sparc-request · kayla-glick · Jun 17, 2016 · Jun 14, 2016 · Jun 15, 2016 · Jun 15, 2016
diff --git a/app/controllers/dashboard/associated_users_controller.rb b/app/controllers/dashboard/associated_users_controller.rb
@@ -27,7 +27,6 @@ class Dashboard::AssociatedUsersController < Dashboard::BaseController
   before_filter :find_admin_for_protocol,                         only: [:index, :new, :create, :edit, :update, :destroy]
   before_filter :protocol_authorizer_view,                        only: [:index]
   before_filter :protocol_authorizer_edit,                        only: [:new, :create, :edit, :update, :destroy]
-  before_filter :find_service_provider_only_admin_organizations,  only: [:create, :update, :destroy]
 
   def index
     @protocol_roles     = @protocol.project_roles
@@ -74,7 +73,6 @@ def create
     if creator.successful?
       if @current_user_created = params[:project_role][:identity_id].to_i == @user.id
         @permission_to_edit = creator.protocol_role.can_edit?
-        @permission_to_view = creator.protocol_role.can_view?
       end
 
       flash.now[:success] = 'Authorized User Added!'
@@ -96,10 +94,9 @@ def update
         @protocol_type      = @protocol.type
         protocol_role       = updater.protocol_role
         @permission_to_edit = protocol_role.can_edit?
-        @permission_to_view = protocol_role.can_view?
 
         #If the user sets themselves to member and they're not an admin, go to dashboard
-        @return_to_dashboard = !(@permission_to_view || @admin)
+        @return_to_dashboard = !(protocol_role.can_view? || @admin)
       end
 
       flash.now[:success] = 'Authorized User Updated!'
@@ -119,12 +116,11 @@ def destroy
 
     @protocol_role.destroy
 
-    if @current_user_destroyed  = protocol_role_clone.identity_id == @user.id
-      @protocol_type            = @protocol.type
-      @permission_to_edit       = false
-      @permission_to_view       = false
+    if @current_user_destroyed = protocol_role_clone.identity_id == @user.id
+      @protocol_type      = @protocol.type
+      @permission_to_edit = false
 
-      #If the user sets themselves to member and they're not an admin, go to dashboard
+      # If the user is no longer an authorized user, if they're not an admin, go to dashboard
       @return_to_dashboard = !@admin
     end
 
@@ -150,10 +146,6 @@ def search_identities
   end
 
 private
-
-  def find_service_provider_only_admin_organizations
-    @sp_only_admin_orgs = @admin ? @user.authorized_admin_organizations({ sp_only: true }) : nil
-  end
 
   def find_protocol_role
     @protocol_role = ProjectRole.find(params[:id])

diff --git a/app/controllers/dashboard/protocols_controller.rb b/app/controllers/dashboard/protocols_controller.rb
@@ -26,7 +26,6 @@ class Dashboard::ProtocolsController < Dashboard::BaseController
   before_filter :find_admin_for_protocol,                         only: [:show, :edit, :update, :update_protocol_type, :display_requests]
   before_filter :protocol_authorizer_view,                        only: [:show, :view_full_calendar, :display_requests]
   before_filter :protocol_authorizer_edit,                        only: [:edit, :update, :update_protocol_type]
-  before_filter :find_service_provider_only_admin_organizations,  only: [:show, :display_requests]
 
   def index
 
@@ -75,7 +74,6 @@ def show
       format.html {
         session[:breadcrumbs].clear.add_crumbs(protocol_id: @protocol.id)
         @permission_to_edit = @authorization.present? ? @authorization.can_edit? : false
-        @permission_to_view = @authorization.present? ? @authorization.can_view? : false
         @protocol_type      = @protocol.type.capitalize
 
         render
@@ -213,9 +211,8 @@ def view_full_calendar
   end
 
   def display_requests
-    permission_to_edit  = @authorization.present? ? @authorization.can_edit? : false
-    permission_to_view  = @authorization.present? ? @authorization.can_view? : false
-    modal               = render_to_string(partial: 'dashboard/protocols/requests_modal', locals: { protocol: @protocol, user: @user, sp_only_admin_orgs: @sp_only_admin_orgs, permission_to_edit: permission_to_edit, permission_to_view: permission_to_view })
+    permission_to_edit = @authorization.present? ? @authorization.can_edit? : false
+    modal              = render_to_string(partial: 'dashboard/protocols/requests_modal', locals: { protocol: @protocol, user: @user, permission_to_edit: permission_to_edit })
 
     data = { modal: modal }
     render json: data
@@ -233,10 +230,6 @@ def find_protocol
     @protocol = Protocol.find(params[:id])
   end
 
