diff --git a/decidim-admin/app/controllers/concerns/decidim/admin/needs_admin_tos_accepted.rb b/decidim-admin/app/controllers/concerns/decidim/admin/needs_admin_tos_accepted.rb new file mode 100644 index 000000000000..cd68c7f0e129 --- /dev/null +++ b/decidim-admin/app/controllers/concerns/decidim/admin/needs_admin_tos_accepted.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +module Decidim + module Admin + # Shared behaviour for signed_in admins that require the latest TOS accepted + module NeedsAdminTosAccepted + extend ActiveSupport::Concern + + included do + before_action :tos_accepted_by_admin + end + + private + + def tos_accepted_by_admin + return unless request.format.html? + return unless current_user + return if current_user.admin_terms_accepted? + return if permitted_paths? + + store_location_for( + current_user, + request.path + ) + redirect_to admin_tos_path + end + + def permitted_paths? + # ensure that path with or without query string pass + permitted_paths.find { |el| el.split("?").first == request.path } + end + + def permitted_paths + [admin_tos_path, decidim_admin.admin_terms_accept_path] + end + + def admin_tos_path + decidim_admin.admin_terms_show_path + end + end + end +end diff --git a/decidim-admin/app/controllers/decidim/admin/admin_terms_controller.rb b/decidim-admin/app/controllers/decidim/admin/admin_terms_controller.rb index c2316e8cb278..b3f19136e52b 100644 --- a/decidim-admin/app/controllers/decidim/admin/admin_terms_controller.rb +++ b/decidim-admin/app/controllers/decidim/admin/admin_terms_controller.rb @@ -9,7 +9,7 @@ def accept current_user.admin_terms_accepted_at = Time.current if current_user.save! flash[:notice] = t("accept.success", scope: "decidim.admin.admin_terms_of_use") - redirect_to decidim_admin.root_path + redirect_to stored_location_for(current_user) || decidim_admin.root_path else flash[:alert] = t("accept.error", scope: "decidim.admin.admin_terms_of_use") redirect_to decidim_admin.admin_terms_show_path diff --git a/decidim-admin/app/controllers/decidim/admin/application_controller.rb b/decidim-admin/app/controllers/decidim/admin/application_controller.rb index 1863ac08fae5..120edcd9bcf9 100644 --- a/decidim-admin/app/controllers/decidim/admin/application_controller.rb +++ b/decidim-admin/app/controllers/decidim/admin/application_controller.rb @@ -7,6 +7,7 @@ class ApplicationController < ::DecidimController include NeedsOrganization include NeedsPermission include NeedsSnippets + include NeedsAdminTosAccepted include FormFactory include LocaleSwitcher include UseOrganizationTimeZone diff --git a/decidim-admin/lib/decidim/admin/test.rb b/decidim-admin/lib/decidim/admin/test.rb index 987c70361a37..5f9bdd4bd5f0 100644 --- a/decidim-admin/lib/decidim/admin/test.rb +++ b/decidim-admin/lib/decidim/admin/test.rb @@ -9,3 +9,4 @@ require "decidim/admin/test/filterable_examples" require "decidim/admin/test/filters_participatory_space_users_examples" require "decidim/admin/test/filters_participatory_space_user_roles_examples" +require "decidim/admin/test/needs_admin_tos_accepted_examples" diff --git a/decidim-admin/lib/decidim/admin/test/needs_admin_tos_accepted_examples.rb b/decidim-admin/lib/decidim/admin/test/needs_admin_tos_accepted_examples.rb new file mode 100644 index 000000000000..b3a420162256 --- /dev/null +++ b/decidim-admin/lib/decidim/admin/test/needs_admin_tos_accepted_examples.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +shared_examples_for "needs admin TOS accepted" do + context "when the user has not accepted the admin TOS" do + it "shows a message to accept the admin TOS" do + expect(page).to have_content("Please take a moment to review Admin Terms of Use") + end + end +end diff --git a/decidim-admin/spec/controllers/concerns/needs_admin_tos_accepted_spec.rb b/decidim-admin/spec/controllers/concerns/needs_admin_tos_accepted_spec.rb new file mode 100644 index 000000000000..5cf66e950b38 --- /dev/null +++ b/decidim-admin/spec/controllers/concerns/needs_admin_tos_accepted_spec.rb @@ -0,0 +1,120 @@ +# frozen_string_literal: true + +require "spec_helper" + +module Decidim + module Admin + describe "NeedsAdminTosAccepted", type: :controller do + let!