Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport 'Add admin permissions for conflicts and logs controllers' to v0.27 #12300

Merged
merged 3 commits into from
Jan 26, 2024
Merged

Backport 'Add admin permissions for conflicts and logs controllers' to v0.27 #12300

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b46f4a4
Add admin permissions for conflicts and logs controllers
alecslupu Dec 29, 2023
2b82faf
Running linters
alecslupu Jan 26, 2024
450d1cf
Fix failing spec
alecslupu Jan 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions decidim-admin/app/controllers/decidim/admin/conflicts_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,16 @@ class ConflictsController < Decidim::Admin::ApplicationController
layout "decidim/admin/users"

def index
enforce_permission_to :index, :impersonatable_user

@conflicts = Decidim::Verifications::Conflict.joins(:current_user).where(
decidim_users: { decidim_organization_id: current_organization.id }
)
end

def edit
enforce_permission_to :index, :impersonatable_user

conflict = Decidim::Verifications::Conflict.find(params[:id])

@form = form(TransferUserForm).from_params(
Expand All @@ -22,6 +26,8 @@ def edit
end

def update
enforce_permission_to :index, :impersonatable_user

conflict = Decidim::Verifications::Conflict.find(params[:id])

@form = form(TransferUserForm).from_params(
Expand Down
2 changes: 2 additions & 0 deletions decidim-admin/app/controllers/decidim/admin/managed_users/impersonation_logs_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ class ImpersonationLogsController < Decidim::Admin::ApplicationController
layout "decidim/admin/users"

def index
enforce_permission_to :index, :impersonatable_user

@impersonation_logs = Decidim::ImpersonationLog.where(user: user).order(started_at: :desc).page(params[:page]).per(15)
end

Expand Down
58 changes: 58 additions & 0 deletions decidim-admin/spec/system/admin_manages_impersonations_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,63 @@ def navigate_to_impersonations_page
click_link "Impersonations"
end

shared_examples_for "prevent undesired access" do
let(:impersonatable_user) { create(:user, managed: true, organization: user.organization) }
let(:impersonatable_user_id) { impersonatable_user.id }

before do
switch_to_host(organization.host)
login_as test_user, scope: :user
end

context "when accessing impersonation logs" do
it "restrict access on logs page" do
impersonatable_user.reload

visit decidim_admin.impersonatable_user_impersonation_logs_path(impersonatable_user_id: impersonatable_user_id)

expect(page).to have_content("You are not authorized to perform this action")
end

it "restrict access on conflicts page" do
visit decidim_admin.conflicts_path

expect(page).to have_content("You are not authorized to perform this action")
end

it "restrict access to conflict page" do
conflict = create(:conflict, managed_user: impersonatable_user)
visit decidim_admin.edit_conflict_path(conflict)

expect(page).to have_content("You are not authorized to perform this action")
end
end
end

context "when access is restricted" do
let(:organization) { create(:organization) }

context "when logged in as process_collaborator" do
let(:process) { create(:participatory_process, organization: organization) }
let(:test_user) { create(:process_collaborator, :confirmed, :admin_terms_accepted, participatory_process: process) }

it_behaves_like "prevent undesired access"
end

context "when logged in as process_valuator" do
let(:process) { create(:participatory_process, organization: organization) }
let(:test_user) { create(:process_valuator, :confirmed, :admin_terms_accepted, participatory_process: process) }

it_behaves_like "prevent undesired access"
end

context "when logged in as process_moderator" do
let(:process) { create(:participatory_process, organization: organization) }
let(:test_user) { create(:process_moderator, :confirmed, :admin_terms_accepted, participatory_process: process) }

it_behaves_like "prevent undesired access"
end
end

it_behaves_like "manage impersonations examples"
end
Loading