-
-
Notifications
You must be signed in to change notification settings - Fork 393
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't allow access to admin panel without ToS acceptance
* Don't allow access to admin panel without ToS acceptance * Add redirection to previous page after accepting ToS * Use have_content instead of have_text * Running spellcheck linters * Fix specs * Fix permissions on Templates when user is not admin * Fix specs * Fix i18n string scope from merge * Workaround for admin ToS acceptance in Initiatives After #5736, the initiatives' authors and commitee members should not have access to the admin panel. The problem is that with the change of the Terms of Service acceptance in the admin panel this is changing, so there's still some leftovers in the initiatives' permissions. As I only want to focus on ToS acceptance for now, I'll skip these specs and fix the real problem (cleaning the leftovers from #5736) on another PR to keep this small. * Fix typo * Fix for possible Cookie overflow with a long list of URL params Detected by code review * Remove unecessary namespaces * Fix spec * Bring consistency to the spec messages * "has not accepted" sounds better than "did not accepted" * sometimes I was using "has a message" and other times "shows a message" * sometimes we were using ToS and other times TOS * Add missing specs for Templates' specs * Remove unecessary return Apply suggestions from code review Co-authored-by: Antti Hukkanen <antti.hukkanen@mainiotech.fi> * Fix the stored request.path to not mess with the frontend's stored location Apply suggestions from code review Co-authored-by: Antti Hukkanen <antti.hukkanen@mainiotech.fi> * Fetch from stored_location_for so the session value is cleaned Apply suggestions from code review Co-authored-by: Antti Hukkanen <antti.hukkanen@mainiotech.fi> * Fix traits usages in factories calls Apply suggestions from code review Co-authored-by: Antti Hukkanen <antti.hukkanen@mainiotech.fi> * Introduce "needs admin TOS accepted" shared example * Fix rubocop offenses * Fix rubocop offenses * Make the user configurable for "needs admin TOS accepted" shared example * Fix rubocop offense * Refactor spec to shared examples * Add example for roles that aren't admin --------- Co-authored-by: Alexandru Emil Lupu <contact@alecslupu.ro> Co-authored-by: Antti Hukkanen <antti.hukkanen@mainiotech.fi>
- Loading branch information
1 parent
e6c4f4e
commit b1170ab
Showing
27 changed files
with
309 additions
and
44 deletions.
There are no files selected for viewing
42 changes: 42 additions & 0 deletions
42
decidim-admin/app/controllers/concerns/decidim/admin/needs_admin_tos_accepted.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# frozen_string_literal: true | ||
|
||
module Decidim | ||
module Admin | ||
# Shared behaviour for signed_in admins that require the latest TOS accepted | ||
module NeedsAdminTosAccepted | ||
extend ActiveSupport::Concern | ||
|
||
included do | ||
before_action :tos_accepted_by_admin | ||
end | ||
|
||
private | ||
|
||
def tos_accepted_by_admin | ||
return unless request.format.html? | ||
return unless current_user | ||
return if current_user.admin_terms_accepted? | ||
return if permitted_paths? | ||
|
||
store_location_for( | ||
current_user, | ||
request.path | ||
) | ||
redirect_to admin_tos_path | ||
end | ||
|
||
def permitted_paths? | ||
# ensure that path with or without query string pass | ||
permitted_paths.find { |el| el.split("?").first == request.path } | ||
end | ||
|
||
def permitted_paths | ||
[admin_tos_path, decidim_admin.admin_terms_accept_path] | ||
end | ||
|
||
def admin_tos_path | ||
decidim_admin.admin_terms_show_path | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
decidim-admin/lib/decidim/admin/test/needs_admin_tos_accepted_examples.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# frozen_string_literal: true | ||
|
||
shared_examples_for "needs admin TOS accepted" do | ||
context "when the user has not accepted the admin TOS" do | ||
it "shows a message to accept the admin TOS" do | ||
expect(page).to have_content("Please take a moment to review Admin Terms of Use") | ||
end | ||
end | ||
end |
120 changes: 120 additions & 0 deletions
120
decidim-admin/spec/controllers/concerns/needs_admin_tos_accepted_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
# frozen_string_literal: true | ||
|
||
require "spec_helper" | ||
|
||
module Decidim | ||
module Admin | ||
describe "NeedsAdminTosAccepted", type: :controller do | ||
let!(:organization) { create(:organization) } | ||
|
||
controller do | ||
include NeedsAdminTosAccepted | ||
|
||
def root | ||
render plain: "Root page" | ||
end | ||
|
||
def admin_tos | ||
render plain: "Admin TOS page" | ||
end | ||
|
||
def another | ||
render plain: "Another page" | ||
end | ||
|
||
private | ||
|
||
def permitted_paths | ||
["/root", "/admin_tos"] | ||
end | ||
|
||
def admin_tos_path | ||
"/admin_tos" | ||
end | ||
end | ||
|
||
before do | ||
routes.draw do | ||
get "root" => "anonymous#root" | ||
get "another" => "anonymous#another" | ||
get "admin_tos" => "anonymous#admin_tos" | ||
end | ||
|
||
request.env["decidim.current_organization"] = organization | ||
sign_in user, scope: :user | ||
end | ||
|
||
shared_examples "needs admins' TOS acceptance to access other pages" do | ||
it "allows accessing the root page" do | ||
get :root | ||
|
||
expect(response.body).to have_text("Root page") | ||
end | ||
|
||
it "allows accessing the TOS page" do | ||
get :admin_tos | ||
|
||
expect(response.body).to have_text("Admin TOS page") | ||
end | ||
|
||
it "does not allow accessing another page" do | ||
get :another | ||
|
||
expect(response).to redirect_to("/admin_tos") | ||
expect(response.body).to have_text("You are being redirected") | ||
expect(session[:user_return_to]).to eq("/another") | ||
end | ||
end | ||
|
||
shared_examples "allows accessing all the pages" do | ||
it "allows accessing the root page" do | ||
get :root | ||
|
||
expect(response.body).to have_text("Root page") | ||
end | ||
|
||
it "allows accessing the TOS page" do | ||
get :admin_tos | ||
|
||
expect(response.body).to have_text("Admin TOS page") | ||
end | ||
|
||
it "allows accessing another page" do | ||
get :another | ||
|
||
expect(response.body).to have_text("Another page") | ||
end | ||
end | ||
|
||
context "when the user is an admin" do | ||
context "and has not accepted the TOS" do | ||
let(:user) { create(:user, :admin, :confirmed, admin_terms_accepted_at: nil, organization: organization) } | ||
|
||
it_behaves_like "needs admins' TOS acceptance to access other pages" | ||
end | ||
|
||
context "and has accepted the TOS" do | ||
let(:user) { create(:user, :admin, :confirmed) } | ||
|
||
it_behaves_like "allows accessing all the pages" | ||
end | ||
end | ||
|
||
context "when the user has another role with access to admin panel" do | ||
let(:participatory_process) { create(:participatory_process, organization: organization) } | ||
|
||
context "and has not accepted the TOS" do | ||
let(:user) { create(:process_moderator, confirmed_at: Time.current, admin_terms_accepted_at: nil, participatory_process: participatory_process) } | ||
|
||
it_behaves_like "needs admins' TOS acceptance to access other pages" | ||
end | ||
|
||
context "and has accepted the TOS" do | ||
let(:user) { create(:process_moderator, confirmed_at: Time.current, participatory_process: participatory_process) } | ||
|
||
it_behaves_like "allows accessing all the pages" | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.