NPO-Accounting/houdini
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rubocop controller concerns and specs

Browse source
This commit is contained in:
Eric Schultz 2021-02-24 12:27:48 -06:00 committed by Eric Schultz
parent 03a425b329
commit 8c47573501
11 changed files with 232 additions and 214 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.rubocop.yml
View file

@ -210,15 +210,6 @@ AllCops:
- 'app/controllers/users/sessions_controller.rb' - 'app/controllers/users/sessions_controller.rb'
- 'app/controllers/users/registrations_controller.rb' - 'app/controllers/users/registrations_controller.rb'
- 'app/controllers/users/confirmations_controller.rb' - 'app/controllers/users/confirmations_controller.rb'
- 'app/controllers/concerns/controllers/nonprofit/authorization.rb'
- 'app/controllers/concerns/controllers/nonprofit/current.rb'
- 'app/controllers/concerns/controllers/supporter/current.rb'
- 'app/controllers/concerns/controllers/campaign/authorization.rb'
- 'app/controllers/concerns/controllers/campaign/current.rb'
- 'app/controllers/concerns/controllers/event/authorization.rb'
- 'app/controllers/concerns/controllers/event/current.rb'
- 'app/controllers/concerns/controllers/user/authorization.rb'
- 'app/controllers/concerns/controllers/locale.rb'
- 'app/controllers/image_attachments_controller.rb' - 'app/controllers/image_attachments_controller.rb'
- 'app/controllers/ticket_levels_controller.rb' - 'app/controllers/ticket_levels_controller.rb'
- 'app/controllers/campaigns/supporters_controller.rb' - 'app/controllers/campaigns/supporters_controller.rb'
@ -635,7 +626,6 @@ AllCops:
- 'spec/controllers/direct_debit_details_spec.rb' - 'spec/controllers/direct_debit_details_spec.rb'
- 'spec/controllers/emails_spec.rb' - 'spec/controllers/emails_spec.rb'
- 'spec/controllers/ticket_levels_spec.rb' - 'spec/controllers/ticket_levels_spec.rb'
- 'spec/controllers/concerns/supporter/current_spec.rb'
- 'spec/controllers/support/new_controller_user_context.rb' - 'spec/controllers/support/new_controller_user_context.rb'
- 'spec/controllers/support/shared_user_context.rb' - 'spec/controllers/support/shared_user_context.rb'
- 'spec/controllers/campaigns/donations_spec.rb' - 'spec/controllers/campaigns/donations_spec.rb'
@ -753,9 +743,10 @@ Layout/IndentationStyle:
Layout/IndentationWidth: Layout/IndentationWidth:
Width: 1 Width: 1
Metric/BlockLength: Metrics/BlockLength:
Exclude: Exclude:
- '**/*_spec.rb' - '**/*_spec.rb'
RSpec/ExampleLength: RSpec/ExampleLength:
Max: 20 Max: 20

34
app/controllers/concerns/controllers/campaign/authorization.rb
View file

@ -3,18 +3,24 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Campaign::Authorization module Controllers::Campaign::Authorization
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::Nonprofit::Authorization include Controllers::Nonprofit::Authorization
included do included do
private private
def current_campaign_editor?
!params[:preview] && (current_nonprofit_user? || current_role?(:campaign_editor, current_campaign.id) || current_role?(:super_admin)) def current_campaign_editor?
end !params[:preview] && (
def authenticate_campaign_editor! current_nonprofit_user? ||
unless current_campaign_editor? current_role?(:campaign_editor, current_campaign.id) ||
reject_with_sign_in 'You need to be a campaign editor to do that.' current_role?(:super_admin)
end )
end end
end
end def authenticate_campaign_editor!
return if current_campaign_editor?
reject_with_sign_in 'You need to be a campaign editor to do that.'
end
end
end

25
app/controllers/concerns/controllers/campaign/current.rb
View file

@ -3,16 +3,17 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Campaign::Current module Controllers::Campaign::Current
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::Nonprofit::Current include Controllers::Nonprofit::Current
included do included do
private private
def current_campaign
@campaign ||= FetchCampaign.with_params params, current_nonprofit def current_campaign
raise ActionController::RoutingError, 'Campaign not found' if @campaign.nil? @campaign ||= FetchCampaign.with_params params, current_nonprofit
raise ActionController::RoutingError, 'Campaign not found' if @campaign.nil?
@campaign
end @campaign
end end
end end
end

39
app/controllers/concerns/controllers/event/authorization.rb
View file

@ -3,24 +3,29 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Event::Authorization module Controllers::Event::Authorization
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::Nonprofit::Authorization include Controllers::Nonprofit::Authorization
included do included do
private private
def current_event_admin? def current_event_admin?
current_nonprofit_admin? current_nonprofit_admin?
end end
def current_event_editor? def current_event_editor?
!params[:preview] && (current_nonprofit_user? || current_role?(:event_editor, current_event.id) || current_role?(:super_admin)) !params[:preview] && (
end current_nonprofit_user? || current_role?(
:event_editor,
current_event.id
) || current_role?(:super_admin)
)
end
def authenticate_event_editor! def authenticate_event_editor!
unless current_event_editor? return if current_event_editor?
reject_with_sign_in 'You need to be the event organizer or a nonprofit administrator before doing that.'
end reject_with_sign_in 'You need to be the event organizer or a nonprofit administrator before doing that.'
end end
end end
end end

23
app/controllers/concerns/controllers/event/current.rb
View file

@ -3,16 +3,17 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Event::Current module Controllers::Event::Current
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::Nonprofit::Current include Controllers::Nonprofit::Current
included do included do
private private
def current_event
@event ||= FetchEvent.with_params params, current_nonprofit
raise ActionController::RoutingError, 'Event not found' if @event.nil?
@event def current_event
end @event ||= FetchEvent.with_params params, current_nonprofit
end raise ActionController::RoutingError, 'Event not found' if @event.nil?
end
@event
end
end
end

29
app/controllers/concerns/controllers/locale.rb
View file

@ -2,19 +2,22 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
# rubocop:disable Style/ConditionalAssignment
module Controllers::Locale module Controllers::Locale
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
before_action :set_locale before_action :set_locale
private private
def set_locale
if params[:locale] && Houdini.intl.available_locales.include?(params[:locale]) def set_locale
I18n.locale = params[:locale] if params[:locale] && Houdini.intl.available_locales.include?(params[:locale])
else I18n.locale = params[:locale]
I18n.locale = Houdini.intl.language else
end I18n.locale = Houdini.intl.language
end end
end end
end end
end
# rubocop:enable all

49
app/controllers/concerns/controllers/nonprofit/authorization.rb
View file

@ -3,31 +3,36 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Nonprofit::Authorization module Controllers::Nonprofit::Authorization
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Controllers::User::Authorization include Controllers::User::Authorization
included do included do
helper_method :current_nonprofit_user? helper_method :current_nonprofit_user?
private
def authenticate_nonprofit_user!(type: :web)
reject_with_sign_in 'Please sign in' unless current_nonprofit_user?
end
def authenticate_nonprofit_admin! private
reject_with_sign_in 'Please sign in' unless current_nonprofit_admin?
end
def current_nonprofit_user? def authenticate_nonprofit_user!
return false if params[:preview] reject_with_sign_in 'Please sign in' unless current_nonprofit_user?
return false unless current_nonprofit_without_exception end
@current_user_role ||= current_role?(%i[nonprofit_admin nonprofit_associate], current_nonprofit_without_exception.id) || current_role?(:super_admin) def authenticate_nonprofit_admin!
end reject_with_sign_in 'Please sign in' unless current_nonprofit_admin?
end
def current_nonprofit_admin? def current_nonprofit_user?
return false if !current_user || current_user.roles.empty? return false if params[:preview]
return false unless current_nonprofit_without_exception
@current_admin_role ||= current_role?(:nonprofit_admin, current_nonprofit.id) || current_role?(:super_admin) @current_nonprofit_user ||= current_role?(
end %i[nonprofit_admin nonprofit_associate],
end current_nonprofit_without_exception.id
end ) || current_role?(:super_admin)
end
def current_nonprofit_admin?
return false if !current_user || current_user.roles.empty?
@current_nonprofit_admin ||= current_role?(:nonprofit_admin, current_nonprofit.id) || current_role?(:super_admin)
end
end
end

28
app/controllers/concerns/controllers/nonprofit/current.rb
View file

@ -3,19 +3,19 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Nonprofit::Current module Controllers::Nonprofit::Current
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
private private
def current_nonprofit
@nonprofit = current_nonprofit_without_exception
raise ActionController::RoutingError, 'Nonprofit not found' if @nonprofit.nil?
@nonprofit def current_nonprofit
end @nonprofit = current_nonprofit_without_exception
raise ActionController::RoutingError, 'Nonprofit not found' if @nonprofit.nil?
def current_nonprofit_without_exception @nonprofit
key = "current_nonprofit_#{current_user_id}_params_#{[params[:state_code], params[:city], params[:name], params[:nonprofit_id], params[:id]].join('_')}" end
FetchNonprofit.with_params params, administered_nonprofit
end def current_nonprofit_without_exception
end FetchNonprofit.with_params params, administered_nonprofit
end end
end
end

19
app/controllers/concerns/controllers/supporter/current.rb
View file

@ -3,12 +3,13 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::Supporter::Current module Controllers::Supporter::Current
include Controllers::Nonprofit::Current include Controllers::Nonprofit::Current
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
private private
def current_supporter
current_nonprofit.supporters.find(params[:supporter_id] || params[:id]) def current_supporter
end current_nonprofit.supporters.find(params[:supporter_id] || params[:id])
end end
end end
end

143
app/controllers/concerns/controllers/user/authorization.rb
View file

@ -3,81 +3,86 @@
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
module Controllers::User::Authorization module Controllers::User::Authorization
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do # rubocop:disable Metrics/BlockLength
helper_method :current_role?, :administered_nonprofit # rubocop:disable Layout/LineLength
private included do
def authenticate_user!(msg=nil, type= :html) helper_method :current_role?, :administered_nonprofit
reject_with_sign_in(msg, type) unless current_user
end
def reject_with_sign_in(msg=nil, type= :html) private
if type == :html
block_with_sign_in(msg)
else
render json: {message:msg}, status: :unauthorized
end
end
def block_with_sign_in(msg = nil) def authenticate_user!(msg = nil, type = :html)
store_location reject_with_sign_in(msg, type) unless current_user
if current_user end
flash[:notice] = "It looks like you're not allowed to access that page. If this seems like a mistake, please contact #{Houdini.support_email}"
redirect_to root_path
else
msg ||= 'We need to sign you in before you can do that.'
redirect_to new_user_session_path, flash: { error: msg }
end
end
def current_role?(role_names, host_id = nil) def reject_with_sign_in(msg = nil, type = :html)
return false unless current_user if type == :html
block_with_sign_in(msg)
else
render json: { message: msg }, status: :unauthorized
end
end
role_names = Array(role_names) def block_with_sign_in(msg = nil)
key = "current_role_user_#{current_user_id}_names_#{role_names.join('_')}_host_#{host_id}" store_location
QueryRoles.user_has_role?(current_user.id, role_names, host_id) if current_user
end flash[:notice] =
"It looks like you're not allowed to access that page. If this seems like a mistake, please contact #{Houdini.support_email}"
redirect_to root_path
else
msg ||= 'We need to sign you in before you can do that.'
redirect_to new_user_session_path, flash: { error: msg }
end
end
def authenticate_confirmed_user!(msg=nil, type= :html) def current_role?(role_names, host_id = nil)
if !current_user return false unless current_user
reject_with_sign_in(msg, type)
elsif !current_user.confirmed? && !current_role?(%i[super_associate super_admin])
if type == :html
redirect_to new_user_confirmation_path, flash: { error: 'You need to confirm your account to do that.' }
else
render json: {message:msg}, status: :unauthorized
end
end
end
def authenticate_super_associate!
unless current_role?(:super_admin) || current_role?(:super_associate)
reject_with_sign_in 'Please login.'
end
end
def authenticate_super_admin!
reject_with_sign_in 'Please login.' unless current_role?(:super_admin)
end
def store_location role_names = Array(role_names)
referrer = request.fullpath QueryRoles.user_has_role?(current_user.id, role_names, host_id)
no_redirects = ['/users', '/signup', '/signin', '/users/sign_in', '/users/sign_up', '/users/password', '/users/sign_out', /.*\.json.*/, %r{.*auth/facebook.*}] end
unless request.format.symbol == :json || no_redirects.map { |p| referrer.match(p) }.any?
session[:previous_url] = referrer
end
end
def administered_nonprofit def authenticate_confirmed_user!(msg = nil, type = :html)
return nil unless current_user if !current_user
reject_with_sign_in(msg, type)
key = "administered_nonprofit_user_#{current_user_id}_nonprofit" elsif !current_user.confirmed? && !current_role?(%i[super_associate super_admin])
::Nonprofit.where(id: QueryRoles.host_ids(current_user_id, %i[nonprofit_admin nonprofit_associate])).last if type == :html
end redirect_to new_user_confirmation_path, flash: { error: 'You need to confirm your account to do that.' }
else
render json: { message: msg }, status: :unauthorized
end
end
end
def current_user_id def authenticate_super_associate!
current_user&.id reject_with_sign_in 'Please login.' unless current_role?(:super_admin) || current_role?(:super_associate)
end end
end
end def authenticate_super_admin!
reject_with_sign_in 'Please login.' unless current_role?(:super_admin)
end
def store_location
referrer = request.fullpath
no_redirects = ['/users', '/signup', '/signin', '/users/sign_in', '/users/sign_up', '/users/password',
'/users/sign_out', /.*\.json.*/, %r{.*auth/facebook.*}]
return if request.format.symbol == :json || no_redirects.map { |p| referrer.match(p) }.any?
session[:previous_url] = referrer
end
def administered_nonprofit
return nil unless current_user
::Nonprofit.where(id: QueryRoles.host_ids(current_user_id, %i[nonprofit_admin nonprofit_associate])).last
end
def current_user_id
current_user&.id
end
end
end
# rubocop:enable all

44
spec/controllers/concerns/supporter/current_spec.rb
View file

@ -1,47 +1,47 @@
#frozen_string_literal: true # frozen_string_literal: true
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
require 'rails_helper' require 'rails_helper'
describe 'Controllers::Supporter::Current', type: :controller do describe 'Controllers::Supporter::Current', type: :controller do
let(:nonprofit) { force_create(:nm_justice)} let(:nonprofit) { force_create(:nm_justice) }
let(:supporter) { force_create(:supporter)} let(:supporter) { force_create(:supporter) }
class TestController < ApplicationController controller(ApplicationController) do
include Controllers::User::Authorization include Controllers::User::Authorization
include Controllers::Supporter::Current include Controllers::Supporter::Current
end
controller(TestController) do
def index def index
render json: { render json: {
supporter: "supporters: #{current_supporter.id}", supporter: "supporters: #{current_supporter.id}",
nonprofit: "nonprofit: #{current_nonprofit.id}" nonprofit: "nonprofit: #{current_nonprofit.id}"
} }
end end
end end
it 'handles situations where we use id' do it 'handles situations where we use id' do
nonprofit nonprofit
supporter supporter
get :index, params: {nonprofit_id: nonprofit.id, id: supporter.id} get :index, params: { nonprofit_id: nonprofit.id, id: supporter.id }
expect(JSON::parse(response.body)).to eq({ expect(JSON.parse(response.body)).to eq(
'supporter' => "supporters: #{supporter.id}", {
'nonprofit' => "nonprofit: #{nonprofit.id}" 'supporter' => "supporters: #{supporter.id}",
}) 'nonprofit' => "nonprofit: #{nonprofit.id}"
}
)
end end
it 'handles situations where we use supporter_id' do it 'handles situations where we use supporter_id' do
nonprofit nonprofit
supporter supporter
get :index, params: {nonprofit_id: nonprofit.id, supporter_id: supporter.id, id: 1} get :index, params: { nonprofit_id: nonprofit.id, supporter_id: supporter.id, id: 1 }
expect(JSON::parse(response.body)).to eq({ expect(JSON.parse(response.body)).to eq(
'supporter' => "supporters: #{supporter.id}", {
'nonprofit' => "nonprofit: #{nonprofit.id}" 'supporter' => "supporters: #{supporter.id}",
}) 'nonprofit' => "nonprofit: #{nonprofit.id}"
}
)
end end
end end