Reduce permissions of WRT member to seniors + leader (thewca#9582)

* Reduce permissions of WRT member to seniors + leader * Review changes * Removed moving of generate db token page
danieljames-dj · Jul 20, 2024 · 07b229b · 07b229b
1 parent d4ef3df
commit 07b229b
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 1 deletion.
diff --git a/app/controllers/panel_controller.rb b/app/controllers/panel_controller.rb
@@ -50,6 +50,7 @@ def self.panel_pages
       officersEditor: "officers-editor",
       regionsAdmin: "regions-admin",
       downloadVoters: "download-voters",
+      generateDbToken: "generate-db-token",
     }
   end
 end
diff --git a/app/models/roles_metadata_teams_committees.rb b/app/models/roles_metadata_teams_committees.rb
@@ -10,6 +10,8 @@ class RolesMetadataTeamsCommittees < ApplicationRecord
   has_one :user_role, as: :metadata
   has_one :user, through: :user_role
 
+  scope :at_least_senior_member, -> { where(status: [RolesMetadataTeamsCommittees.statuses[:senior_member], RolesMetadataTeamsCommittees.statuses[:leader]]) }
+
   def at_least_senior_member?
     user_role.status_rank >= UserRole.status_rank(UserGroup.group_types[:teams_committees], RolesMetadataTeamsCommittees.statuses[:senior_member])
   end

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -26,7 +26,9 @@ class User < ApplicationRecord
   has_many :roles, class_name: "UserRole"
   has_many :active_roles, -> { active }, class_name: "UserRole"
   has_many :delegate_role_metadata, through: :active_roles, source: :metadata, source_type: "RolesMetadataDelegateRegions"
+  has_many :teams_committees_at_least_senior_role_metadata, -> { at_least_senior_member }, through: :active_roles, source: :metadata, source_type: "RolesMetadataTeamsCommittees"
   has_many :delegate_roles, -> { includes(:group, :metadata) }, through: :delegate_role_metadata, source: :user_role, class_name: "UserRole"
+  has_many :at_least_senior_teams_committees_roles, through: :teams_committees_at_least_senior_role_metadata, source: :user_role, class_name: "UserRole"
   has_many :confirmed_users_claiming_wca_id, -> { confirmed_email }, foreign_key: "delegate_id_to_handle_wca_id_claim", class_name: "User"
   has_many :oauth_applications, class_name: 'Doorkeeper::Application', as: :owner
   has_many :oauth_access_grants, class_name: 'Doorkeeper::AccessGrant', foreign_key: :resource_owner_id
@@ -445,6 +447,10 @@ def locale
     active_roles.any? { |role| role.group == group }
   end
 
+  private def at_least_senior_teams_committees_member?(group)
+    at_least_senior_teams_committees_roles.where(group_id: group.id).exists?
+  end
+
   private def group_leader?(group)
     group.lead_user == self
   end
@@ -493,6 +499,10 @@ def results_team?
     group_member?(UserGroup.teams_committees_group_wrt)
   end
 
+  private def senior_results_team?
+    at_least_senior_teams_committees_member?(UserGroup.teams_committees_group_wrt)
+  end
+
   private def software_team?
     group_member?(UserGroup.teams_committees_group_wst)
   end
@@ -1323,7 +1333,7 @@ def can_access_senior_delegate_panel?
   def can_access_panel?(panel_id)
     case panel_id
     when :admin
-      admin? || results_team?
+      admin? || senior_results_team?
     when :staff
       staff?
     when :delegate

diff --git a/app/webpacker/components/Panel/PanelPages.jsx b/app/webpacker/components/Panel/PanelPages.jsx
@@ -3,6 +3,7 @@ import {
   countryBandsUrl,
   subordinateDelegateClaimsUrl,
   subordinateUpcomingCompetitionsUrl,
+  generateDbTokenUrl,
 } from '../../lib/requests/routes.js.erb';
 import PostingCompetitionsTable from '../PostingCompetitions';
 import EditPerson from './pages/EditPerson';
@@ -129,4 +130,8 @@ export default {
     name: 'Download Voters',
     component: DownloadVoters,
   },
+  [PANEL_PAGES.generateDbToken]: {
+    name: 'Generate DB Token',
+    link: generateDbTokenUrl,
+  },
 };
diff --git a/app/webpacker/lib/requests/routes.js.erb b/app/webpacker/lib/requests/routes.js.erb
@@ -147,6 +147,7 @@ export const countryBandsUrl = `<%= CGI.unescape(Rails.application.routes.url_he
 export const subordinateDelegateClaimsUrl = `<%= CGI.unescape(Rails.application.routes.url_helpers.pending_claims_path) %>`;
 export const subordinateUpcomingCompetitionsUrl = `<%= CGI.unescape(Rails.application.routes.url_helpers.competitions_for_senior_path) %>`;
 export const wfcCompetitionsExportUrl = `<%= CGI.unescape(Rails.application.routes.url_helpers.wfc_competitions_export_path) %>`;
+export const generateDbTokenUrl = `<%= CGI.unescape(Rails.application.routes.url_helpers.admin_generate_db_token_path) %>`
 
 export const wfcXeroUsersUrl = `<%= CGI.unescape(Rails.application.routes.url_helpers.api_v0_wfc_xero_users_path) %>`;
 

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
@@ -799,4 +799,15 @@
       expect(senior_delegate.has_permission?(:can_edit_groups, asia_region.id)).to be false
     end
   end
+
+  describe "at_least_senior_teams_committees_roles has_many relation" do
+    it "returns the senior/leader roles for a user" do
+      user = FactoryBot.create(:user)
+      wrt_role = FactoryBot.create(:wrt_member_role, user: user)
+      wsot_leader_role = FactoryBot.create(:wsot_leader_role, user: user)
+      wrc_senior_member_role = FactoryBot.create(:wrc_senior_member_role, user: user)
+      expect(user.at_least_senior_teams_committees_roles).to include(wsot_leader_role, wrc_senior_member_role)
+      expect(user.at_least_senior_teams_committees_roles).not_to include(wrt_role)
+    end
+  end
 end