(:organization) { create(:organization) } + + controller do + include NeedsAdminTosAccepted + + def root + render plain: "Root page" + end + + def admin_tos + render plain: "Admin TOS page" + end + + def another + render plain: "Another page" + end + + private + + def permitted_paths + ["/root", "/admin_tos"] + end + + def admin_tos_path + "/admin_tos" + end + end + + before do + routes.draw do + get "root" => "anonymous#root" + get "another" => "anonymous#another" + get "admin_tos" => "anonymous#admin_tos" + end + + request.env["decidim.current_organization"] = organization + sign_in user, scope: :user + end + + shared_examples "needs admins' TOS acceptance to access other pages" do + it "allows accessing the root page" do + get :root + + expect(response.body).to have_text("Root page") + end + + it "allows accessing the TOS page" do + get :admin_tos + + expect(response.body).to have_text("Admin TOS page") + end + + it "does not allow accessing another page" do + get :another + + expect(response).to redirect_to("/admin_tos") + expect(response.body).to have_text("You are being redirected") + expect(session[:user_return_to]).to eq("/another") + end + end + + shared_examples "allows accessing all the pages" do + it "allows accessing the root page" do + get :root + + expect(response.body).to have_text("Root page") + end + + it "allows accessing the TOS page" do + get :admin_tos + + expect(response.body).to have_text("Admin TOS page") + end + + it "allows accessing another page" do + get :another + + expect(response.body).to have_text("Another page") + end + end + + context "when the user is an admin" do + context "and has not accepted the TOS" do + let(:user) { create(:user, :admin, :confirmed, admin_terms_accepted_at: nil, organization: organization) } + + it_behaves_like "needs admins' TOS acceptance to access other pages" + end + + context "and has accepted the TOS" do + let(:user) { create(:user, :admin, :confirmed) } + + it_behaves_like "allows accessing all the pages" + end + end + + context "when the user has another role with access to admin panel" do + let(:participatory_process) { create(:participatory_process, organization: organization) } + + context "and has not accepted the TOS" do + let(:user) { create(:process_moderator, confirmed_at: Time.current, admin_terms_accepted_at: nil, participatory_process: participatory_process) } + + it_behaves_like "needs admins' TOS acceptance to access other pages" + end + + context "and has accepted the TOS" do + let(:user) { create(:process_moderator, confirmed_at: Time.current, participatory_process: participatory_process) } + + it_behaves_like "allows accessing all the pages" + end + end + end + end +end diff --git a/decidim-admin/spec/system/admin_invite_spec.rb b/decidim-admin/spec/system/admin_invite_spec.rb index 7ac45f63e04d..bfe928b431df 100644 --- a/decidim-admin/spec/system/admin_invite_spec.rb +++ b/decidim-admin/spec/system/admin_invite_spec.rb @@ -55,7 +55,7 @@ end expect(page).to have_content("Dashboard") - expect(page).to have_current_path "/admin/" + expect(page).to have_current_path "/admin/admin_terms/show" end end end diff --git a/decidim-admin/spec/system/admin_tos_acceptance_spec.rb b/decidim-admin/spec/system/admin_tos_acceptance_spec.rb index e0760e7549a0..0ecc66b943b5 100644 --- a/decidim-admin/spec/system/admin_tos_acceptance_spec.rb +++ b/decidim-admin/spec/system/admin_tos_acceptance_spec.rb @@ -5,6 +5,7 @@ describe "AdminTosAcceptance", type: :system do let(:organization) { create(:organization) } let(:user) { create(:user, :admin, :confirmed, admin_terms_accepted_at: nil, organization: organization) } + let(:review_message) { "Please take a moment to review Admin Terms of Use. Otherwise you won't be able to manage the platform" } before do switch_to_host(organization.host) @@ -15,18 +16,18 @@ login_as user, scope: :user end - context "when they visit the dashbaord" do + context "when they visit the dashboard" do before do visit decidim_admin.root_path end it "has a message that they need to accept the admin TOS" do - expect(page).to have_content("Please take a moment to review Admin Terms of Use. Otherwise you won't be able to manage the platform") + expect(page).to have_content(review_message) end it "has only the Dashboard menu item in the main navigation" do within ".main-nav" do - expect(page).to have_text("Dashboard") + expect(page).to have_content("Dashboard") expect(page).to have_selector("li a", count: 1) end end @@ -37,9 +38,49 @@ visit decidim_admin.newsletters_path end - it "says that you're not authorized" do - within ".callout.alert" do - expect(page).to have_text("You