Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GYR1-690 allow site coordinators to edit site coordinator and team member accounts #5688

Merged
merged 7 commits into from
Mar 8, 2025
Merged

GYR1-690 allow site coordinators to edit site coordinator and team member accounts #5688

merged 7 commits into from
Mar 8, 2025

Conversation

jenny-heath
Copy link
Contributor

Link to pivotal/JIRA issue

Is PM acceptance required? (delete one)

  • Yes - don't merge until JIRA issue is accepted!

Reminder: merge main into this branch and get green tests before merging to main

What was done?

  • Added permission for site coordinators to manage other site coordinators and team members in their site(s)
  • One of the tests was mocking a method (accessible_vita_partners) that wasn't being used in the relevant part of the ability file so we replaced the mocking with just setting up the actual db associations

How to test?

  • One spec in ability file and one on the users controller to see that it shows on the page

Screenshots (for visual changes)

  • Before
image
  • After
image

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 6, 2025

Heroku app: https://gyr-review-app-5688-41b74de38d4e.herokuapp.com/
View logs: heroku logs --app gyr-review-app-5688 (optionally add --tail)

embarnard
embarnard approved these changes Mar 6, 2025
View reviewed changes
Copy link
Contributor

@embarnard embarnard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! But I would check on actions, see comment

app/lib/ability.rb Outdated
@@ -189,6 +188,9 @@ def initialize(user)
end

if user.site_coordinator?
can :manage, User, id: User.where(role: SiteCoordinatorRole.assignable_to_sites(user.role.sites)).pluck(:id)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would just check with product that we want to include all these actions, for example I'm not sure if we want to allow them to destroy users (we use suspend/unsuspend instead) so something like might be more accurate:

Suggested change
can :manage, User, id: User.where(role: SiteCoordinatorRole.assignable_to_sites(user.role.sites)).pluck(:id)
can [:update, :create, :update, :unsuspend, :suspend (and any other custom actions)], User, id: User.where(role: SiteCoordinatorRole.assignable_to_sites(user.role.sites)).pluck(:id)

app/lib/ability.rb Outdated
@@ -189,6 +188,9 @@ def initialize(user)
end

if user.site_coordinator?
can :manage, User, id: User.where(role: SiteCoordinatorRole.assignable_to_sites(user.role.sites)).pluck(:id)
can :manage, User, id: User.where(role: TeamMemberRole.assignable_to_sites(user.role.sites)).pluck(:id)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess instead of including all those custom actions you could also just add a cannot after the lines like for example

Suggested change
can :manage, User, id: User.where(role: TeamMemberRole.assignable_to_sites(user.role.sites)).pluck(:id)
can :manage, User, id: User.where(role: TeamMemberRole.assignable_to_sites(user.role.sites)).pluck(:id)
cannot :destroy, User

anisharamnani
anisharamnani reviewed Mar 7, 2025
View reviewed changes
app/lib/ability.rb
@@ -189,6 +188,9 @@ def initialize(user)
end

if user.site_coordinator?
can [:suspend, :unsuspend, :update, :unlock, :resend_invitation], User, id: User.where(role: SiteCoordinatorRole.assignable_to_sites(user.role.sites)).pluck(:id)
Copy link
Contributor

@anisharamnani anisharamnani Mar 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @embarnard for flagging the actions! These are the updated ones.

anisharamnani and others added 2 commits March 6, 2025 17:25
anisharamnani
anisharamnani reviewed Mar 7, 2025
View reviewed changes
app/lib/pdf_filler/id39r_pdf.rb Outdated
@@ -8,7 +8,6 @@ def source_pdf_name

def initialize(submission)
@submission = submission
@intake = submission.data_source
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙈 i was switching between branches and did the wrong thing

@anisharamnani
Merge remote-tracking branch 'origin/main' into GYR1-690-allow-site-c…
579cab7 
…oordinators-to-edit-site-coordinator-and-team-member-accounts
@anisharamnani anisharamnani merged commit e1abeb5 into main Mar 8, 2025
7 checks passed
@anisharamnani anisharamnani deleted the GYR1-690-allow-site-coordinators-to-edit-site-coordinator-and-team-member-accounts branch March 8, 2025 00:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anisharamnani anisharamnani anisharamnani left review comments

@embarnard embarnard embarnard approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jenny-heath @anisharamnani @embarnard