rb
View file

@ -2,19 +2,22 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
# rubocop:disable Style/ConditionalAssignment
module Controllers::Locale
extend ActiveSupport::Concern
extend ActiveSupport::Concern
included do
before_action :set_locale
included do
before_action :set_locale
private
def set_locale
if params[:locale] && Houdini.intl.available_locales.include?(params[:locale])
I18n.locale = params[:locale]
else
I18n.locale = Houdini.intl.language
end
end
end
end
private
def set_locale
if params[:locale] && Houdini.intl.available_locales.include?(params[:locale])
I18n.locale = params[:locale]
else
I18n.locale = Houdini.intl.language
end
end
end
end
# rubocop:enable all

49
app/controllers/concerns/controllers/nonprofit/authorization.rb
View file

@ -3,31 +3,36 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Nonprofit::Authorization
extend ActiveSupport::Concern
include Controllers::User::Authorization
extend ActiveSupport::Concern
include Controllers::User::Authorization
included do
helper_method :current_nonprofit_user?
private
def authenticate_nonprofit_user!(type: :web)
reject_with_sign_in 'Please sign in' unless current_nonprofit_user?
end
included do
helper_method :current_nonprofit_user?
def authenticate_nonprofit_admin!
reject_with_sign_in 'Please sign in' unless current_nonprofit_admin?
end
private
def current_nonprofit_user?
return false if params[:preview]
return false unless current_nonprofit_without_exception
def authenticate_nonprofit_user!
reject_with_sign_in 'Please sign in' unless current_nonprofit_user?
end
@current_user_role ||= current_role?(%i[nonprofit_admin nonprofit_associate], current_nonprofit_without_exception.id) || current_role?(:super_admin)
end
def authenticate_nonprofit_admin!
reject_with_sign_in 'Please sign in' unless current_nonprofit_admin?
end
def current_nonprofit_admin?
return false if !current_user || current_user.roles.empty?
def current_nonprofit_user?
return false if params[:preview]
return false unless current_nonprofit_without_exception
@current_admin_role ||= current_role?(:nonprofit_admin, current_nonprofit.id) || current_role?(:super_admin)
end
end
end
@current_nonprofit_user ||= current_role?(
%i[nonprofit_admin nonprofit_associate],
current_nonprofit_without_exception.id
) || current_role?(:super_admin)
end
def current_nonprofit_admin?
return false if !current_user || current_user.roles.empty?
@current_nonprofit_admin ||= current_role?(:nonprofit_admin, current_nonprofit.id) || current_role?(:super_admin)
end
end
end

28
app/controllers/concerns/controllers/nonprofit/current.rb
View file

@ -3,19 +3,19 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Nonprofit::Current
extend ActiveSupport::Concern
included do
private
def current_nonprofit
@nonprofit = current_nonprofit_without_exception
raise ActionController::RoutingError, 'Nonprofit not found' if @nonprofit.nil?
extend ActiveSupport::Concern
included do
private
@nonprofit
end
def current_nonprofit
@nonprofit = current_nonprofit_without_exception
raise ActionController::RoutingError, 'Nonprofit not found' if @nonprofit.nil?
def current_nonprofit_without_exception
key = "current_nonprofit_#{current_user_id}_params_#{[params[:state_code], params[:city], params[:name], params[:nonprofit_id], params[:id]].join('_')}"
FetchNonprofit.with_params params, administered_nonprofit
end
end
end
@nonprofit
end
def current_nonprofit_without_exception
FetchNonprofit.with_params params, administered_nonprofit
end
end
end

19
app/controllers/concerns/controllers/supporter/current.rb
View file

@ -3,12 +3,13 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Supporter::Current
include Controllers::Nonprofit::Current
extend ActiveSupport::Concern
included do
private
def current_supporter
current_nonprofit.supporters.find(params[:supporter_id] || params[:id])
end
end
end
include Controllers::Nonprofit::Current
extend ActiveSupport::Concern
included do
private
def current_supporter
current_nonprofit.supporters.find(params[:supporter_id] || params[:id])
end
end
end