are not authorized to perform this action") + it "has a message that they need to accept the admin TOS" do + expect(page).to have_content(review_message) + end + end + + context "when they visit other admin pages from other engines" do + before do + visit decidim_admin_participatory_processes.participatory_processes_path + end + + it "has a message that they need to accept the admin TOS" do + expect(page).to have_content(review_message) + end + + it "allows accepting and redirects to the previous page" do + click_button "I agree with the terms" + expect(page).to have_content("New process") + expect(page).to have_content("Process groups") + end + + context "with a long list of URL parameters" do + let(:long_parameters) do + # This should generate a string of at least 4 KB in length which is + # the cookie session store's maximum cookie size due to browser + # limitations. Each parameter here is in the form of "paramxx=aaa", + # where "paramxx" is the parameter name and "aaa" is the value. The + # total length of each parameter is therefore 6 + 2 + 100 characters + # = 108 bytes. Cookie overflow should therefore happen at latest + # around 38 of these parameters concenated together. + 50.times.map do |i| + "param#{i.to_s.rjust(2, "0")}=#{SecureRandom.alphanumeric(100)}" + end.join("&") + end + + it "responds to requests containing very long URL parameters" do + # Calling any URL in Decidim with long parameters should not store + # the parameters in the user_return_to cookie in order to avoid + # ActionDispatch::Cookies::CookieOverflow exception + visit "#{decidim_admin_participatory_processes.participatory_processes_path}?#{long_parameters}" + expect(page).to have_content(review_message) + click_button "I agree with the terms" + expect(page).to have_content("New process") + expect(page).to have_content("Process groups") end end end @@ -55,15 +96,15 @@ it "allows accepting the terms" do click_button "I agree with the terms" - expect(page).to have_text("Activity") - expect(page).to have_text("Metrics") + expect(page).to have_content("Activity") + expect(page).to have_content("Metrics") within ".main-nav" do - expect(page).to have_text("Dashboard") - expect(page).to have_text("Newsletters") - expect(page).to have_text("Participants") - expect(page).to have_text("Settings") - expect(page).to have_text("Admin activity log") + expect(page).to have_content("Dashboard") + expect(page).to have_content("Newsletters") + expect(page).to have_content("Participants") + expect(page).to have_content("Settings") + expect(page).to have_content("Admin activity log") end end end diff --git a/decidim-admin/spec/system/space_admin_manages_global_moderations_spec.rb b/decidim-admin/spec/system/space_admin_manages_global_moderations_spec.rb index a64cf261504f..57283325fa10 100644 --- a/decidim-admin/spec/system/space_admin_manages_global_moderations_spec.rb +++ b/decidim-admin/spec/system/space_admin_manages_global_moderations_spec.rb @@ -24,14 +24,13 @@ login_as user, scope: :user end - context "when the user didn't accepted the admin ToS" do + context "when the user has not accepted the admin TOS" do before do user.update(admin_terms_accepted_at: nil) visit decidim_admin.moderations_path end it "has a message that they need to accept the admin TOS" do - expect(page).to have_content("You are not authorized") expect(page).to have_content("Please take a moment to review Admin Terms of Use. Otherwise you won't be able to manage the platform") end @@ -47,10 +46,8 @@ visit decidim_admin.newsletters_path end - it "says that you're not authorized" do - within ".callout.alert" do - expect(page).to have_text("You are not authorized to perform this action") - end + it "says that you are not authorized" do + expect(page).to have_text("Please take a moment to review Admin Terms of Use") end end end diff --git a/decidim-admin/spec/system/space_moderator_manages_global_moderations_spec.rb b/decidim-admin/spec/system/space_moderator_manages_global_moderations_spec.rb index 676070fbf79c..576819e477ff 100644 --- a/decidim-admin/spec/system/space_moderator_manages_global_moderations_spec.rb +++ b/decidim-admin/spec/system/space_moderator_manages_global_moderations_spec.rb @@ -41,9 +41,7 @@ it "can't access to the Global moderations page" do visit decidim_admin.moderations_path - within ".callout.alert" do - expect(page).to have_text("You are not authorized to perform this action") - end + expect(page).to have_content("Please take a moment to review Admin Terms of Use") end end diff --git a/decidim-assemblies/spec/system/admin/valuator_checks_components_spec.rb b/decidim-assemblies/spec/system/admin/valuator_checks_components_spec.rb index 0789e0b71bd0..157b6c57a940 100644 --- a/decidim-assemblies/spec/system/admin/valuator_checks_components_spec.rb +++ b/decidim-assemblies/spec/system/admin/valuator_checks_components_spec.rb @@ -10,7 +10,8 @@ decidim_admin_assemblies.components_path(assembly) end let(:components_path) { participatory_space_path } - let!(:user) { create :user, :confirmed, organization: organization } + + let!(:user) { create :user, :confirmed, :admin_terms_accepted, admin: false, organization: organization } let!(:valuator_role) { create :assembly_user_role, role: :valuator, user: user, assembly: assembly } let(:another_component) { create :component, participatory_space: assembly } @@ -19,8 +20,6 @@ include_context "when administrating an assembly" before do - user.update(admin: false) - create :valuation_assignment, proposal: assigned_proposal, valuator_role: valuator_role switch_to_host(organization.host) @@ -28,6 +27,10 @@ visit components_path end + it_behaves_like "needs admin TOS accepted" do + let(:user) { create(:user, :confirmed, organization: organization) } + end + context "when listing the space components in the sidebar" do it "can only see the proposals component" do within ".layout-nav #components-list" do diff --git a/decidim-conferences/spec/system/admin/valuator_checks_components_spec.rb b/decidim-conferences/spec/system/admin/valuator_checks_components_spec.rb index 5c53cbb59802..95a1ebabc084 100644 --- a/decidim-conferences/spec/system/admin/valuator_checks_components_spec.rb +++ b/decidim-conferences/spec/system/admin/valuator_checks_components_spec.rb @@ -10,7 +10,8 @@ decidim_admin_conferences.components_path(conference) end let(:components_path) { participatory_space_path } - let!(:user) { create :user, :confirmed, organization: organization } + + let!(:user) { create :user, :confirmed, :admin_terms_accepted, organization: organization } let!(:valuator_role) { create :conference_user_role, role: :valuator, user: user, conference: conference } let(:another_component) { create :component, participatory_space: conference } @@ -19,8 +20,6 @@ include_context "when administrating a conference" before do - user.update(admin: false) - create :valuation_assignment, proposal: assigned_proposal, valuator_role: valuator_role switch_to_host(organization.host) @@ -28,6 +27,10 @@ visit components_path end + it_behaves_like "needs admin TOS accepted" do + let(:user) { create(:user, :confirmed, organization: organization) } + end + context "when listing the space components in the sidebar" do it "can only see the proposals component" do within ".layout-nav #components-list" do diff --git a/decidim-core/spec/models/decidim/user_spec.rb b/decidim-core/spec/models/decidim/user_spec.rb index 970b3e19e8b2..83bbb7aa8274 100644 --- a/decidim-core/spec/models/decidim/user_spec.rb +++ b/decidim-core/spec/models/decidim/user_spec.rb @@ -227,7 +227,7 @@ module Decidim it { is_expected.to be_truthy } - context "when user accepted ToS before organization last update" do + context "when user accepted TOS before organization last update" do let(:organization) { build(:organization, tos_version: Time.current) } let(:accepted_tos_version) { 1.year.before } @@ -241,7 +241,7 @@ module Decidim end end - context "when user didn't accepted ToS" do + context "when user has not accepted the TOS" do let(:accepted_tos_version) { nil } it { is_expected.to be_falsey } diff --git a/decidim-elections/spec/shared/monitoring_committee_member_manages_voting_examples.rb b/decidim-elections/spec/shared/monitoring_committee_member_manages_voting_examples.rb index 3f9daabb7cd5..8d60bd5edd91 100644 --- a/decidim-elections/spec/shared/monitoring_committee_member_manages_voting_examples.rb +++ b/decidim-elections/spec/shared/monitoring_committee_member_manages_voting_examples.rb @@ -2,7 +2,7 @@ shared_context "when monitoring committee member manages voting" do let(:organization) { create(:organization) } - let(:user) { create(:user, :confirmed, organization: organization) } + let(:user) { create(:user, :confirmed, :admin_terms_accepted, organization: organization) } let(:voting) { create(:voting, organization: organization) } let!(:monitoring_committee_member) { create(:monitoring_committee_member, user: user, voting: voting) } diff --git a/decidim-elections/spec/system/admin/monitoring_committee_member_manages_voting_results_spec.rb b/decidim-elections/spec/system/admin/monitoring_committee_member_manages_voting_results_spec.rb index fe9687b1438c..e12af712b8bc 100644 --- a/decidim-elections/spec/system/admin/monitoring_committee_member_manages_voting_results_spec.rb +++ b/decidim-elections/spec/system/admin/monitoring_committee_member_manages_voting_results_spec.rb @@ -15,6 +15,10 @@ visit decidim_admin_votings.edit_voting_path(voting) end + it_behaves_like "needs admin TOS accepted" do + let(:user) { create(:user, :confirmed, organization: organization) } + end + context "when there are more than one finished elections" do let!(:other_election) { create(:election, :complete, :published, :finished, component: elections_component) } diff --git a/decidim-elections/spec/system/admin/monitoring_committee_member_manages_votings_spec.rb b/decidim-elections/spec/system/admin/monitoring_committee_member_manages_votings_spec.rb index 4413c71dffe1..0e407bab527e 100644 --- a/decidim-elections/spec/system/admin/monitoring_committee_member_manages_votings_spec.rb +++ b/decidim-elections/spec/system/admin/monitoring_committee_member_manages_votings_spec.rb @@ -11,6 +11,18 @@ visit decidim_admin_votings.votings_path end + it_behaves_like "needs admin TOS accepted" do + let(:user) { create(:user, :confirmed, organization: organization) } + end + + context "when the user has not accepted the admin TOS" do + let(:user) { create(:user, :confirmed, organization: organization) } + + it "shows a message to accept the admin TOS" do + expect(page).to have_content("Please take a moment to review Admin Terms of Use") + end + end + describe "when listing votings" do let(:other_voting) { create(:voting, organization: organization) } diff --git a/decidim-elections/spec/system/admin/monitoring_committee_member_verifies_elections_spec.rb b/decidim-elections/spec/system/admin/monitoring_committee_member_verifies_elections_spec.rb index 17d79be0239e..ae63d15f180b 100644 --- a/decidim-elections/spec/system/admin/monitoring_committee_member_verifies_elections_spec.rb +++ b/decidim-elections/spec/system/admin/monitoring_committee_member_verifies_elections_spec.rb @@ -12,11 +12,16 @@ switch_to_host(organization.host) login_as user, scope: :user visit decidim_admin_votings.edit_voting_path(voting) - click_link "Verify Elections" + end + + it_behaves_like "needs admin TOS accepted" do + let(:user) { create(:user, :confirmed, organization: organization) } end context "when listing the elections" do it "lists all the polling stations for the voting" do + click_link "Verify Elections" + within "#monitoring_committee_verify_elections table" do expect(page).to have_content(translated(election.title)) expect(page).to have_link("Download", href: election.verifiable_results_file_url) diff --git a/decidim-initiatives/spec/controllers/decidim/initiatives/admin/committee_requests_controller_spec.rb b/decidim-initiatives/spec/controllers/decidim/initiatives/admin/committee_requests_controller_spec.rb index c646575a3e40..40101d94a17d 100644 --- a/decidim-initiatives/spec/controllers/decidim/initiatives/admin/committee_requests_controller_spec.rb +++ b/decidim-initiatives/spec/controllers/decidim/initiatives/admin/committee_requests_controller_spec.rb @@ -11,7 +11,7 @@ module Admin let(:organization) { create(:organization) } let(:initiative) { create(:initiative, :created, organization: organization) } let(:admin_user) { create(:user, :admin, :confirmed, organization: organization) } - let(:user) { create(:user, :confirmed, organization: organization) } + let(:user) { create(:user, :confirmed, :admin_terms_accepted, organization: organization) } before do request.env["decidim.current_organization"] = organization @@ -44,6 +44,7 @@ module Admin context "and author" do before do + initiative.author.update(admin_terms_accepted_at: Time.current) sign_in initiative.author, scope: :user end @@ -56,6 +57,7 @@ module Admin context "and committee members" do before do + initiative.committee_members.approved.first.user.update(admin_terms_accepted_at: Time.current) sign_in initiative.committee_members.approved.first.user, scope: :user end @@ -72,6 +74,7 @@ module Admin context "and Owner" do before do + initiative.author.update(admin_terms_accepted_at: Time.current) sign_in initiative.author, scope: :user end @@ -87,6 +90,7 @@ module Admin before do create(:authorization, user: user) + user.update(admin_terms_accepted_at: Time.current) sign_in user, scope: :user end @@ -115,6 +119,7 @@ module Admin context "and Owner" do before do + initiative.author.update(admin_terms_accepted_at: Time.current) sign_in initiative.author, scope: :user end @@ -130,6 +135,7 @@ module Admin before do create(:authorization, user: user) + user.update(admin_terms_accepted_at: Time.current) sign_in user, scope: :user end diff --git a/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_controller_spec.rb b/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_controller_spec.rb index f75166df8c0e..805140739edd 100644 --- a/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_controller_spec.rb +++ b/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_controller_spec.rb @@ -5,7 +5,7 @@ describe Decidim::Initiatives::Admin::InitiativesController, type: :controller do routes { Decidim::Initiatives::AdminEngine.routes } - let(:user) { create(:user, :confirmed, organization: organization) } + let(:user) { create(:user, :confirmed, :admin_terms_accepted, organization: organization) } let(:admin_user) { create(:user, :admin, :confirmed, organization: organization) } let(:organization) { create(:organization) } let!(:initiative) { create(:initiative, organization: organization) } @@ -13,6 +13,9 @@ before do request.env["decidim.current_organization"] = organization + initiative.author.update(admin_terms_accepted_at: Time.current) + initiative.committee_members.approved.first.user.update(admin_terms_accepted_at: Time.current) + created_initiative.author.update(admin_terms_accepted_at: Time.current) end context "when index" do @@ -314,6 +317,7 @@ let!(:discarded_initiative) { create(:initiative, :discarded, organization: organization) } before do + discarded_initiative.author.update(admin_terms_accepted_at: Time.current) sign_in discarded_initiative.author, scope: :user end diff --git a/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_type_scopes_controller_spec.rb b/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_type_scopes_controller_spec.rb index ad4cfa277ce7..0430aec46ecc 100644 --- a/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_type_scopes_controller_spec.rb +++ b/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_type_scopes_controller_spec.rb @@ -10,7 +10,7 @@ module Admin let(:organization) { create(:organization) } let(:admin_user) { create(:user, :confirmed, :admin, organization: organization) } - let(:user) { create(:user, :confirmed, organization: organization) } + let(:user) { create(:user, :confirmed, :admin_terms_accepted, organization: organization) } let(:initiative_type) do create(:initiatives_type, organization: organization) end diff --git a/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_types_controller_spec.rb b/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_types_controller_spec.rb index 8ef1a3cb8e04..865301051891 100644 --- a/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_types_controller_spec.rb +++ b/decidim-initiatives/spec/controllers/decidim/initiatives/admin/initiatives_types_controller_spec.rb @@ -10,7 +10,7 @@ module Admin let(:organization) { create(:organization) } let(:admin_user) { create(:user, :confirmed, :admin, organization: organization) } - let(:user) { create(:user, :confirmed, organization: organization) } + let(:user) { create(:user, :confirmed, :admin_terms_accepted, organization: organization) } let(:initiative_type) do create(:initiatives_type, organization: organization) end diff --git a/decidim-participatory_processes/spec/system/admin/invite_process_admin_spec.rb b/decidim-participatory_processes/spec/system/admin/invite_process_admin_spec.rb index 6245a7ef5d81..b6a9ab76f967 100644 --- a/decidim-participatory_processes/spec/system/admin/invite_process_admin_spec.rb +++ b/decidim-participatory_processes/spec/system/admin/invite_process_admin_spec.rb @@ -27,7 +27,7 @@ find("*[type=submit]").click end - expect(page).to have_current_path "/admin/" + expect(page).to have_current_path "/admin/admin_terms/show" expect(page).to have_content("Dashboard") visit decidim_admin.admin_terms_show_path diff --git a/decidim-participatory_processes/spec/system/admin/invite_process_collaborator_spec.rb