-  def find_service_provider_only_admin_organizations
-    @sp_only_admin_orgs = @admin ? @user.authorized_admin_organizations({ sp_only: true }) : nil
-  end
-
   def conditionally_activate_protocol
     if @admin
       if @protocol_type == "Study" && @protocol.virgin_project?

diff --git a/app/controllers/dashboard/sub_service_requests_controller.rb b/app/controllers/dashboard/sub_service_requests_controller.rb
@@ -29,16 +29,8 @@ def index
     service_request       = ServiceRequest.find(params[:srid])
     protocol              = service_request.protocol
     @admin_orgs           = @user.authorized_admin_organizations
-    @permission_to_edit   = protocol.project_roles.where(identity_id: @user.id, project_rights: ['approve', 'request']).any?
-    permission_to_view    = protocol.project_roles.where(identity_id: @user.id, project_rights: ['view', 'approve', 'request']).any?
-
-    @sub_service_requests = if permission_to_view
-                              service_request.sub_service_requests
-                            else
-                              sp_only_admin_orgs = @user.authorized_admin_organizations({ sp_only: true })
-
-                              service_request.sub_service_requests.reject { |ssr| ssr.should_be_hidden_for_sp?(sp_only_admin_orgs) }
-                            end
+    @sub_service_requests = service_request.sub_service_requests.where.not(status: 'first_draft') # TODO: Remove Historical first_draft SSRs and remove this
+    @permission_to_edit   = protocol.project_roles.where(identity: @user, project_rights: ['approve', 'request']).any?
   end
 
   def show

diff --git a/app/models/identity.rb b/app/models/identity.rb
@@ -300,9 +300,9 @@ def can_edit_fulfillment? organization
   ########################### COLLECTION METHODS ################################
   ###############################################################################
 
-  def authorized_admin_organizations(sp_only={sp_only: false})
+  def authorized_admin_organizations
     # returns organizations for which user is service provider or super user
-    Organization.authorized_for_identity(self.id, sp_only[:sp_only]).distinct
+    Organization.authorized_for_identity(self.id)
   end
 
   # Collects all organizations that this identity has catalog manager permissions on, as well as

diff --git a/app/models/organization.rb b/app/models/organization.rb
@@ -67,20 +67,9 @@ class Organization < ActiveRecord::Base
 
   # TODO: In rails 5, the .or operator will be added for ActiveRecord queries. We should try to 
   #       condense this to a single query at that point
-  scope :authorized_for_identity, -> (identity_id, sp_only=false) {
-    super_user_orgs                 = joins(:super_users).where(super_users: {identity_id: identity_id} ).distinct
-    service_provider_orgs           = joins(:service_providers).where(service_providers: {identity_id: identity_id} ).distinct
-
-    super_user_orgs_children        = authorized_child_organizations(super_user_orgs.pluck(:id))
-    service_provider_orgs_children  = authorized_child_organizations(service_provider_orgs.pluck(:id))
-
-    # To get around merge-and in activerecord, we get all the organizations as an array, then convert it back
-    # to an ActiveRecord Relation through another query on the IDs
-    if sp_only
-      Organization.where(id: (service_provider_orgs | service_provider_orgs_children)).where.not(id: (super_user_orgs | super_user_orgs_children)).distinct
-    else
-      Organization.where(id: (super_user_orgs | super_user_orgs_children | service_provider_orgs | service_provider_orgs_children) ).distinct
-    end
+  scope :authorized_for_identity, -> (identity_id) {
+    orgs = includes(:super_users, :service_providers).where("super_users.identity_id = ? or service_providers.identity_id = ?", identity_id, identity_id).references(:super_users, :service_providers).uniq(:organizations)
+    where(id: orgs + Organization.authorized_child_organizations(orgs.map(&:id))).distinct
   }
 
   scope :in_cwf, -> { joins(:tags).where(tags: { name: 'clinical work fulfillment' }) }
@@ -393,6 +382,7 @@ def has_tag? tag
   private
 
