New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Delete a organization + organization policy #368
Conversation
app/policies/organization_policy.rb
Outdated
end | ||
|
||
def show? | ||
user&.superadmin? || user&.active?(organization) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just for me to understand, when do we have a user
here and when not?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pundit uses the following to setup the user
variable:
timeoverflow/app/controllers/application_controller.rb
Lines 73 to 79 in b31466a
def current_member | |
@current_member ||= current_user.as_member_of(current_organization) if current_user | |
end | |
def pundit_user | |
current_member | |
end |
Sometimes there is no current_user
, so we should check its presence at least in controllers (like OrganizationsController
) that don't use before_action :authenticate_user!
.
@@ -27,20 +27,16 @@ | |||
<td><%= link_to org.name, org %></td> | |||
<td><%= org.users.count %></td> | |||
<td class="hover-actions"> | |||
<% if current_user.admins?(org) %> | |||
<% if current_user&.admins?(org) %> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have the same question here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to previous comment, this controller doesn't require authentication at this point, so now you can visit the /organizations
page without a crash.
|
||
get 'show', id: organization.id | ||
expect(response.body).to include( | ||
"<a href=\"/transfers/new?destination_account_id=#{organization.account.id}&id=#{organization.id}\">" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO views specs are better suited for this. We started doing it like this and when we started feeling the pain we switched to views specs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Totally agree! view specs are a better option to test those kind of things
@sauloperez @sseerrggii ready for review 👀 Let me know, especially, what do you think about this organization policy:
|
<% end %> | ||
</td> | ||
</tr> | ||
<% end %> | ||
</tbody> | ||
</table> | ||
|
||
<%= paginate @organizations %> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are we showing all organizations now??
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unfortunately yes, without pagination 🙊
https://www.timeoverflow.org/organizations/3 Note: in this view when you are a member of this organitzation you can see also the account (balance, transfers) of the organization |
Ok @sseerrggii I'll change policy for |
@sseerrggii @sauloperez changes done and PR description updated. |
@markets testing in https://staging.timeoverflow.org I tryed to delete a org as superadmin, but I got a |
thanks @enricostano! I'll take a look this night, as per your
|
@markets yep, it's recent code, but it's already in your branch: Sorry if the issue I detected is not related with your PR, maybe it's already broken in EDIT: I added more details in the issue #359 (comment) |
…359, removes all organization memberships and activity when destroying an org instance - introduce OrganizationPolicy to properly define an access control strategy for Organizations
This policy inherits from the ApplicationPolicy class this behaviour: def new? create? end
@@ -3,6 +3,7 @@ class Member < ActiveRecord::Base | |||
belongs_to :organization | |||
has_one :account, as: :accountable | |||
has_many :movements, through: :account | |||
has_many :events, dependent: :destroy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you mind to add this kind of change to the model tests also? Thanks 😍
e.g. https://github.com/coopdevs/timeoverflow/blob/develop/spec/models/member_spec.rb#L8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👉 7f6a087
- added some missing Relations specs - remove a couple of unused Relations
@enricostano I pushed one commit with more Relation specs and also the |
Thanks @markets, we'll test this (and your other PRs 😬 ) ASAP, we're a bit overwhelmed right now :( Sorry for the long wait. |
@markets could you please rebase from the most recent Thanks! And sorry again for the long wait... |
No prob @enricostano 👍 rebased from latest develop (and updated Pundit again, they released the v2 some days ago)! Lot of merges today 👏 👌 |
…d in controllers/views are never called)
Deployed on https://staging.timeoverflow.org cc/ @sseerrggii |
Works fine for me. |
good catch @sseerrggii, I'll send a patch later! |
@sseerrggii @enricostano fixed here 👉 14fe6bc |
Hey @markets thanks for looking into it, after delete Organization that is my current organization is doing something diferent but the session still doing strange things... look, this is just after deletion. |
So as deleting users and deleting orgs mostly works, I merge this and then we open a new PR to fix that case. |
@sauloperez @sseerrggii definitive fix (I hope) #432 |
Closes #359
Closes #424
Changes:
dependent: :destroy
to properly delete all organization's activity and traces when destroying an instanceindex
publicshow
publicnew
/create
superadminsedit
/update
superadmins or organization admin0.3.0
=>1.1.0
=>2.0.0
)