143
app/controllers/concerns/controllers/user/authorization.rb
View file

@ -3,81 +3,86 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::User::Authorization
extend ActiveSupport::Concern
extend ActiveSupport::Concern
included do
helper_method :current_role?, :administered_nonprofit
private
def authenticate_user!(msg=nil, type= :html)
reject_with_sign_in(msg, type) unless current_user
end
# rubocop:disable Metrics/BlockLength
# rubocop:disable Layout/LineLength
included do
helper_method :current_role?, :administered_nonprofit
def reject_with_sign_in(msg=nil, type= :html)
if type == :html
block_with_sign_in(msg)
else
render json: {message:msg}, status: :unauthorized
end
end
private
def block_with_sign_in(msg = nil)
store_location
if current_user
flash[:notice] = "It looks like you're not allowed to access that page. If this seems like a mistake, please contact #{Houdini.support_email}"
redirect_to root_path
else
msg ||= 'We need to sign you in before you can do that.'
redirect_to new_user_session_path, flash: { error: msg }
end
end
def authenticate_user!(msg = nil, type = :html)
reject_with_sign_in(msg, type) unless current_user
end
def current_role?(role_names, host_id = nil)
return false unless current_user
def reject_with_sign_in(msg = nil, type = :html)
if type == :html
block_with_sign_in(msg)
else
render json: { message: msg }, status: :unauthorized
end
end
role_names = Array(role_names)
key = "current_role_user_#{current_user_id}_names_#{role_names.join('_')}_host_#{host_id}"
QueryRoles.user_has_role?(current_user.id, role_names, host_id)
end
def block_with_sign_in(msg = nil)
store_location
if current_user
flash[:notice] =
"It looks like you're not allowed to access that page. If this seems like a mistake, please contact #{Houdini.support_email}"
redirect_to root_path
else
msg ||= 'We need to sign you in before you can do that.'
redirect_to new_user_session_path, flash: { error: msg }
end
end
def authenticate_confirmed_user!(msg=nil, type= :html)
if !current_user
reject_with_sign_in(msg, type)
elsif !current_user.confirmed? && !current_role?(%i[super_associate super_admin])
if type == :html
redirect_to new_user_confirmation_path, flash: { error: 'You need to confirm your account to do that.' }
else
render json: {message:msg}, status: :unauthorized
end
end
end
def authenticate_super_associate!
unless current_role?(:super_admin) || current_role?(:super_associate)
reject_with_sign_in 'Please login.'
end
end
def authenticate_super_admin!
reject_with_sign_in 'Please login.' unless current_role?(:super_admin)
end
def current_role?(role_names, host_id = nil)
return false unless current_user
def store_location
referrer = request.fullpath
no_redirects = ['/users', '/signup', '/signin', '/users/sign_in', '/users/sign_up', '/users/password', '/users/sign_out', /.*\.json.*/, %r{.*auth/facebook.*}]
unless request.format.symbol == :json || no_redirects.map { |p| referrer.match(p) }.any?
session[:previous_url] = referrer
end
end
role_names = Array(role_names)
QueryRoles.user_has_role?(current_user.id, role_names, host_id)
end
def administered_nonprofit
return nil unless current_user
key = "administered_nonprofit_user_#{current_user_id}_nonprofit"
::Nonprofit.where(id: QueryRoles.host_ids(current_user_id, %i[nonprofit_admin nonprofit_associate])).last
end
def authenticate_confirmed_user!(msg = nil, type = :html)
if !current_user
reject_with_sign_in(msg, type)
elsif !current_user.confirmed? && !current_role?(%i[super_associate super_admin])
if type == :html
redirect_to new_user_confirmation_path, flash: { error: 'You need to confirm your account to do that.' }
else
render json: { message: msg }, status: :unauthorized
end
end
end
def current_user_id
current_user&.id
end
end
end
def authenticate_super_associate!
reject_with_sign_in 'Please login.' unless current_role?(:super_admin) || current_role?(:super_associate)
end
def authenticate_super_admin!
reject_with_sign_in 'Please login.' unless current_role?(:super_admin)
end
def store_location
referrer = request.fullpath
no_redirects = ['/users', '/signup', '/signin', '/users/sign_in', '/users/sign_up', '/users/password',
'/users/sign_out', /.*\.json.*/, %r{.*auth/facebook.*}]
return if request.format.symbol == :json || no_redirects.map { |p| referrer.match(p) }.any?
session[:previous_url] = referrer
end
def administered_nonprofit
return nil unless current_user
::Nonprofit.where(id: QueryRoles.host_ids(current_user_id, %i[nonprofit_admin nonprofit_associate])).last
end
def current_user_id
current_user&.id
end
end
end
# rubocop:enable all

44
spec/controllers/concerns/supporter/current_spec.rb
View file

@ -1,47 +1,47 @@
#frozen_string_literal: true
# frozen_string_literal: true
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
require 'rails_helper'
describe 'Controllers::Supporter::Current', type: :controller do
let(:nonprofit) { force_create(:nm_justice)}
let(:supporter) { force_create(:supporter)}
let(:nonprofit) { force_create(:nm_justice) }
let(:supporter) { force_create(:supporter) }
class TestController < ApplicationController
controller(ApplicationController) do
include Controllers::User::Authorization
include Controllers::Supporter::Current
end
controller(TestController) do
def index
render json: {
supporter: "supporters: #{current_supporter.id}",
supporter: "supporters: #{current_supporter.id}",
nonprofit: "nonprofit: #{current_nonprofit.id}"
}
end
end
it 'handles situations where we use id' do
nonprofit
supporter
get :index, params: {nonprofit_id: nonprofit.id, id: supporter.id}
expect(JSON::parse(response.body)).to eq({
'supporter' => "supporters: #{supporter.id}",
'nonprofit' => "nonprofit: #{nonprofit.id}"
})
get :index, params: { nonprofit_id: nonprofit.id, id: supporter.id }
expect(JSON.parse(response.body)).to eq(
{
'supporter' => "supporters: #{supporter.id}",
'nonprofit' => "nonprofit: #{nonprofit.id}"
}
)
end
it 'handles situations where we use supporter_id' do
it 'handles situations where we use supporter_id' do
nonprofit
supporter
get :index, params: {nonprofit_id: nonprofit.id, supporter_id: supporter.id, id: 1}
expect(JSON::parse(response.body)).to eq({
'supporter' => "supporters: #{supporter.id}",
'nonprofit' => "nonprofit: #{nonprofit.id}"
})
get :index, params: { nonprofit_id: nonprofit.id, supporter_id: supporter.id, id: 1 }
expect(JSON.parse(response.body)).to eq(
{
'supporter' => "supporters: #{supporter.id}",
'nonprofit' => "nonprofit: #{nonprofit.id}"
}
)
end
end
end