9091a1ae-29be-458c-984a-339d213919c4

Committed 12 Dec 2024 07:41PM UTC coverage: 26.434% (-69.7%) from 96.113%

Build # 9091a1ae-29be-458c-984a-339d213919c4

Build Type

Pull #2000

circleci

Committed by

jrgriffiniii

Commit Message

Removing integration with ActiveStorage

Pull Request Pull Request #2000: Bump actionpack from 7.2.1.1 to 7.2.2.1

Run Details

945 of 3575 relevant lines covered (26.43%)

0.35 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

1.75

/app/controllers/users_controller.rb

# frozen_string_literal: true
class UsersController < ApplicationController
  # Constants set by the <form> <input> parameters transmitted using POST/PATCH/PUT requests
  GROUP_MESSAGING_DISABLED = "0"
  GROUP_MESSAGING_ENABLED = "1"

  # Notice that `set_user` sets the value of the user that we are viewing or editing
  # while `authenticate_user` sets the value of the current logged in user.
  # These values can be different (e.g. when an admin users is editing the information
  # of another user)
  before_action :set_user, only: %i[show edit update]
  before_action :authenticate_user!

  def index
    @users = User.all.sort_by { |user| user.family_name || "" }
  end

  # GET /users/1
  def show
    @search_terms = params["q"].presence
    @can_edit = can_edit?
    @my_dashboard = current_user.id == @user.id
    render "forbidden", status: :forbidden if !current_user.super_admin? && !@my_dashboard

    @unfinished_works = WorkList.unfinished_works(@user, @search_terms)
    @completed_works = WorkList.completed_works(@user, @search_terms)
    @withdrawn_works = WorkList.withdrawn_works(@user, @search_terms)
    @works_found = @unfinished_works.length + @completed_works.length + @withdrawn_works.length
  end

  # GET /users/1/edit
  def edit
    unless can_edit?
      Rails.logger.warn("Unauthorized to edit user #{@user.id} (current user: #{current_user.id})")
      redirect_to user_path(@user)
    end
  end

  # PATCH/PUT /users/1 or /users/1.json
  def update
    if can_edit?
      respond_to do |format|
        update_groups_with_messaging if user_params.key?(:groups_with_messaging)

        if @user.update(user_params)
          format.html { redirect_to user_url(@user), notice: "User was successfully updated." }
          format.json { render :show, status: :ok, location: @user }
        else
          # return 200 so the loadbalancer doesn't capture the error
          format.html { render :edit }
          format.json { render json: @user.errors }
        end
      end
    else
      Rails.logger.warn("Unauthorized to update user #{@user.id} (current user: #{current_user.id})")
      redirect_to user_path(@user)
    end
  end

  private

    # Use callbacks to share common setup or constraints between actions.
    def set_user
      user_id = user_id_from_url
      @user = User.friendly.find(user_id)
      redirect_to action: action_name, id: @user.friendly_id, status: :moved_permanently unless @user.friendly_id == user_id
    end

    def user_id_from_url
      # For external users UID is in the form `user-name@gmail.com`, however, Rails eats the ".com" from
      # the UID and dumps it into the `format` param. Here we make sure the ".com" is preserved when the
      # UID looks to be an external user id.
      external_uid = params[:id].include?("@")
      if external_uid && params["format"] == "com"
        "#{params[:id]}.#{params['format']}"
      else
        params[:id]
      end
    end

    # Only allow a list of trusted parameters through.
    def user_params
      @user_params ||= params.require(:user).permit([
                                                      :given_name, :full_name, :family_name, :orcid, :email_messages_enabled,
                                                      :email, :default_group_id, groups_with_messaging: {}
                                                    ])
    end

    def can_edit?
      current_user.id == @user.id or current_user.super_admin?
    end

    def parameter_enables_messaging?(form_value)
      form_value.to_s == GROUP_MESSAGING_ENABLED
    end

    def update_groups_with_messaging
      if user_params.key?(:groups_with_messaging)
        extracted = user_params.extract!(:groups_with_messaging)
        groups_with_messaging = extracted[:groups_with_messaging]

        groups_with_messaging.each_pair do |id, param|
          group_id, subcommunity = id.split("_")
          selected_group = Group.find_by(id: group_id)

          if parameter_enables_messaging?(param)
            selected_group.enable_messages_for(user: @user, subcommunity:)
          else
            selected_group.disable_messages_for(user: @user, subcommunity:)
          end
        end
      end
    end
end

1	# frozen_string_literal: true
2	class UsersController < ApplicationController	1✔
3	# Constants set by the <form> <input> parameters transmitted using POST/PATCH/PUT requests
4	GROUP_MESSAGING_DISABLED = "0"	×
5	GROUP_MESSAGING_ENABLED = "1"	×
6
7	# Notice that `set_user` sets the value of the user that we are viewing or editing
8	# while `authenticate_user` sets the value of the current logged in user.
9	# These values can be different (e.g. when an admin users is editing the information
10	# of another user)
11	before_action :set_user, only: %i[show edit update]	×
12	before_action :authenticate_user!	×
13
14	def index	×
15	@users = User.all.sort_by { \|user\| user.family_name \|\| "" }	×
16	end
17
18	# GET /users/1
19	def show	×
20	@search_terms = params["q"].presence	×
21	@can_edit = can_edit?	×
22	@my_dashboard = current_user.id == @user.id	×
23	render "forbidden", status: :forbidden if !current_user.super_admin? && !@my_dashboard	×
24
25	@unfinished_works = WorkList.unfinished_works(@user, @search_terms)	×
26	@completed_works = WorkList.completed_works(@user, @search_terms)	×
27	@withdrawn_works = WorkList.withdrawn_works(@user, @search_terms)	×
28	@works_found = @unfinished_works.length + @completed_works.length + @withdrawn_works.length	×
29	end
30
31	# GET /users/1/edit
32	def edit	×
33	unless can_edit?	×
34	Rails.logger.warn("Unauthorized to edit user #{@user.id} (current user: #{current_user.id})")	×
35	redirect_to user_path(@user)	×
36	end
37	end
38
39	# PATCH/PUT /users/1 or /users/1.json
40	def update	×
41	if can_edit?	×
42	respond_to do \|format\|	×
43	update_groups_with_messaging if user_params.key?(:groups_with_messaging)	×
44
45	if @user.update(user_params)	×
46	format.html { redirect_to user_url(@user), notice: "User was successfully updated." }	×
47	format.json { render :show, status: :ok, location: @user }	×
48	else
49	# return 200 so the loadbalancer doesn't capture the error
50	format.html { render :edit }	×
51	format.json { render json: @user.errors }	×
52	end
53	end
54	else
55	Rails.logger.warn("Unauthorized to update user #{@user.id} (current user: #{current_user.id})")	×
56	redirect_to user_path(@user)	×
57	end
58	end
59
60	private	×
61
62	# Use callbacks to share common setup or constraints between actions.
63	def set_user	×
64	user_id = user_id_from_url	×
65	@user = User.friendly.find(user_id)	×
66	redirect_to action: action_name, id: @user.friendly_id, status: :moved_permanently unless @user.friendly_id == user_id	×
67	end
68
69	def user_id_from_url	×
70	# For external users UID is in the form `user-name@gmail.com`, however, Rails eats the ".com" from
71	# the UID and dumps it into the `format` param. Here we make sure the ".com" is preserved when the
72	# UID looks to be an external user id.
73	external_uid = params[:id].include?("@")	×
74	if external_uid && params["format"] == "com"	×
75	"#{params[:id]}.#{params['format']}"	×
76	else
77	params[:id]	×
78	end
79	end
80
81	# Only allow a list of trusted parameters through.
82	def user_params	×
83	@user_params \|\|= params.require(:user).permit([	×
84	:given_name, :full_name, :family_name, :orcid, :email_messages_enabled,
85	:email, :default_group_id, groups_with_messaging: {}
86	])
87	end
88
89	def can_edit?	×
90	current_user.id == @user.id or current_user.super_admin?	×
91	end
92
93	def parameter_enables_messaging?(form_value)	×
94	form_value.to_s == GROUP_MESSAGING_ENABLED	×
95	end
96
97	def update_groups_with_messaging	×
98	if user_params.key?(:groups_with_messaging)	×
99	extracted = user_params.extract!(:groups_with_messaging)	×
100	groups_with_messaging = extracted[:groups_with_messaging]	×
101
102	groups_with_messaging.each_pair do \|id, param\|	×
103	group_id, subcommunity = id.split("_")	×
104	selected_group = Group.find_by(id: group_id)	×
105
106	if parameter_enables_messaging?(param)	×
107	selected_group.enable_messages_for(user: @user, subcommunity:)	×
108	else
109	selected_group.disable_messages_for(user: @user, subcommunity:)	×
110	end
111	end
112	end
113	end
114	end

pulibrary / pdc_describe / 9091a1ae-29be-458c-984a-339d213919c4

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous