b6e4a7c7-d411-4822-a760-84eba5096a52

Committed 01 Dec 2025 03:02PM UTC coverage: 74.875% (-12.7%) from 87.594%

Build # b6e4a7c7-d411-4822-a760-84eba5096a52

Build Type

Pull #2251

circleci

Committed by

carolyncole

Commit Message

Updating the department select to utilize LuxInputMultiSelect
The component only allows an item to be selected once (only for non asynch results which departments are).
fiexs #2134

Pull Request Pull Request #2251: Updating the department select to utilize LuxInputMultiSelect

Run Details

2390 of 3192 relevant lines covered (74.87%)

215.79 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

68.52

/app/models/user.rb

# frozen_string_literal: true

require "csv"
class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :rememberable, :omniauthable

  has_many :user_requests, dependent: :destroy

  paginates_per 100

  USER_REGISTRATION_LIST = Rails.root.join("data", "user_registration_list_#{Rails.env}.csv")

  attr_accessor :mediaflux_session

  def self.from_cas(access_token)
    user = User.find_by(provider: access_token.provider, uid: access_token.uid)
    if user.present? && user.given_name.nil? # fix any users that do not have the name information loaded
      user.initialize_name_values(access_token.extra)
      user.save
    end
    user
  end

  # Users that can be project sponsors
  def self.sponsor_users
    if Rails.env.development? || Rails.env.staging?
      User.where(eligible_sponsor: true).or(User.where(developer: true))
    else
      User.where(eligible_sponsor: true)
    end
  end

  # Users that can be data managers
  def self.manager_users
    if Rails.env.development? || Rails.env.staging?
      User.where(eligible_manager: true).or(User.where(developer: true))
    else
      User.where(eligible_manager: true)
    end
  end

  def clear_mediaflux_session(session)
    Rails.logger.debug("!!!!!!! Clearing Mediaflux session !!!!!!!!")
    @mediaflux_session = nil
    session[:mediaflux_session] = nil
  end

  def mediaflux_from_session(session)
    logger.debug "Session Get #{session[:mediaflux_session]} cas: #{session[:active_web_user]}  user: #{uid}"
    if session[:mediaflux_session].blank?
      logger.debug("!!!! Creating a new session !!! #{uid}")
      session[:mediaflux_session] = SystemUser.mediaflux_session
      session[:active_web_user] = false
    end
    @active_web_user = session[:active_web_user]
    @mediaflux_session = session[:mediaflux_session]
  end

  def mediaflux_login(token, session)
    logger.debug("mediaflux session created for #{uid}")
    logon_request = Mediaflux::LogonRequest.new(identity_token: token, token_type: "cas")
    if logon_request.error?
      raise "Invalid Logon #{logon_request.response_error}"
    end
    @mediaflux_session = logon_request.session_token
    @active_web_user = true
    session[:mediaflux_session] = @mediaflux_session
    session[:active_web_user] = @active_web_user
    logger.debug "Login Session #{session[:mediaflux_session]} cas: #{session[:active_web_user]}  user: #{uid}"

    User.update_user_roles(user: self)
  end

  def terminate_mediaflux_session
    return if @mediaflux_session.nil? # nothing to terminate
    logger.debug "!!!! Terminating mediaflux session"

    Mediaflux::LogoutRequest.new(session_token: @mediaflux_session).response_body
    @mediaflux_session = nil
  end

  # Initialize the name values from the CAS information.
  # Our name fields do not match their name fields, so we need to translate.
  def initialize_name_values(extra_cas_info)
    self.given_name = extra_cas_info.givenname
    self.family_name =  extra_cas_info.sn
    self.display_name = extra_cas_info.pudisplayname
  end

  # Return the display name if it exists, otherwise return the uid
  # @return [String]
  def display_name_safe
    return uid if given_name.blank? && family_name.blank?

    [given_name, family_name, "(#{uid})"].compact.join(" ")
  end

  # Return the display name if it exists, otherwise return the uid
  # @return [String]
  def display_name_only_safe
    return uid if given_name.blank? && family_name.blank?
    [given_name, family_name].compact.join(" ")
  end

  # Is this user eligible to be a data sponsor in this environment?
  # @return [Boolean]
  def eligible_sponsor?
    return true if developer
    super
  end

  # Is this user eligible to be a data manger in this environment?
  # @return [Boolean]
  def eligible_manager?
    return true if developer
    super
  end

  def developer?
    return true if developer
    super
  end

  # Is this user eligible to be a data user in this environment?
  # @return [Boolean]
  def eligible_data_user?
    return true if developer
    return true if !eligible_sponsor? && !eligible_manager
  end

  # Is this user eligible to be a sysadmin in this environment?
  # @return [Boolean]
  def eligible_sysadmin?
    (!Rails.env.production? && (developer || sysadmin)) || (Rails.env.production? && sysadmin)
  end

  def eligible_to_create_new?
    return true if eligible_sysadmin?

    !Rails.env.production? && (eligible_sponsor? && trainer?)
  end

  # Methods serialize_into_session() and serialize_from_session() are called by Warden/Devise
  # to calculate what information will be stored in the session and to serialize an object
  # back from the session.
  #
  # By default Warden/Devise store the database ID of the record (e.g. User.id) but this causes
  # problems if we repopulate our User table and the IDs change. The implementation provided below
  # uses the User.uid field (which is unique, does not change, and it's required) as the value to
  # store in the session to prevent this issue.
  #
  # References:
  #   https://stackoverflow.com/questions/23597718/what-is-the-warden-data-in-a-rails-devise-session-composed-of/23683925#23683925
  #   https://web.archive.org/web/20211028103224/https://tadas-s.github.io/ruby-on-rails/2020/08/02/devise-serialize-into-session-trick/
  #   https://github.com/wardencommunity/warden/wiki/Setup
  def self.serialize_into_session(record)
    # The return value _must_ have at least two elements since the serialize_from_session() requires
    # two arguments (see below)
    [record.uid, ""]
  end

  def self.serialize_from_session(key, _salt, _opts = {})
    User.where(uid: key)&.first
  end

  # Fetches the most recent download jobs for the user
  def latest_downloads(limit: 10)
    @latest_downloads ||= begin
                            downloads = UserRequest.where(user_id: id).where(["completion_time > ?", 7.days.ago]).order(created_at: "DESC").limit(limit)
                            downloads.map{|download| UserRequestPresenter.new(download)}
                          end
  end

  # Updates the user's roles (sys admin, developer) depending on the information on Mediaflux.
  # This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.
  def self.update_user_roles(user:)
    raise "User.update_user_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?

    mediaflux_roles = mediaflux_roles(user:)
    update_developer_status(user:, mediaflux_roles:)
    update_sysadmin_status(user:, mediaflux_roles:)
  rescue => ex
    Rails.logger.error("Error updating roles for user (id: #{user.id}) status, error: #{ex.message}")
  end

  # Returns the roles in Mediaflux for the user in the session.
  # This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.
  def self.mediaflux_roles(user:)
    raise "User.mediaflux_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?

    request = Mediaflux::ActorSelfDescribeRequest.new(session_token: user.mediaflux_session)
    request.resolve
    request.roles
  end

  private

  def self.update_developer_status(user:, mediaflux_roles:)
    # TODO: Figure out why the role name is different in staging from production:
    #   production:   "pu-smb-group:PU:tigerdata:librarydevelopers"
    #   staging:      "pu-oit-group:PU:tigerdata:librarydevelopers"
    #   development:  "pu-lib:developer"
    #   test:         "system-administrator"
    developer_now = mediaflux_roles.include?("pu-smb-group:PU:tigerdata:librarydevelopers") ||
      mediaflux_roles.include?("pu-oit-group:PU:tigerdata:librarydevelopers") ||
      mediaflux_roles.include?("pu-lib:developer") ||
      mediaflux_roles.include?("system-administrator")
    if user.developer != developer_now
      # Only update the record in the database if there is a change
      Rails.logger.info("Updating developer role for user #{user.id} to #{developer_now}")
      user.developer = developer_now
      user.save!
    end
  end

  def self.update_sysadmin_status(user:, mediaflux_roles:)
    sysadmin_now = mediaflux_roles.include?("system-administrator")
    if user.sysadmin != sysadmin_now
      # Only update the record in the database if there is a change
      Rails.logger.info("Updating sysadmin role for user #{user.id} to #{sysadmin_now}")
      user.sysadmin = sysadmin_now
      user.save!
    end
  end
end

