diff --git a/app/models/person.rb b/app/models/person.rb index 556994930..06118c97f 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -98,6 +98,11 @@ class Person < ApplicationRecord .merge(Affiliation.active) .distinct } + scope :where_user_not_locked, -> { + left_joins(:user).where(users: { locked_at: nil }).or( + left_joins(:user).where(users: { id: nil }) + ) + } scope :organization_name, ->(organization_name) { return all if organization_name.blank? left_joins(affiliations: :organization) diff --git a/app/policies/person_policy.rb b/app/policies/person_policy.rb index 199d254b0..de5351663 100644 --- a/app/policies/person_policy.rb +++ b/app/policies/person_policy.rb @@ -34,7 +34,7 @@ def search? relation_scope do |relation| next relation if admin? - relation.searchable.with_active_affiliations + relation.searchable.with_active_affiliations.where_user_not_locked end private diff --git a/spec/policies/person_policy_spec.rb b/spec/policies/person_policy_spec.rb index f95fcf550..77aedbf97 100644 --- a/spec/policies/person_policy_spec.rb +++ b/spec/policies/person_policy_spec.rb @@ -124,11 +124,13 @@ def policy_for(record: nil, user:) context "with regular user" do let(:policy) { policy_for(record: Person, user: regular_user) } - it "filters to searchable people with active affiliations" do + it "filters to searchable people with active affiliations and unlocked users" do scope = policy.apply_scope(Person.all, type: :active_record_relation) - expect(scope.to_sql).to include('`people`.`profile_is_searchable` = TRUE') - expect(scope.to_sql).to include('INNER JOIN `affiliations`') - expect(scope.to_sql).to include('`affiliations`.`inactive` = FALSE') + sql = scope.to_sql + expect(sql).to include('`people`.`profile_is_searchable` = TRUE') + expect(sql).to include('INNER JOIN `affiliations`') + expect(sql).to include('`affiliations`.`inactive` = FALSE') + expect(sql).to include('`users`.`locked_at` IS NULL') end end end