a829b9c5-1dc3-477f-a44e-45890dfc33cb

Committed 24 Nov 2025 02:38PM UTC coverage: 87.586% (-0.5%) from 88.064%

Build # a829b9c5-1dc3-477f-a44e-45890dfc33cb

Build Type

Pull #2235

circleci

Committed by

carolyncole

Commit Message

Do not redirect from home page when login is disabled
fixes #2188

Pull Request Pull Request #2235: Do not redirect from home page when login is disabled

Run Details

1 of 5 new or added lines in 2 files covered. (20.0%)

794 existing lines in 37 files now uncovered.

2787 of 3182 relevant lines covered (87.59%)

361.47 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

76.71

/app/controllers/request_wizards_controller.rb

# frozen_string_literal: true
class RequestWizardsController < ApplicationController
  layout "wizard"
  before_action :set_breadcrumbs

  before_action :set_request_model, only: %i[save]
  before_action :exit_without_saving, only: %i[save]
  before_action :set_or_init_request_model, only: %i[show]
  before_action :check_access

  attr_reader :request_model

  # GET /request_wizards/1
  def show
    # show the current wizard step form
    render_current
  end

  # PUT /request_wizards/1/save
  def save
    # save and render dashboard
    save_request
    case params[:commit]
    when "Back"
      render_back
    when "Next", "Submit"
      render_next
    else
      if params[:commit].start_with?("http")
        # Go directly to the step the user clicked on
        redirect_to params[:commit]
      else
        redirect_to request_path(@request_model)
      end
    end
  end

  private

    def check_access
      return if user_eligible_to_modify_request?

      # request can not be modified by this user, redirect to dashboard
      error_message = "You do not have access to this page."
      flash[:notice] = error_message
      redirect_to dashboard_path
    end

    def exit_without_saving
      if params[:commit] == "Exit without Saving"
        if @request_model.nil?
          redirect_to dashboard_path
        else
          redirect_to request_path(@request_model)
        end
      end
    end

    def render_current
      raise "Must be implemented"
    end

    def render_next
      raise "Must be implemented"
    end

    def render_back
      raise "Must be implemented"
    end

    # Use callbacks to share common setup or constraints between actions.
    def set_request_model
      # do nothing if we are bailing out without creating a request2
      return if params[:request_id] == "0" && params[:commit] == "Exit without Saving"

      @request_model = if params[:request_id] == "0"
                         # on the first page with a brand new request that has not been created
                         req = Request.create(requested_by: current_user.uid)
                         update_sidebar_url(req)
                         req
                       else
                         # on a page when the request has already been created
                         Request.find(params[:request_id])
                       end
    end

    def update_sidebar_url(request_model)
      return unless params[:commit].start_with?("http")

      # take of the zero in the url and replace it with the real request id
      params[:commit] = "#{params[:commit][0..-2]}#{request_model.id}"
    end

    # set if id is present or initialize a blank request if not
    def set_or_init_request_model
      @princeton_departments = Affiliation.all
      @request_model = if params[:request_id].blank?
                         Request.new(id: 0, requested_by: current_user.uid)
                       else
                         Request.find(params[:request_id])
                       end
    end

    def save_request
      request_model.update(request_params)
    end

    # Only allow a list of trusted parameters through.
    def request_params
      request_params = params.fetch(:request, {}).permit(:request_title, :project_title, :state, :data_sponsor, :data_manager,
                                        :project_purpose, :description, :parent_folder, :project_folder, :project_id, :quota,
                                        :requested_by, :storage_size, :storage_unit, :number_of_files, :hpc, :smb, :globus, user_roles: [], departments: [])
      request_params[:storage_unit] ||= "TB"
      if request_params[:departments].present?
        request_params[:departments] = request_params[:departments].compact_blank.map { |dep_str| JSON.parse(dep_str) }
      end
      if request_params[:user_roles].present?
        request_params[:user_roles] = request_params[:user_roles].compact_blank.map do |role_str|
          json = JSON.parse(role_str)
          json["read_only"] = params[:request]["read_only_#{json['uid']}"] == "true"
          json
        end
      end
      request_params
    end

    def set_breadcrumbs
      add_breadcrumb("Dashboard", dashboard_path)
    end

    def user_eligible_to_modify_request?
      # elevated privs for the current user
      if current_user.sysadmin || (current_user.developer && !Rails.env.production?)
        true
      # current user is the requestor
      elsif (@request_model.requested_by == current_user.uid) && !@request_model.submitted?
        true
      # a brand new request
      elsif params[:request_id].blank?
        true
      # no access for any other reason
      else
        false
      end
    end
end

1	# frozen_string_literal: true
2	class RequestWizardsController < ApplicationController	4✔
3	layout "wizard"	4✔
4	before_action :set_breadcrumbs	4✔
5
6	before_action :set_request_model, only: %i[save]	4✔
7	before_action :exit_without_saving, only: %i[save]	4✔
8	before_action :set_or_init_request_model, only: %i[show]	4✔
9	before_action :check_access	4✔
10
11	attr_reader :request_model	4✔
12
13	# GET /request_wizards/1
14	def show	4✔
15	# show the current wizard step form
16	render_current	31✔
17	end
18
19	# PUT /request_wizards/1/save
20	def save	4✔
21	# save and render dashboard
22	save_request	52✔
23	case params[:commit]	52✔
24	when "Back"
25	render_back	11✔
26	when "Next", "Submit"
27	render_next	13✔
28	else
29	if params[:commit].start_with?("http")	28✔
30	# Go directly to the step the user clicked on
31	redirect_to params[:commit]	×
32	else
33	redirect_to request_path(@request_model)	28✔
34	end
35	end
36	end
37
38	private	4✔
39
40	def check_access	4✔
41	return if user_eligible_to_modify_request?	116✔
42
43	# request can not be modified by this user, redirect to dashboard
UNCOV 44	error_message = "You do not have access to this page."	33✔
UNCOV 45	flash[:notice] = error_message	33✔
UNCOV 46	redirect_to dashboard_path	33✔
47	end
48
49	def exit_without_saving	4✔
50	if params[:commit] == "Exit without Saving"	66✔
51	if @request_model.nil?	×
52	redirect_to dashboard_path	×
53	else
54	redirect_to request_path(@request_model)	×
55	end
56	end
57	end
58
59	def render_current	4✔
60	raise "Must be implemented"	×
61	end
62
63	def render_next	4✔
64	raise "Must be implemented"	×
65	end
66
67	def render_back	4✔
68	raise "Must be implemented"	×
69	end
70
71	# Use callbacks to share common setup or constraints between actions.
72	def set_request_model	4✔
73	# do nothing if we are bailing out without creating a request2
74	return if params[:request_id] == "0" && params[:commit] == "Exit without Saving"	66✔
75
76	@request_model = if params[:request_id] == "0"	66✔
77	# on the first page with a brand new request that has not been created
78	req = Request.create(requested_by: current_user.uid)	×
79	update_sidebar_url(req)	×
80	req	×
81	else
82	# on a page when the request has already been created
83	Request.find(params[:request_id])	66✔
84	end
85	end
86
87	def update_sidebar_url(request_model)	4✔
88	return unless params[:commit].start_with?("http")	×
89
90	# take of the zero in the url and replace it with the real request id
91	params[:commit] = "#{params[:commit][0..-2]}#{request_model.id}"	×
92	end
93
94	# set if id is present or initialize a blank request if not
95	def set_or_init_request_model	4✔
96	@princeton_departments = Affiliation.all	50✔
97	@request_model = if params[:request_id].blank?	50✔
98	Request.new(id: 0, requested_by: current_user.uid)	2✔
99	else
100	Request.find(params[:request_id])	48✔
101	end
102	end
103
104	def save_request	4✔
105	request_model.update(request_params)	52✔
106	end
107
108	# Only allow a list of trusted parameters through.
109	def request_params	4✔
110	request_params = params.fetch(:request, {}).permit(:request_title, :project_title, :state, :data_sponsor, :data_manager,	52✔
111	:project_purpose, :description, :parent_folder, :project_folder, :project_id, :quota,
112	:requested_by, :storage_size, :storage_unit, :number_of_files, :hpc, :smb, :globus, user_roles: [], departments: [])
113	request_params[:storage_unit] \|\|= "TB"	52✔
114	if request_params[:departments].present?	52✔
UNCOV 115	request_params[:departments] = request_params[:departments].compact_blank.map { \|dep_str\| JSON.parse(dep_str) }	12✔
116	end
117	if request_params[:user_roles].present?	52✔
118	request_params[:user_roles] = request_params[:user_roles].compact_blank.map do \|role_str\|	×
119	json = JSON.parse(role_str)	×
120	json["read_only"] = params[:request]["read_only_#{json['uid']}"] == "true"	×
121	json	×
122	end
123	end
124	request_params	52✔
125	end
126
127	def set_breadcrumbs	4✔
128	add_breadcrumb("Dashboard", dashboard_path)	116✔
129	end
130
131	def user_eligible_to_modify_request?	4✔
132	# elevated privs for the current user
133	if current_user.sysadmin \|\| (current_user.developer && !Rails.env.production?)	116✔
134	true	79✔
135	# current user is the requestor
UNCOV 136	elsif (@request_model.requested_by == current_user.uid) && !@request_model.submitted?	37✔
UNCOV 137	true	4✔
138	# a brand new request
UNCOV 139	elsif params[:request_id].blank?	33✔
140	true	×
141	# no access for any other reason
142	else
UNCOV 143	false	33✔
144	end
145	end
146	end

pulibrary / tigerdata-app / a829b9c5-1dc3-477f-a44e-45890dfc33cb

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous