Release 2726
Trello card
Context
We are shifting the responsibility for managing roles/permissions to schools from DfE sign in to the application. Currently if a user wants access to a school they need to setup an account for the school/organisation in DfE sign in and then request access to the School Experience service. This is unintuitive for users and causes many to drop out/not get access to the service.
Instead, we will use ID-only access via DfE sign in so that the user only needs to be part of the correct organisation and then we will manage permissions to sign in to the school on School Experience from within the app.
The first step along this route is to setup a User model so that we can manage roles/permissions (currently a user is a hash wrapped on an OpenId UserInfo object).
Changes proposed in this pull request
- Add user model
Going forward we are going to be managing roles/permissions in the application instead of via DfE sign in. As most role libraries expect a User model it makes sense to add one, wrapping the DfE sign in user.
A convenience method to exchange a DfE sign in user for a User model is provided (creating a new record if a matching one does not yet exist).
- Wrap current_user with User model
It makes sense to use the User model when referencing a user within the application; this way we will be able to more easily query roles/permissions by doing so on current_user.
- Update dfe-analytics to remove UserDecorator
The latest version of dfe-analytics allows you to specify the id attribute of the current_user. We had to use a decorator previously to map the default id attribute to sub, which is the subscription ID we use from DfE sign in as a unique identifier.
Guidance to review
The plan is to use the Rolify gem to manage roles/permissions going forward; we only need basic access control and it seems to fit the bill well.