Delete a organization + organization policy #368
Conversation
app/policies/organization_policy.rb
Outdated
| end | ||
|
|
||
| def show? | ||
| user&.superadmin? || user&.active?(organization) |
There was a problem hiding this comment.
Just for me to understand, when do we have a user here and when not?
There was a problem hiding this comment.
Pundit uses the following to setup the user variable:
timeoverflow/app/controllers/application_controller.rb
Lines 73 to 79 in b31466a
Sometimes there is no current_user, so we should check its presence at least in controllers (like OrganizationsController) that don't use before_action :authenticate_user!.
| @@ -27,20 +27,16 @@ | |||
| <td><%= link_to org.name, org %></td> | |||
| <td><%= org.users.count %></td> | |||
| <td class="hover-actions"> | |||
| <% if current_user.admins?(org) %> | |||
| <% if current_user&.admins?(org) %> | |||
There was a problem hiding this comment.
I have the same question here
There was a problem hiding this comment.
Similar to previous comment, this controller doesn't require authentication at this point, so now you can visit the /organizations page without a crash.
|
|
||
| get 'show', id: organization.id | ||
| expect(response.body).to include( | ||
| "<a href=\"/transfers/new?destination_account_id=#{organization.account.id}&id=#{organization.id}\">" |
There was a problem hiding this comment.
IMO views specs are better suited for this. We started doing it like this and when we started feeling the pain we switched to views specs.
There was a problem hiding this comment.
Totally agree! view specs are a better option to test those kind of things
|
@sauloperez @sseerrggii ready for review 👀 Let me know, especially, what do you think about this organization policy:
|
markets
changed the title
| <% end %> | ||
| </td> | ||
| </tr> | ||
| <% end %> | ||
| </tbody> | ||
| </table> | ||
|
|
||
| <%= paginate @organizations %> |
There was a problem hiding this comment.
are we showing all organizations now??
There was a problem hiding this comment.
unfortunately yes, without pagination 🙊
|
https://www.timeoverflow.org/organizations/3 Note: in this view when you are a member of this organitzation you can see also the account (balance, transfers) of the organization |
|
Ok @sseerrggii I'll change policy for |
|
@sseerrggii @sauloperez changes done and PR description updated. |
|
@markets testing in https://staging.timeoverflow.org I tryed to delete a org as superadmin, but I got a |
|
thanks @enricostano! I'll take a look this night, as per your
|
|
@markets yep, it's recent code, but it's already in your branch: Sorry if the issue I detected is not related with your PR, maybe it's already broken in EDIT: I added more details in the issue #359 (comment) |
…359, removes all organization memberships and activity when destroying an org instance - introduce OrganizationPolicy to properly define an access control strategy for Organizations
This policy inherits from the ApplicationPolicy class this behaviour:
def new?
create?
end
| @@ -3,6 +3,7 @@ class Member < ActiveRecord::Base | |||
| belongs_to :organization | |||
| has_one :account, as: :accountable | |||
| has_many :movements, through: :account | |||
| has_many :events, dependent: :destroy | |||
There was a problem hiding this comment.
Would you mind to add this kind of change to the model tests also? Thanks 😍
e.g. https://github.com/coopdevs/timeoverflow/blob/develop/spec/models/member_spec.rb#L8
- added some missing Relations specs - remove a couple of unused Relations
|
@enricostano I pushed one commit with more Relation specs and also the |
|
Thanks @markets, we'll test this (and your other PRs 😬 ) ASAP, we're a bit overwhelmed right now :( Sorry for the long wait. |
|
@markets could you please rebase from the most recent Thanks! And sorry again for the long wait... |
|
No prob @enricostano 👍 rebased from latest develop (and updated Pundit again, they released the v2 some days ago)! Lot of merges today 👏 👌 |
…d in controllers/views are never called)
|
Deployed on https://staging.timeoverflow.org cc/ @sseerrggii |
|
Works fine for me. |
|
good catch @sseerrggii, I'll send a patch later! |
|
@sseerrggii @enricostano fixed here 👉 14fe6bc |
|
Hey @markets thanks for looking into it, after delete Organization that is my current organization is doing something diferent but the session still doing strange things... look, this is just after deletion. I need to remove the cookie to fix it |
|
So as deleting users and deleting orgs mostly works, I merge this and then we open a new PR to fix that case. |
|
@sauloperez @sseerrggii definitive fix (I hope) #432 |
Closes #359
Closes #424
Changes:
dependent: :destroyto properly delete all organization's activity and traces when destroying an instanceindexpublicshowpublicnew/createsuperadminsedit/updatesuperadmins or organization admin0.3.0=>1.1.0=>2.0.0)