9dbcf7a4-1c56-4510-9614-74ad5a22cff6

Committed 31 Jul 2024 02:46PM UTC coverage: 1.08% (-95.1%) from 96.17%

Build # 9dbcf7a4-1c56-4510-9614-74ad5a22cff6

Build Type

push

circleci

Committed by

jrgriffiniii

Commit Message

wip

Run Details

52 of 4814 relevant lines covered (1.08%)

0.01 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/app/controllers/users_controller.rb

# frozen_string_literal: true
class UsersController < ApplicationController
  # Constants set by the <form> <input> parameters transmitted using POST/PATCH/PUT requests
  GROUP_MESSAGING_DISABLED = "0"
  GROUP_MESSAGING_ENABLED = "1"

  # Notice that `set_user` sets the value of the user that we are viewing or editing
  # while `authenticate_user` sets the value of the current logged in user.
  # These values can be different (e.g. when an admin users is editing the information
  # of another user)
  before_action :set_user, only: %i[show edit update]
  before_action :authenticate_user!

  def index
    @users = User.all.sort_by { |user| user.family_name || "" }
  end

  # GET /users/1
  def show
    @search_terms = params["q"].presence
    @can_edit = can_edit?
    @my_dashboard = current_user.id == @user.id
    render "forbidden", status: :forbidden if !current_user.super_admin? && !@my_dashboard

    @unfinished_works = WorkList.unfinished_works(@user, @search_terms)
    @completed_works = WorkList.completed_works(@user, @search_terms)
    @withdrawn_works = WorkList.withdrawn_works(@user, @search_terms)
    @works_found = @unfinished_works.length + @completed_works.length + @withdrawn_works.length
  end

  # GET /users/1/edit
  def edit
    unless can_edit?
      Rails.logger.warn("Unauthorized to edit user #{@user.id} (current user: #{current_user.id})")
      redirect_to user_path(@user)
    end
  end

  # PATCH/PUT /users/1 or /users/1.json
  def update
    if can_edit?
      respond_to do |format|
        update_groups_with_messaging if user_params.key?(:groups_with_messaging)

        if @user.update(user_params)
          format.html { redirect_to user_url(@user), notice: "User was successfully updated." }
          format.json { render :show, status: :ok, location: @user }
        else
          format.html { render :edit, status: :unprocessable_entity }
          format.json { render json: @user.errors, status: :unprocessable_entity }
        end
      end
    else
      Rails.logger.warn("Unauthorized to update user #{@user.id} (current user: #{current_user.id})")
      redirect_to user_path(@user)
    end
  end

  private

    # Use callbacks to share common setup or constraints between actions.
    def set_user
      user_id = user_id_from_url
      @user = User.friendly.find(user_id)
      redirect_to action: action_name, id: @user.friendly_id, status: :moved_permanently unless @user.friendly_id == user_id
    end

    def user_id_from_url
      # For external users UID is in the form `user-name@gmail.com`, however, Rails eats the ".com" from
      # the UID and dumps it into the `format` param. Here we make sure the ".com" is preserved when the
      # UID looks to be an external user id.
      external_uid = params[:id].include?("@")
      if external_uid && params["format"] == "com"
        "#{params[:id]}.#{params['format']}"
      else
        params[:id]
      end
    end

    # Only allow a list of trusted parameters through.
    def user_params
      @user_params ||= params.require(:user).permit([:given_name, :full_name, :family_name, :orcid, :email_messages_enabled, groups_with_messaging: {}])
    end

    def can_edit?
      current_user.id == @user.id or current_user.super_admin?
    end

    def parameter_enables_messaging?(form_value)
      form_value.to_s == GROUP_MESSAGING_ENABLED
    end

    def update_groups_with_messaging
      if user_params.key?(:groups_with_messaging)
        extracted = user_params.extract!(:groups_with_messaging)
        groups_with_messaging = extracted[:groups_with_messaging]

        groups_with_messaging.each_pair do |id, param|
          group_id, subcommunity = id.split("_")
          selected_group = Group.find_by(id: group_id)

          if parameter_enables_messaging?(param)
            selected_group.enable_messages_for(user: @user, subcommunity:)
          else
            selected_group.disable_messages_for(user: @user, subcommunity:)
          end
        end
      end
    end
end

1	# frozen_string_literal: true
2	class UsersController < ApplicationController	×
3	# Constants set by the <form> <input> parameters transmitted using POST/PATCH/PUT requests
4	GROUP_MESSAGING_DISABLED = "0"	×
5	GROUP_MESSAGING_ENABLED = "1"	×
6
7	# Notice that `set_user` sets the value of the user that we are viewing or editing
8	# while `authenticate_user` sets the value of the current logged in user.
9	# These values can be different (e.g. when an admin users is editing the information
10	# of another user)
11	before_action :set_user, only: %i[show edit update]	×
12	before_action :authenticate_user!	×
13
14	def index	×
15	@users = User.all.sort_by { \|user\| user.family_name \|\| "" }	×
16	end	×
17
18	# GET /users/1
19	def show	×
20	@search_terms = params["q"].presence	×
21	@can_edit = can_edit?	×
22	@my_dashboard = current_user.id == @user.id	×
23	render "forbidden", status: :forbidden if !current_user.super_admin? && !@my_dashboard	×
24
25	@unfinished_works = WorkList.unfinished_works(@user, @search_terms)	×
26	@completed_works = WorkList.completed_works(@user, @search_terms)	×
27	@withdrawn_works = WorkList.withdrawn_works(@user, @search_terms)	×
28	@works_found = @unfinished_works.length + @completed_works.length + @withdrawn_works.length	×
29	end	×
30
31	# GET /users/1/edit
32	def edit	×
33	unless can_edit?	×
34	Rails.logger.warn("Unauthorized to edit user #{@user.id} (current user: #{current_user.id})")	×
35	redirect_to user_path(@user)	×
36	end	×
37	end	×
38
39	# PATCH/PUT /users/1 or /users/1.json
40	def update	×
41	if can_edit?	×
42	respond_to do \|format\|	×
43	update_groups_with_messaging if user_params.key?(:groups_with_messaging)	×
44
45	if @user.update(user_params)	×
46	format.html { redirect_to user_url(@user), notice: "User was successfully updated." }	×
47	format.json { render :show, status: :ok, location: @user }	×
48	else	×
49	format.html { render :edit, status: :unprocessable_entity }	×
50	format.json { render json: @user.errors, status: :unprocessable_entity }	×
51	end	×
52	end	×
53	else	×
54	Rails.logger.warn("Unauthorized to update user #{@user.id} (current user: #{current_user.id})")	×
55	redirect_to user_path(@user)	×
56	end	×
57	end	×
58
59	private	×
60
61	# Use callbacks to share common setup or constraints between actions.
62	def set_user	×
63	user_id = user_id_from_url	×
64	@user = User.friendly.find(user_id)	×
65	redirect_to action: action_name, id: @user.friendly_id, status: :moved_permanently unless @user.friendly_id == user_id	×
66	end	×
67
68	def user_id_from_url	×
69	# For external users UID is in the form `user-name@gmail.com`, however, Rails eats the ".com" from
70	# the UID and dumps it into the `format` param. Here we make sure the ".com" is preserved when the
71	# UID looks to be an external user id.
72	external_uid = params[:id].include?("@")	×
73	if external_uid && params["format"] == "com"	×
74	"#{params[:id]}.#{params['format']}"	×
75	else	×
76	params[:id]	×
77	end	×
78	end	×
79
80	# Only allow a list of trusted parameters through.
81	def user_params	×
82	@user_params \|\|= params.require(:user).permit([:given_name, :full_name, :family_name, :orcid, :email_messages_enabled, groups_with_messaging: {}])	×
83	end	×
84
85	def can_edit?	×
86	current_user.id == @user.id or current_user.super_admin?	×
87	end	×
88
89	def parameter_enables_messaging?(form_value)	×
90	form_value.to_s == GROUP_MESSAGING_ENABLED	×
91	end	×
92
93	def update_groups_with_messaging	×
94	if user_params.key?(:groups_with_messaging)	×
95	extracted = user_params.extract!(:groups_with_messaging)	×
96	groups_with_messaging = extracted[:groups_with_messaging]	×
97
98	groups_with_messaging.each_pair do \|id, param\|	×
99	group_id, subcommunity = id.split("_")	×
100	selected_group = Group.find_by(id: group_id)	×
101
102	if parameter_enables_messaging?(param)	×
103	selected_group.enable_messages_for(user: @user, subcommunity:)	×
104	else	×
105	selected_group.disable_messages_for(user: @user, subcommunity:)	×
106	end	×
107	end	×
108	end	×
109	end	×
110	end	×

pulibrary / pdc_describe / 9dbcf7a4-1c56-4510-9614-74ad5a22cff6

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous