ANW-799 allow users with admin privs access to system_information page

archivesspace · Apr 16, 2024 · 00bc6a7 · 00bc6a7
1 parent 35c3f06
commit 00bc6a7
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 4 deletions.
diff --git a/common/config/config-defaults.rb b/common/config/config-defaults.rb
@@ -756,3 +756,8 @@
 # Password recovery - requires email configuration
 # See example email configuration above
 AppConfig[:allow_password_reset] = false
+
+# Allow users with the 'administer_system' role to view the system_info route (e.g., FRONTEND_BASE_URL/system_info)
+# By default, this route is only accessible to the 'admin' user, and no other admins.
+
+AppConfig[:allow_other_admins_access_to_system_info] = false
diff --git a/frontend/app/controllers/application_controller.rb b/frontend/app/controllers/application_controller.rb
@@ -253,7 +253,11 @@ def find_opts
   end
 
   def user_is_global_admin?
-    session['user'] and session['user'] == "admin"
+    if AppConfig[:allow_other_admins_access_to_system_info]
+      session['user'] and user_can? 'administer_system'
+    else
+      session['user'] and session['user'] == "admin"
+    end
   end
 
 

diff --git a/frontend/spec/features/system_information_spec.rb b/frontend/spec/features/system_information_spec.rb
@@ -8,7 +8,7 @@
   let!(:repository) { create(:repo, repo_code: "system_information_#{Time.now.to_i}") }
   let(:archivist_user) { create_user(repository => ['repository-archivists']) }
 
-  it 'should not let any old fool see this' do
+  it 'should not let an archivist user see this' do
     login_user(archivist_user)
     select_repository(repository)
 
@@ -17,8 +17,8 @@
 
     visit '/system_info'
 
-    expect(page).to have_text 'Unable to Access Page'
-    expect(page).to have_text "The page you've tried to access may no longer exist or you may not have permission to view it."
+    element = find('.alert.alert-danger.with-hide-alert')
+    expect(element.text).to eq "Unable to Access Page\nThe page you've tried to access may no longer exist or you may not have permission to view it."
   end
 
   it 'should let the admin see this' do
@@ -34,4 +34,77 @@
     expect(page).to have_text 'MEMORY'
     expect(page).to have_text 'CPU_COUNT'
   end
+
+  it 'should not let a user with administer_system perrmissions see this if allow_other_admins_access_to_system_info is set to false' do
+    AppConfig[:allow_other_admins_access_to_system_info] = false
+
+    user_with_administer_system = create_user(repository => ['repository-archivists'])
+
+    login_user(admin_user)
+    select_repository(repository)
+
+    click_on 'System'
+    click_on 'Manage Users'
+
+    element = find('tr', text: user_with_administer_system.username)
+    within element do
+      click_on 'Edit'
+    end
+
+    expect(page).to have_text 'Edit Account'
+    find('#user_is_admin_').click
+    find('button', text: 'Update Account', match: :first).click
+
+    element = find('.alert.alert-success.with-hide-alert')
+    expect(element.text).to eq 'User Saved'
+
+    visit 'logout'
+
+    login_user(user_with_administer_system)
+    select_repository(repository)
+
+    click_on 'System'
+    click_on 'System Information'
+
+    element = find('.alert.alert-danger.with-hide-alert')
+    expect(element.text).to eq "Unable to Access Page\nThe page you've tried to access may no longer exist or you may not have permission to view it."
+  end
+
+  it 'should let a user with administer_system perrmissions see this if allow_other_admins_access_to_system_info is set to true' do
+    AppConfig[:allow_other_admins_access_to_system_info] = true
+
+    user_with_administer_system = create_user(repository => ['repository-archivists'])
+
+    login_user(admin_user)
+    select_repository(repository)
+
+    click_on 'System'
+    click_on 'Manage Users'
+
+    element = find('tr', text: user_with_administer_system.username)
+    within element do
+      click_on 'Edit'
+    end
+
+    expect(page).to have_text 'Edit Account'
+    find('#user_is_admin_').click
+    find('button', text: 'Update Account', match: :first).click
+
+    element = find('.alert.alert-success.with-hide-alert')
+    expect(element.text).to eq 'User Saved'
+
+    visit 'logout'
+
+    login_user(user_with_administer_system)
+    select_repository(repository)
+
+    click_on 'System'
+    click_on 'System Information'
+
+    expect(page).to have_text 'Frontend System Information'
+    expect(page).to have_text 'VERSION'
+    expect(page).to have_text 'APPCONFIG'
+    expect(page).to have_text 'MEMORY'
+    expect(page).to have_text 'CPU_COUNT'
+  end
 end