b/decidim-participatory_processes/spec/system/admin/invite_process_collaborator_spec.rb index c135da62933b..df4d6272c099 100644 --- a/decidim-participatory_processes/spec/system/admin/invite_process_collaborator_spec.rb +++ b/decidim-participatory_processes/spec/system/admin/invite_process_collaborator_spec.rb @@ -26,7 +26,7 @@ find("*[type=submit]").click end - expect(page).to have_current_path "/admin/" + expect(page).to have_current_path "/admin/admin_terms/show" expect(page).to have_content("Dashboard") visit decidim_admin.admin_terms_show_path diff --git a/decidim-participatory_processes/spec/system/admin/invite_process_moderator_spec.rb b/decidim-participatory_processes/spec/system/admin/invite_process_moderator_spec.rb index 6fe9723de651..a4340f92306f 100644 --- a/decidim-participatory_processes/spec/system/admin/invite_process_moderator_spec.rb +++ b/decidim-participatory_processes/spec/system/admin/invite_process_moderator_spec.rb @@ -25,7 +25,7 @@ find("*[type=submit]").click end - expect(page).to have_current_path "/admin/" + expect(page).to have_current_path "/admin/admin_terms/show" expect(page).to have_content("Dashboard") visit decidim_admin.admin_terms_show_path diff --git a/decidim-templates/app/permissions/decidim/templates/admin/permissions.rb b/decidim-templates/app/permissions/decidim/templates/admin/permissions.rb index 44705723a77d..a7a39f7291ed 100644 --- a/decidim-templates/app/permissions/decidim/templates/admin/permissions.rb +++ b/decidim-templates/app/permissions/decidim/templates/admin/permissions.rb @@ -6,7 +6,7 @@ module Admin class Permissions < Decidim::DefaultPermissions def permissions return permission_action unless user - + return permission_action unless user.admin? return permission_action if permission_action.scope != :admin case permission_action.subject diff --git a/decidim-templates/spec/permissions/decidim/templates/admin/permissions_spec.rb b/decidim-templates/spec/permissions/decidim/templates/admin/permissions_spec.rb index 2cb3186d1ac7..b7126e3aab50 100644 --- a/decidim-templates/spec/permissions/decidim/templates/admin/permissions_spec.rb +++ b/decidim-templates/spec/permissions/decidim/templates/admin/permissions_spec.rb @@ -6,7 +6,7 @@ subject { described_class.new(user, permission_action, context).permissions.allowed? } let(:organization) { create :organization } - let(:user) { create :user, organization: organization } + let(:user) { create :user, :admin, organization: organization } let(:context) do { current_organization: create(:organization) @@ -38,6 +38,15 @@ it_behaves_like "permission is not set" end + context "when user is not admin" do + let(:user) { create(:user, :confirmed, organization: organization) } + let(:action) do + { scope: :admin, action: :read, subject: :template } + end + + it_behaves_like "permission is not set" + end + shared_examples_for "action is allowed" do |scope, action, subject| let(:action) do { scope: scope, action: action, subject: subject } @@ -46,6 +55,12 @@ it { is_expected.to eq true } end + context "when user is admin" do + let(:user) { create(:user, :admin, organization: organization) } + + it_behaves_like "action is allowed", :admin, :index, :templates + end + context "when indexing templates" do it_behaves_like "action is allowed", :admin, :index, :templates end diff --git a/decidim-templates/spec/system/admin/admin_manages_questionnaire_templates_spec.rb b/decidim-templates/spec/system/admin/admin_manages_questionnaire_templates_spec.rb index 9d2984a24456..bc7104d12081 100644 --- a/decidim-templates/spec/system/admin/admin_manages_questionnaire_templates_spec.rb +++ b/decidim-templates/spec/system/admin/admin_manages_questionnaire_templates_spec.rb @@ -4,7 +4,7 @@ describe "Admin manages questionnaire templates", type: :system do let!(:organization) { create :organization } - let!(:user) { create :user, :confirmed, organization: organization } + let!(:user) { create :user, :admin, :confirmed, organization: organization } before do switch_to_host(organization.host) @@ -12,6 +12,10 @@ visit decidim_admin_templates.questionnaire_templates_path end + it_behaves_like "needs admin TOS accepted" do + let(:user) { create(:user, :admin, :confirmed, admin_terms_accepted_at: nil, organization: organization) } + end + describe "listing templates" do let!(:template) { create(:questionnaire_template, organization: organization) }