1	# frozen_string_literal: true
2
3	require "csv"	4✔
4	class User < ApplicationRecord	4✔
5	# Include default devise modules. Others available are:
6	# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
7	devise :rememberable, :omniauthable	4✔
8
9	has_many :user_requests, dependent: :destroy	4✔
10
11	paginates_per 100	4✔
12
13	USER_REGISTRATION_LIST = Rails.root.join("data", "user_registration_list_#{Rails.env}.csv")	4✔
14
15	attr_accessor :mediaflux_session	4✔
16
17	def self.from_cas(access_token)	4✔
18	user = User.find_by(provider: access_token.provider, uid: access_token.uid)	×
19	if user.present? && user.given_name.nil? # fix any users that do not have the name information loaded	×
20	user.initialize_name_values(access_token.extra)	×
21	user.save	×
22	end
23	user	×
24	end
25
26	# Users that can be project sponsors
27	def self.sponsor_users	4✔
28	if Rails.env.development? \|\| Rails.env.staging?	×
29	User.where(eligible_sponsor: true).or(User.where(developer: true))	×
30	else
31	User.where(eligible_sponsor: true)	×
32	end
33	end
34
35	# Users that can be data managers
36	def self.manager_users	4✔
37	if Rails.env.development? \|\| Rails.env.staging?	×
38	User.where(eligible_manager: true).or(User.where(developer: true))	×
39	else
40	User.where(eligible_manager: true)	×
41	end
42	end
43
44	def clear_mediaflux_session(session)	4✔
45	Rails.logger.debug("!!!!!!! Clearing Mediaflux session !!!!!!!!")	×
46	@mediaflux_session = nil	×
47	session[:mediaflux_session] = nil	×
48	end
49
50	def mediaflux_from_session(session)	4✔
51	logger.debug "Session Get #{session[:mediaflux_session]} cas: #{session[:active_web_user]} user: #{uid}"	376✔
52	if session[:mediaflux_session].blank?	376✔
53	logger.debug("!!!! Creating a new session !!! #{uid}")	128✔
54	session[:mediaflux_session] = SystemUser.mediaflux_session	128✔
55	session[:active_web_user] = false	128✔
56	end
57	@active_web_user = session[:active_web_user]	376✔
58	@mediaflux_session = session[:mediaflux_session]	376✔
59	end
60
61	def mediaflux_login(token, session)	4✔
62	logger.debug("mediaflux session created for #{uid}")	×
63	logon_request = Mediaflux::LogonRequest.new(identity_token: token, token_type: "cas")	×
64	if logon_request.error?	×
65	raise "Invalid Logon #{logon_request.response_error}"	×
66	end
67	@mediaflux_session = logon_request.session_token	×
68	@active_web_user = true	×
69	session[:mediaflux_session] = @mediaflux_session	×
70	session[:active_web_user] = @active_web_user	×
71	logger.debug "Login Session #{session[:mediaflux_session]} cas: #{session[:active_web_user]} user: #{uid}"	×
72
73	User.update_user_roles(user: self)	×
74	end
75
76	def terminate_mediaflux_session	4✔
77	return if @mediaflux_session.nil? # nothing to terminate	×
78	logger.debug "!!!! Terminating mediaflux session"	×
79
80	Mediaflux::LogoutRequest.new(session_token: @mediaflux_session).response_body	×
81	@mediaflux_session = nil	×
82	end
83
84	# Initialize the name values from the CAS information.
85	# Our name fields do not match their name fields, so we need to translate.
86	def initialize_name_values(extra_cas_info)	4✔
87	self.given_name = extra_cas_info.givenname	×
88	self.family_name = extra_cas_info.sn	×
89	self.display_name = extra_cas_info.pudisplayname	×
90	end
91
92	# Return the display name if it exists, otherwise return the uid
93	# @return [String]
94	def display_name_safe	4✔
95	return uid if given_name.blank? && family_name.blank?	243✔
96
97	[given_name, family_name, "(#{uid})"].compact.join(" ")	243✔
98	end
99
100	# Return the display name if it exists, otherwise return the uid
101	# @return [String]
102	def display_name_only_safe	4✔
103	return uid if given_name.blank? && family_name.blank?	160✔
104	[given_name, family_name].compact.join(" ")	160✔
105	end
106
107	# Is this user eligible to be a data sponsor in this environment?
108	# @return [Boolean]
109	def eligible_sponsor?	4✔
110	return true if developer	43✔
111	super	43✔
112	end
113
114	# Is this user eligible to be a data manger in this environment?
115	# @return [Boolean]
116	def eligible_manager?	4✔
117	return true if developer	17✔
118	super	17✔
119	end
120
121	def developer?	4✔
122	return true if developer	13✔
123	super	13✔
124	end
125
126	# Is this user eligible to be a data user in this environment?
127	# @return [Boolean]
128	def eligible_data_user?	4✔
129	return true if developer	23✔
130	return true if !eligible_sponsor? && !eligible_manager	23✔
131	end
132
133	# Is this user eligible to be a sysadmin in this environment?
134	# @return [Boolean]
135	def eligible_sysadmin?	4✔
136	(!Rails.env.production? && (developer \|\| sysadmin)) \|\| (Rails.env.production? && sysadmin)	318✔
137	end
138
139	def eligible_to_create_new?	4✔
140	return true if eligible_sysadmin?	×
141
142	!Rails.env.production? && (eligible_sponsor? && trainer?)	×
143	end
144
145	# Methods serialize_into_session() and serialize_from_session() are called by Warden/Devise
146	# to calculate what information will be stored in the session and to serialize an object
147	# back from the session.
148	#
149	# By default Warden/Devise store the database ID of the record (e.g. User.id) but this causes
150	# problems if we repopulate our User table and the IDs change. The implementation provided below
151	# uses the User.uid field (which is unique, does not change, and it's required) as the value to
152	# store in the session to prevent this issue.
153	#
154	# References:
155	# https://stackoverflow.com/questions/23597718/what-is-the-warden-data-in-a-rails-devise-session-composed-of/23683925#23683925
156	# https://web.archive.org/web/20211028103224/https://tadas-s.github.io/ruby-on-rails/2020/08/02/devise-serialize-into-session-trick/
157	# https://github.com/wardencommunity/warden/wiki/Setup
158	def self.serialize_into_session(record)	4✔
159	# The return value _must_ have at least two elements since the serialize_from_session() requires
160	# two arguments (see below)
161	[record.uid, ""]	134✔
162	end
163
164	def self.serialize_from_session(key, _salt, _opts = {})	4✔
165	User.where(uid: key)&.first	257✔
166	end
167
168	# Fetches the most recent download jobs for the user
169	def latest_downloads(limit: 10)	4✔
170	@latest_downloads \|\|= begin	68✔
171	downloads = UserRequest.where(user_id: id).where(["completion_time > ?", 7.days.ago]).order(created_at: "DESC").limit(limit)	67✔
172	downloads.map{\|download\| UserRequestPresenter.new(download)}	69✔
173	end
174	end
175
176	# Updates the user's roles (sys admin, developer) depending on the information on Mediaflux.
177	# This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.
178	def self.update_user_roles(user:)	4✔
179	raise "User.update_user_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?	1✔
180
181	mediaflux_roles = mediaflux_roles(user:)	1✔
182	update_developer_status(user:, mediaflux_roles:)	1✔
183	update_sysadmin_status(user:, mediaflux_roles:)	1✔
184	rescue => ex
185	Rails.logger.error("Error updating roles for user (id: #{user.id}) status, error: #{ex.message}")	×
186	end
187
188	# Returns the roles in Mediaflux for the user in the session.
189	# This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.
190	def self.mediaflux_roles(user:)	4✔
191	raise "User.mediaflux_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?	66✔
192
193	request = Mediaflux::ActorSelfDescribeRequest.new(session_token: user.mediaflux_session)	65✔
194	request.resolve	65✔
195	request.roles	65✔
196	end
197
198	private	4✔
199
200	def self.update_developer_status(user:, mediaflux_roles:)	4✔
201	# TODO: Figure out why the role name is different in staging from production:
202	# production: "pu-smb-group:PU:tigerdata:librarydevelopers"
203	# staging: "pu-oit-group:PU:tigerdata:librarydevelopers"
204	# development: "pu-lib:developer"
205	# test: "system-administrator"
206	developer_now = mediaflux_roles.include?("pu-smb-group:PU:tigerdata:librarydevelopers") \|\|	1✔
207	mediaflux_roles.include?("pu-oit-group:PU:tigerdata:librarydevelopers") \|\|
208	mediaflux_roles.include?("pu-lib:developer") \|\|
209	mediaflux_roles.include?("system-administrator")
210	if user.developer != developer_now	1✔
211	# Only update the record in the database if there is a change
212	Rails.logger.info("Updating developer role for user #{user.id} to #{developer_now}")	1✔
213	user.developer = developer_now	1✔
214	user.save!	1✔
215	end
216	end
217
218	def self.update_sysadmin_status(user:, mediaflux_roles:)	4✔
219	sysadmin_now = mediaflux_roles.include?("system-administrator")	1✔
220	if user.sysadmin != sysadmin_now	1✔
221	# Only update the record in the database if there is a change
222	Rails.logger.info("Updating sysadmin role for user #{user.id} to #{sysadmin_now}")	1✔
223	user.sysadmin = sysadmin_now	1✔
224	user.save!	1✔
225	end
226	end
227	end

pulibrary / tigerdata-app / b6e4a7c7-d411-4822-a760-84eba5096a52

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous