Rubocop controller concerns and specs

This commit is contained in:
Eric Schultz 2021-02-24 12:27:48 -06:00 committed by Eric Schultz
parent 03a425b329
commit 8c47573501
11 changed files with 232 additions and 214 deletions

View file

@ -210,15 +210,6 @@ AllCops:
- 'app/controllers/users/sessions_controller.rb' - 'app/controllers/users/sessions_controller.rb'
- 'app/controllers/users/registrations_controller.rb' - 'app/controllers/users/registrations_controller.rb'
- 'app/controllers/users/confirmations_controller.rb' - 'app/controllers/users/confirmations_controller.rb'
- 'app/controllers/concerns/controllers/nonprofit/authorization.rb'
- 'app/controllers/concerns/controllers/nonprofit/current.rb'
- 'app/controllers/concerns/controllers/supporter/current.rb'
- 'app/controllers/concerns/controllers/campaign/authorization.rb'
- 'app/controllers/concerns/controllers/campaign/current.rb'
- 'app/controllers/concerns/controllers/event/authorization.rb'
- 'app/controllers/concerns/controllers/event/current.rb'
- 'app/controllers/concerns/controllers/user/authorization.rb'
- 'app/controllers/concerns/controllers/locale.rb'
- 'app/controllers/image_attachments_controller.rb' - 'app/controllers/image_attachments_controller.rb'
- 'app/controllers/ticket_levels_controller.rb' - 'app/controllers/ticket_levels_controller.rb'
- 'app/controllers/campaigns/supporters_controller.rb' - 'app/controllers/campaigns/supporters_controller.rb'
@ -635,7 +626,6 @@ AllCops:
- 'spec/controllers/direct_debit_details_spec.rb' - 'spec/controllers/direct_debit_details_spec.rb'
- 'spec/controllers/emails_spec.rb' - 'spec/controllers/emails_spec.rb'
- 'spec/controllers/ticket_levels_spec.rb' - 'spec/controllers/ticket_levels_spec.rb'
- 'spec/controllers/concerns/supporter/current_spec.rb'
- 'spec/controllers/support/new_controller_user_context.rb' - 'spec/controllers/support/new_controller_user_context.rb'
- 'spec/controllers/support/shared_user_context.rb' - 'spec/controllers/support/shared_user_context.rb'
- 'spec/controllers/campaigns/donations_spec.rb' - 'spec/controllers/campaigns/donations_spec.rb'
@ -753,9 +743,10 @@ Layout/IndentationStyle:
Layout/IndentationWidth: Layout/IndentationWidth:
Width: 1 Width: 1
Metric/BlockLength: Metrics/BlockLength:
Exclude: Exclude:
- '**/*_spec.rb' - '**/*_spec.rb'
RSpec/ExampleLength: RSpec/ExampleLength:
Max: 20 Max: 20

View file

@ -3,18 +3,24 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Campaign::Authorization module Controllers::Campaign::Authorization
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::Nonprofit::Authorization include Controllers::Nonprofit::Authorization
included do included do
private private
def current_campaign_editor?
!params[:preview] && (current_nonprofit_user? || current_role?(:campaign_editor, current_campaign.id) || current_role?(:super_admin)) def current_campaign_editor?
end !params[:preview] && (
def authenticate_campaign_editor! current_nonprofit_user? ||
unless current_campaign_editor? current_role?(:campaign_editor, current_campaign.id) ||
reject_with_sign_in 'You need to be a campaign editor to do that.' current_role?(:super_admin)
end )
end end
end
def authenticate_campaign_editor!
return if current_campaign_editor?
reject_with_sign_in 'You need to be a campaign editor to do that.'
end
end
end end

View file

@ -3,16 +3,17 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Campaign::Current module Controllers::Campaign::Current
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::Nonprofit::Current include Controllers::Nonprofit::Current
included do included do
private private
def current_campaign
@campaign ||= FetchCampaign.with_params params, current_nonprofit
raise ActionController::RoutingError, 'Campaign not found' if @campaign.nil?
@campaign def current_campaign
end @campaign ||= FetchCampaign.with_params params, current_nonprofit
end raise ActionController::RoutingError, 'Campaign not found' if @campaign.nil?
@campaign
end
end
end end

View file

@ -3,24 +3,29 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Event::Authorization module Controllers::Event::Authorization
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::Nonprofit::Authorization include Controllers::Nonprofit::Authorization
included do included do
private private
def current_event_admin? def current_event_admin?
current_nonprofit_admin? current_nonprofit_admin?
end end
def current_event_editor? def current_event_editor?
!params[:preview] && (current_nonprofit_user? || current_role?(:event_editor, current_event.id) || current_role?(:super_admin)) !params[:preview] && (
end current_nonprofit_user? || current_role?(
:event_editor,
current_event.id
) || current_role?(:super_admin)
)
end
def authenticate_event_editor! def authenticate_event_editor!
unless current_event_editor? return if current_event_editor?
reject_with_sign_in 'You need to be the event organizer or a nonprofit administrator before doing that.'
end reject_with_sign_in 'You need to be the event organizer or a nonprofit administrator before doing that.'
end end
end end
end end

View file

@ -3,16 +3,17 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Event::Current module Controllers::Event::Current
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::Nonprofit::Current include Controllers::Nonprofit::Current
included do included do
private private
def current_event
@event ||= FetchEvent.with_params params, current_nonprofit
raise ActionController::RoutingError, 'Event not found' if @event.nil?
@event def current_event
end @event ||= FetchEvent.with_params params, current_nonprofit
end raise ActionController::RoutingError, 'Event not found' if @event.nil?
@event
end
end
end end

View file

@ -2,19 +2,22 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
# rubocop:disable Style/ConditionalAssignment
module Controllers::Locale module Controllers::Locale
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
before_action :set_locale before_action :set_locale
private private
def set_locale
if params[:locale] && Houdini.intl.available_locales.include?(params[:locale]) def set_locale
I18n.locale = params[:locale] if params[:locale] && Houdini.intl.available_locales.include?(params[:locale])
else I18n.locale = params[:locale]
I18n.locale = Houdini.intl.language else
end I18n.locale = Houdini.intl.language
end end
end end
end
end end
# rubocop:enable all

View file

@ -3,31 +3,36 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Nonprofit::Authorization module Controllers::Nonprofit::Authorization
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::User::Authorization include Controllers::User::Authorization
included do included do
helper_method :current_nonprofit_user? helper_method :current_nonprofit_user?
private
def authenticate_nonprofit_user!(type: :web)
reject_with_sign_in 'Please sign in' unless current_nonprofit_user?
end
def authenticate_nonprofit_admin! private
reject_with_sign_in 'Please sign in' unless current_nonprofit_admin?
end
def current_nonprofit_user? def authenticate_nonprofit_user!
return false if params[:preview] reject_with_sign_in 'Please sign in' unless current_nonprofit_user?
return false unless current_nonprofit_without_exception end
@current_user_role ||= current_role?(%i[nonprofit_admin nonprofit_associate], current_nonprofit_without_exception.id) || current_role?(:super_admin) def authenticate_nonprofit_admin!
end reject_with_sign_in 'Please sign in' unless current_nonprofit_admin?
end
def current_nonprofit_admin? def current_nonprofit_user?
return false if !current_user || current_user.roles.empty? return false if params[:preview]
return false unless current_nonprofit_without_exception
@current_admin_role ||= current_role?(:nonprofit_admin, current_nonprofit.id) || current_role?(:super_admin) @current_nonprofit_user ||= current_role?(
end %i[nonprofit_admin nonprofit_associate],
end current_nonprofit_without_exception.id
) || current_role?(:super_admin)
end
def current_nonprofit_admin?
return false if !current_user || current_user.roles.empty?
@current_nonprofit_admin ||= current_role?(:nonprofit_admin, current_nonprofit.id) || current_role?(:super_admin)
end
end
end end

View file

@ -3,19 +3,19 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Nonprofit::Current module Controllers::Nonprofit::Current
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
private private
def current_nonprofit
@nonprofit = current_nonprofit_without_exception
raise ActionController::RoutingError, 'Nonprofit not found' if @nonprofit.nil?
@nonprofit def current_nonprofit
end @nonprofit = current_nonprofit_without_exception
raise ActionController::RoutingError, 'Nonprofit not found' if @nonprofit.nil?
def current_nonprofit_without_exception @nonprofit
key = "current_nonprofit_#{current_user_id}_params_#{[params[:state_code], params[:city], params[:name], params[:nonprofit_id], params[:id]].join('_')}" end
FetchNonprofit.with_params params, administered_nonprofit
end def current_nonprofit_without_exception
end FetchNonprofit.with_params params, administered_nonprofit
end
end
end end

View file

@ -3,12 +3,13 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Supporter::Current module Controllers::Supporter::Current
include Controllers::Nonprofit::Current include Controllers::Nonprofit::Current
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
private private
def current_supporter
current_nonprofit.supporters.find(params[:supporter_id] || params[:id]) def current_supporter
end current_nonprofit.supporters.find(params[:supporter_id] || params[:id])
end end
end
end end

View file

@ -3,81 +3,86 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::User::Authorization module Controllers::User::Authorization
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do # rubocop:disable Metrics/BlockLength
helper_method :current_role?, :administered_nonprofit # rubocop:disable Layout/LineLength
private included do
def authenticate_user!(msg=nil, type= :html) helper_method :current_role?, :administered_nonprofit
reject_with_sign_in(msg, type) unless current_user
end
def reject_with_sign_in(msg=nil, type= :html) private
if type == :html
block_with_sign_in(msg)
else
render json: {message:msg}, status: :unauthorized
end
end
def block_with_sign_in(msg = nil) def authenticate_user!(msg = nil, type = :html)
store_location reject_with_sign_in(msg, type) unless current_user
if current_user end
flash[:notice] = "It looks like you're not allowed to access that page. If this seems like a mistake, please contact #{Houdini.support_email}"
redirect_to root_path
else
msg ||= 'We need to sign you in before you can do that.'
redirect_to new_user_session_path, flash: { error: msg }
end
end
def current_role?(role_names, host_id = nil) def reject_with_sign_in(msg = nil, type = :html)
return false unless current_user if type == :html
block_with_sign_in(msg)
else
render json: { message: msg }, status: :unauthorized
end
end
role_names = Array(role_names) def block_with_sign_in(msg = nil)
key = "current_role_user_#{current_user_id}_names_#{role_names.join('_')}_host_#{host_id}" store_location
QueryRoles.user_has_role?(current_user.id, role_names, host_id) if current_user
end flash[:notice] =
"It looks like you're not allowed to access that page. If this seems like a mistake, please contact #{Houdini.support_email}"
redirect_to root_path
else
msg ||= 'We need to sign you in before you can do that.'
redirect_to new_user_session_path, flash: { error: msg }
end
end
def authenticate_confirmed_user!(msg=nil, type= :html) def current_role?(role_names, host_id = nil)
if !current_user return false unless current_user
reject_with_sign_in(msg, type)
elsif !current_user.confirmed? && !current_role?(%i[super_associate super_admin])
if type == :html
redirect_to new_user_confirmation_path, flash: { error: 'You need to confirm your account to do that.' }
else
render json: {message:msg}, status: :unauthorized
end
end
end
def authenticate_super_associate! role_names = Array(role_names)
unless current_role?(:super_admin) || current_role?(:super_associate) QueryRoles.user_has_role?(current_user.id, role_names, host_id)
reject_with_sign_in 'Please login.' end
end
end
def authenticate_super_admin! def authenticate_confirmed_user!(msg = nil, type = :html)
reject_with_sign_in 'Please login.' unless current_role?(:super_admin) if !current_user
end reject_with_sign_in(msg, type)
elsif !current_user.confirmed? && !current_role?(%i[super_associate super_admin])
if type == :html
redirect_to new_user_confirmation_path, flash: { error: 'You need to confirm your account to do that.' }
else
render json: { message: msg }, status: :unauthorized
end
end
end
def store_location def authenticate_super_associate!
referrer = request.fullpath reject_with_sign_in 'Please login.' unless current_role?(:super_admin) || current_role?(:super_associate)
no_redirects = ['/users', '/signup', '/signin', '/users/sign_in', '/users/sign_up', '/users/password', '/users/sign_out', /.*\.json.*/, %r{.*auth/facebook.*}] end
unless request.format.symbol == :json || no_redirects.map { |p| referrer.match(p) }.any?
session[:previous_url] = referrer
end
end
def administered_nonprofit def authenticate_super_admin!
return nil unless current_user reject_with_sign_in 'Please login.' unless current_role?(:super_admin)
end
key = "administered_nonprofit_user_#{current_user_id}_nonprofit" def store_location
::Nonprofit.where(id: QueryRoles.host_ids(current_user_id, %i[nonprofit_admin nonprofit_associate])).last referrer = request.fullpath
end no_redirects = ['/users', '/signup', '/signin', '/users/sign_in', '/users/sign_up', '/users/password',
'/users/sign_out', /.*\.json.*/, %r{.*auth/facebook.*}]
def current_user_id return if request.format.symbol == :json || no_redirects.map { |p| referrer.match(p) }.any?
current_user&.id
end session[:previous_url] = referrer
end end
def administered_nonprofit
return nil unless current_user
::Nonprofit.where(id: QueryRoles.host_ids(current_user_id, %i[nonprofit_admin nonprofit_associate])).last
end
def current_user_id
current_user&.id
end
end
end end
# rubocop:enable all

View file

@ -1,21 +1,17 @@
#frozen_string_literal: true # frozen_string_literal: true
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
require 'rails_helper' require 'rails_helper'
describe 'Controllers::Supporter::Current', type: :controller do describe 'Controllers::Supporter::Current', type: :controller do
let(:nonprofit) { force_create(:nm_justice)} let(:nonprofit) { force_create(:nm_justice) }
let(:supporter) { force_create(:supporter)} let(:supporter) { force_create(:supporter) }
class TestController < ApplicationController controller(ApplicationController) do
include Controllers::User::Authorization include Controllers::User::Authorization
include Controllers::Supporter::Current include Controllers::Supporter::Current
end
controller(TestController) do
def index def index
render json: { render json: {
supporter: "supporters: #{current_supporter.id}", supporter: "supporters: #{current_supporter.id}",
@ -27,21 +23,25 @@ describe 'Controllers::Supporter::Current', type: :controller do
it 'handles situations where we use id' do it 'handles situations where we use id' do
nonprofit nonprofit
supporter supporter
get :index, params: {nonprofit_id: nonprofit.id, id: supporter.id} get :index, params: { nonprofit_id: nonprofit.id, id: supporter.id }
expect(JSON::parse(response.body)).to eq({ expect(JSON.parse(response.body)).to eq(
'supporter' => "supporters: #{supporter.id}", {
'nonprofit' => "nonprofit: #{nonprofit.id}" 'supporter' => "supporters: #{supporter.id}",
}) 'nonprofit' => "nonprofit: #{nonprofit.id}"
}
)
end end
it 'handles situations where we use supporter_id' do it 'handles situations where we use supporter_id' do
nonprofit nonprofit
supporter supporter
get :index, params: {nonprofit_id: nonprofit.id, supporter_id: supporter.id, id: 1} get :index, params: { nonprofit_id: nonprofit.id, supporter_id: supporter.id, id: 1 }
expect(JSON::parse(response.body)).to eq({ expect(JSON.parse(response.body)).to eq(
'supporter' => "supporters: #{supporter.id}", {
'nonprofit' => "nonprofit: #{nonprofit.id}" 'supporter' => "supporters: #{supporter.id}",
}) 'nonprofit' => "nonprofit: #{nonprofit.id}"
}
)
end end
end end