   def self.authorized_child_organizations(org_ids)
+    org_ids = org_ids.flatten.compact
     if org_ids.empty?
       []
     else

diff --git a/app/models/protocol.rb b/app/models/protocol.rb
@@ -166,37 +166,21 @@ class Protocol < ActiveRecord::Base
   scope :admin_filter, -> (params) {
     filter, id  = params.split(" ")
     if filter == 'for_admin'
-      return filtered_for_admin(id)
+      for_admin(id)
     elsif filter == 'for_identity'
-      return for_identity_id(id)
+      for_identity_id(id)
     end
   }
 
   scope :for_admin, -> (identity_id) {
     # returns protocols with ssrs in orgs authorized for identity_id
     return nil if identity_id == '0'
-    joins(:organizations).
-      merge( Organization.authorized_for_identity(identity_id) ).distinct
-  }
-
-  scope :filtered_for_admin, -> (identity_id) {
-    # returns protocols with ssrs in orgs authorized for identity_id
-    return nil if identity_id == '0'
 
-    # We want to find all protocols where the user is an Admin AND Authorized User
-    # as they will be filtered out by the SP Only Organizations queries
-    sp_only_admin_orgs        = Organization.authorized_for_identity(identity_id, true)
-
-    if sp_only_admin_orgs.any?
-      admin_protocols           = for_admin(identity_id)
-      authorized_user_protocols = joins(:project_roles).where(project_roles: { identity_id: identity_id })
-      visible_admin_protocols   = admin_protocols.to_a.reject { |p| p.should_be_hidden_for_sp?(sp_only_admin_orgs) }
-
-      # TODO: In rails 5, we can do an or-merge to create a single query for this entire process
-      where(id: (authorized_user_protocols | visible_admin_protocols)).distinct
-    else
-      for_admin(identity_id)
-    end
+    joins(:organizations).
+      merge(Organization.authorized_for_identity(identity_id)).
+    joins(:sub_service_requests).
+      merge(SubServiceRequest.where.not(status: 'first_draft')).
+    distinct
   }
 
   scope :show_archived, -> (boolean) {
@@ -533,8 +517,8 @@ def arm_cleanup
     end
   end
 
-  def should_be_hidden_for_sp?(sp_only_admin_orgs)
-    (service_requests.reject { |sr| sr.should_be_hidden_for_sp?(sp_only_admin_orgs) }).empty?
+  def has_non_first_draft_ssrs?
+    sub_service_requests.where.not(status: 'first_draft').any?
   end
 
   private

diff --git a/app/models/service_request.rb b/app/models/service_request.rb
@@ -572,9 +572,9 @@ def audit_report identity, start_date=self.previous_submitted_at.utc, end_date=T
 
     {:line_items => line_item_audits}
   end
-
-  def should_be_hidden_for_sp?(sp_only_admin_orgs)
-    (sub_service_requests.reject { |ssr| ssr.should_be_hidden_for_sp?(sp_only_admin_orgs) }).empty?
+  
+  def has_non_first_draft_ssrs?
+    sub_service_requests.where.not(status: 'first_draft').any?
   end
 
   private

diff --git a/app/models/sub_service_request.rb b/app/models/sub_service_request.rb
@@ -497,10 +497,6 @@ def audit_report identity, start_date, end_date=Time.now.utc
   end
   ### end audit reporting methods ###
 
-  def should_be_hidden_for_sp?(sp_only_admin_orgs)
-    ['first_draft', 'draft'].include?(status) && sp_only_admin_orgs.count != 0 && (org_tree & sp_only_admin_orgs).empty?
-  end
-
   private
 
   def notify_remote_around_update?

diff --git a/app/views/dashboard/associated_users/create.js.coffee b/app/views/dashboard/associated_users/create.js.coffee
@@ -22,7 +22,7 @@
 $("#modal_errors").html("<%= escape_javascript(render(partial: 'shared/modal_errors', locals: {errors: @errors})) %>")
 <% else %>
 <% if @current_user_created && @permission_to_edit %>
-$("#service-requests-panel").html("<%= escape_javascript(render('dashboard/service_requests/service_requests', protocol: @protocol, sp_only_admin_orgs: @sp_only_admin_orgs, permission_to_edit: @permission_to_edit, permission_to_view: @permission_to_view, user: @user, view_only: false)) %>")
+$("#service-requests-panel").html("<%= escape_javascript(render('dashboard/service_requests/service_requests', protocol: @protocol, permission_to_edit: @permission_to_edit, user: @user, view_only: false)) %>")
 $('.service-requests-table').on 'all.bs.table', ->
   $(this).find('.selectpicker').selectpicker() #Find descendant selectpickers
 $(".service-requests-table").bootstrapTable()

diff --git a/app/views/dashboard/associated_users/destroy.js.coffee b/app/views/dashboard/associated_users/destroy.js.coffee
@@ -24,7 +24,7 @@ window.location = "/dashboard"
 <% elsif @current_user_destroyed && @admin %>
 $("#summary-panel").html("<%= escape_javascript(render('dashboard/protocols/summary', protocol: @protocol, protocol_type: @protocol_type, permission_to_edit: @permission_to_edit || @admin)) %>")
 $("#authorized-users-panel").html("<%= escape_javascript(render('dashboard/associated_users/table', protocol: @protocol, permission_to_edit: @permission_to_edit || @admin)) %>")
-$("#service-requests-panel").html("<%= escape_javascript(render('dashboard/service_requests/service_requests', protocol: @protocol, sp_only_admin_orgs: @sp_only_admin_orgs, permission_to_edit: @permission_to_edit, permission_to_view: @permission_to_view, user: @user, view_only: false)) %>")
+$("#service-requests-panel").html("<%= escape_javascript(render('dashboard/service_requests/service_requests', protocol: @protocol, permission_to_edit: @permission_to_edit, user: @user, view_only: false)) %>")
 $("#associated-users-table").bootstrapTable()
 $('.service-requests-table').on 'all.bs.table', ->
 	$(this).find('.selectpicker').selectpicker() #Find descendant selectpickers

diff --git a/app/views/dashboard/associated_users/update.js.coffee b/app/views/dashboard/associated_users/update.js.coffee
@@ -28,7 +28,7 @@ window.location = "/dashboard"
 <% elsif @current_user_updated %>
 $("#summary-panel").html("<%= escape_javascript(render('dashboard/protocols/summary', protocol: @protocol, protocol_type: @protocol_type, permission_to_edit: @permission_to_edit || @admin)) %>")
 $("#authorized-users-panel").html("<%= escape_javascript(render('dashboard/associated_users/table', protocol: @protocol, permission_to_edit: @permission_to_edit || @admin)) %>")
-$("#service-requests-panel").html("<%= escape_javascript(render('dashboard/service_requests/service_requests', protocol: @protocol, sp_only_admin_orgs: @sp_only_admin_orgs, permission_to_edit: @permission_to_edit, permission_to_view: @permission_to_view, user: @user, view_only: false)) %>")
+$("#service-requests-panel").html("<%= escape_javascript(render('dashboard/service_requests/service_requests', protocol: @protocol, permission_to_edit: @permission_to_edit, user: @user, view_only: false)) %>")
 $("#associated-users-table").bootstrapTable()
 $('.service-requests-table').on 'all.bs.table', ->
   $(this).find('.selectpicker').selectpicker() #Find descendant selectpickers

diff --git a/app/views/dashboard/protocols/_requests_modal.html.haml b/app/views/dashboard/protocols/_requests_modal.html.haml
@@ -26,9 +26,11 @@
       %h4.modal-title.text-center
         = protocol.short_title
     .modal-body
-      - protocol.service_requests.each do |sr|
-        - if sr.sub_service_requests.any? && (permission_to_view || !sr.should_be_hidden_for_sp?(sp_only_admin_orgs))
-          = render 'dashboard/service_requests/protocol_service_request_show', service_request: sr, user: user, permission_to_edit: permission_to_edit, view_only: true
+      - # TODO: Remove Historical first_draft SSRs and remove this
+      - if protocol.has_non_first_draft_ssrs?
+        - protocol.service_requests.each do |sr|
+          - if sr.has_non_first_draft_ssrs?
+            = render 'dashboard/service_requests/protocol_service_request_show', service_request: sr, user: user, permission_to_edit: permission_to_edit, view_only: true
     .modal-footer
       .center-block
         %button.btn.btn-default{type: 'button', data: {dismiss: 'modal'}} 

diff --git a/app/views/dashboard/protocols/show.html.haml b/app/views/dashboard/protocols/show.html.haml
@@ -20,7 +20,7 @@
 .panel-group#protocol_show_information_panel
   = render 'dashboard/protocols/summary', protocol: @protocol, protocol_type: @protocol_type, permission_to_edit: @permission_to_edit || @admin
   = render 'dashboard/associated_users/table', protocol: @protocol, permission_to_edit: @permission_to_edit || @admin
-  = render 'dashboard/service_requests/service_requests', protocol: @protocol, sp_only_admin_orgs: @sp_only_admin_orgs, permission_to_edit: @permission_to_edit, permission_to_view: @permission_to_view, user: @user, view_only: false
+  = render 'dashboard/service_requests/service_requests', protocol: @protocol, super_user_orgs: @super_user_orgs, permission_to_edit: @permission_to_edit, user: @user, view_only: false
 
 :javascript
   $(document).ready( function() {

diff --git a/app/views/dashboard/service_requests/_service_requests.html.haml b/app/views/dashboard/service_requests/_service_requests.html.haml
@@ -25,9 +25,10 @@
       = consolidated_request_buttons_display(protocol)
     .clearfix
   .panel-body
-    - if protocol.sub_service_requests.any?
+    - # TODO: Remove Historical first_draft SSRs and remove this
+    - if protocol.has_non_first_draft_ssrs? 
       - protocol.service_requests.each do |sr|
-        - if sr.sub_service_requests.any? && (permission_to_view || !sr.should_be_hidden_for_sp?(sp_only_admin_orgs))
+        - if sr.has_non_first_draft_ssrs?
           = render 'dashboard/service_requests/protocol_service_request_show', service_request: sr, protocol: protocol, user: user, permission_to_edit: permission_to_edit, view_only: view_only
     - else
       %button.btn.btn-success.btn-sm#add-services-button{ class: permission_to_edit ? '' : 'disabled', type: 'button', data: { permission: permission_to_edit.to_s, protocol_id: protocol.id, action: 'new request' } }

diff --git a/spec/controllers/dashboard/protocols/get_display_requests_spec.rb b/spec/controllers/dashboard/protocols/get_display_requests_spec.rb
@@ -77,7 +77,7 @@
           @protocol       = create(:protocol_without_validations)
           organization    = create(:organization)
           service_request = create(:service_request_without_validations, protocol: @protocol)
-                            create(:sub_service_request_without_validations, organization: organization, service_request: service_request)
+                            create(:sub_service_request_without_validations, organization: organization, service_request: service_request, status: 'draft')
                             create(:super_user, identity: @logged_in_user, organization: organization)
 
           log_in_dashboard_identity(obj: @logged_in_user)
@@ -98,7 +98,7 @@
           @protocol       = create(:protocol_without_validations)
           organization    = create(:organization)
           service_request = create(:service_request_without_validations, protocol: @protocol)
-                            create(:sub_service_request_without_validations, organization: organization, service_request: service_request)
+                            create(:sub_service_request_without_validations, organization: organization, service_request: service_request, status: 'draft')
                             create(:service_provider, identity: @logged_in_user, organization: organization)
 
           log_in_dashboard_identity(obj: @logged_in_user)

diff --git a/spec/controllers/dashboard/protocols/get_edit_spec.rb b/spec/controllers/dashboard/protocols/get_edit_spec.rb
@@ -129,7 +129,7 @@
           @protocol       = create(:protocol_without_validations, type: 'Study', study_type_question_group_id: inactive_study_type_question_group.id)
           organization    = create(:organization)
           service_request = create(:service_request_without_validations, protocol: @protocol)
-                            create(:sub_service_request_without_validations, organization: organization, service_request: service_request)
+                            create(:sub_service_request_without_validations, organization: organization, service_request: service_request, status: 'draft')
                             create(:super_user, identity: @logged_in_user, organization: organization)
 
           log_in_dashboard_identity(obj: @logged_in_user)
@@ -150,7 +150,7 @@
           @protocol       = create(:protocol_without_validations, type: 'Project')
           organization    = create(:organization)
           service_request = create(:service_request_without_validations, protocol: @protocol)
-                            create(:sub_service_request_without_validations, organization: organization, service_request: service_request)
+                            create(:sub_service_request_without_validations, organization: organization, service_request: service_request, status: 'draft')
                             create(:service_provider, identity: @logged_in_user, organization: organization)
 
           log_in_dashboard_identity(obj: @logged_in_user)