From de00e7169dde30959999e8dd601c5fddf6dc625e Mon Sep 17 00:00:00 2001 From: Janell-Huyck Date: Tue, 23 Apr 2024 14:19:18 -0400 Subject: [PATCH 1/3] Disallow standard users access to reports and activity pages --- app/models/ability.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/ability.rb b/app/models/ability.rb index df64cd91..3b647455 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -40,7 +40,7 @@ def initialize(user) can :manage, :all when 'standard' can :view_pdfs, ConservationRecord - can :crud, [ConservationRecord, ExternalRepairRecord, InHouseRepairRecord, ConTechRecord, StaffCode, CostReturnReport, Report, :activity] + can :crud, [ConservationRecord, ExternalRepairRecord, InHouseRepairRecord, ConTechRecord, StaffCode, CostReturnReport] when 'read_only' can :view_pdfs, ConservationRecord can :read, ConservationRecord From 7bd0853c226f3d6dd7907693f0e38798c4f5b3bd Mon Sep 17 00:00:00 2001 From: Janell-Huyck Date: Tue, 23 Apr 2024 14:51:58 -0400 Subject: [PATCH 2/3] Fix broken tests --- spec/controllers/reports_controller_spec.rb | 2 +- spec/models/ability_spec.rb | 12 ++++++------ .../conservation_records/index.html.erb_spec.rb | 14 ++++++++++---- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/spec/controllers/reports_controller_spec.rb b/spec/controllers/reports_controller_spec.rb index dbdfd5e0..6fa44a08 100644 --- a/spec/controllers/reports_controller_spec.rb +++ b/spec/controllers/reports_controller_spec.rb @@ -8,7 +8,7 @@ before do ActiveJob::Base.queue_adapter = :test - user = create(:user, role: 'standard') + user = create(:user, role: 'admin') sign_in(user) end diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb index 45cae606..3e3171e0 100644 --- a/spec/models/ability_spec.rb +++ b/spec/models/ability_spec.rb @@ -73,13 +73,13 @@ it { is_expected.to be_able_to(:update, ConTechRecord.new) } it { is_expected.to be_able_to(:destroy, ConTechRecord.new) } - it { is_expected.to be_able_to(:index, Report.new) } - it { is_expected.to be_able_to(:create, Report.new) } - it { is_expected.to be_able_to(:read, Report.new) } - it { is_expected.to be_able_to(:destroy, Report.new) } + it { is_expected.not_to be_able_to(:index, Report.new) } + it { is_expected.not_to be_able_to(:create, Report.new) } + it { is_expected.not_to be_able_to(:read, Report.new) } + it { is_expected.not_to be_able_to(:destroy, Report.new) } - it { is_expected.to be_able_to(:index, :activity) } - it { is_expected.to be_able_to(:show, :activity) } + it { is_expected.not_to be_able_to(:index, :activity) } + it { is_expected.not_to be_able_to(:show, :activity) } end context 'when is a read_only user' do diff --git a/spec/views/conservation_records/index.html.erb_spec.rb b/spec/views/conservation_records/index.html.erb_spec.rb index efd5f9ec..81afb145 100644 --- a/spec/views/conservation_records/index.html.erb_spec.rb +++ b/spec/views/conservation_records/index.html.erb_spec.rb @@ -27,10 +27,12 @@ item_record_number: 'Item Record Number', digitization: false ) + ids = [@conservation_record1.id, @conservation_record2.id] + relation = ConservationRecord.where(id: ids) + @pagy, @conservation_records = pagy(relation, items: 100) end it 'renders a list of conservation_records' do - @pagy, @conservation_records = pagy(ConservationRecord.all, items: 100) render assert_select 'td', text: @conservation_record1.id.to_s, count: 1 assert_select 'td', text: @conservation_record2.id.to_s, count: 1 @@ -46,14 +48,18 @@ @user = create(:user, role: 'read_only') @request.env['devise.mapping'] = Devise.mappings[:user] sign_in @user - @pagy, @conservation_records = pagy(ConservationRecord.all, items: 100) render expect(rendered).not_to have_button('New Conservation Record') end it 'displays a pagination widget' do - @pagy, @conservation_records = pagy(ConservationRecord.all, items: 100) + # Only 2 records, so the pagy widget should be disabled render - expect(rendered).to have_text('<1>') + expect(rendered).to have_css('nav.pagy-bootstrap-nav') + expect(rendered).to have_css('li.page-item.prev.disabled') + expect(rendered).to have_css('li.page-item.next.disabled') + expect(rendered).to have_css('a[aria-label="Previous"]', text: '<') + expect(rendered).to have_css('a[aria-label="Next"]', text: '>') end + end From 57eba9bb85c07f1a5e8912f3b37fb9c8b52aabd3 Mon Sep 17 00:00:00 2001 From: Janell-Huyck Date: Tue, 23 Apr 2024 14:52:23 -0400 Subject: [PATCH 3/3] Rubocop --- lib/tasks/export.rake | 12 ++++-------- .../conservation_records/index.html.erb_spec.rb | 1 - 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/lib/tasks/export.rake b/lib/tasks/export.rake index 11389d7b..17f65657 100644 --- a/lib/tasks/export.rake +++ b/lib/tasks/export.rake @@ -19,8 +19,6 @@ namespace :export do end # set headers for repeat fields - err_csv = [] - def err_headings(ordinal) ["External Repair Record id #{ordinal + 1}", "External Repair repair_type #{ordinal + 1}", @@ -30,12 +28,10 @@ namespace :export do "External Repair other_note #{ordinal + 1}"] end - err.max.times.each do |ordinal| - err_csv.push err_headings(ordinal) + err_csv = err.max.times.map do |ordinal| + err_headings(ordinal) end - ihrr_csv = [] - def ihrr_headings(ordinal) ["In House Repair performed_by_user_id #{ordinal + 1}", "In House Repair minutes_spent #{ordinal + 1}", @@ -45,8 +41,8 @@ namespace :export do "In House Repair staff_code #{ordinal + 1}"] end - ihrr.max.times.each do |ordinal| - ihrr_csv.push ihrr_headings(ordinal) + ihrr_csv = ihrr.max.times.map do |ordinal| + ihrr_headings(ordinal) end staff_csv = [] diff --git a/spec/views/conservation_records/index.html.erb_spec.rb b/spec/views/conservation_records/index.html.erb_spec.rb index 81afb145..0e6dadb7 100644 --- a/spec/views/conservation_records/index.html.erb_spec.rb +++ b/spec/views/conservation_records/index.html.erb_spec.rb @@ -61,5 +61,4 @@ expect(rendered).to have_css('a[aria-label="Previous"]', text: '<') expect(rendered).to have_css('a[aria-label="Next"]', text: '>') end - end