Create can_user_access? for ticket (thewca#10570)

* Create can_user_access? for ticket * Review changes
danieljames-dj · Jan 8, 2025 · 1f19d62 · 1f19d62
1 parent 617c64e
commit 1f19d62
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 14 deletions.
diff --git a/app/controllers/tickets_controller.rb b/app/controllers/tickets_controller.rb
@@ -9,22 +9,13 @@ def show
       end
       format.json do
         ticket = Ticket.find(params.require(:id))
-        # requester_stakeholders will have the list of stakeholders where the requester is part of.
-        # For example, if a normal user X requests for a change by creating a ticket, the
-        # stakeholders list will be [X, WRT] (WRT is added as stakeholder because WRT is
-        # responsible for taking action on the ticket). If a WRT member fetches the ticket data,
-        # the value of requester_stakeholders will be [WRT] and if the normal user fetches the
-        # ticket data, the value of requester_stakeholders will be [X]. If the ticket is created by
-        # a WRT member, then the value requester_stakeholders will be [X, WRT] because the user can
-        # be any of the two stakeholders.
-        requester_stakeholders = ticket.user_stakeholders(current_user)
 
         # Currently only stakeholders can access the ticket.
-        return head :unauthorized if requester_stakeholders.empty?
+        return head :unauthorized unless ticket.can_user_access?(current_user)
 
         render json: {
           ticket: ticket,
-          requester_stakeholders: requester_stakeholders,
+          requester_stakeholders: ticket.user_stakeholders(current_user),
         }
       end
     end

diff --git a/app/models/ticket.rb b/app/models/ticket.rb
@@ -9,11 +9,24 @@ class Ticket < ApplicationRecord
   has_many :ticket_stakeholders
   belongs_to :metadata, polymorphic: true
 
+  # user_stakeholders will have the list of stakeholders where the user is part of. For example,
+  # if a normal user X requests for a change by creating a ticket, the stakeholders list will be
+  # [X, WRT] (WRT is added as stakeholder because WRT is responsible for taking action on the
+  # ticket). If a WRT member fetches the ticket data, the value of user_stakeholders will be [WRT]
+  # and if the normal user fetches the ticket data, the value of user_stakeholders will be [X]. If
+  # the ticket is created by a WRT member, then the value user_stakeholders will be [X, WRT] because
+  # the user can be any of the two stakeholders.
   def user_stakeholders(user)
     return [] if user.nil?
-    ticket_stakeholders.select do |ticket_stakeholder|
-      user.active_roles.where(group: ticket_stakeholder.stakeholder).any? || user == ticket_stakeholder.stakeholder
-    end
+    ticket_stakeholders.belongs_to_user(user).or(ticket_stakeholders.belongs_to_groups(user.active_groups))
+  end
+
+  def can_user_access?(user)
+    return false if user.nil?
+    (
+      ticket_stakeholders.belongs_to_user(user).any? ||
+      ticket_stakeholders.belongs_to_groups(user.active_groups).any?
+    )
   end
 
   def action_allowed?(action, user)

diff --git a/app/models/ticket_stakeholder.rb b/app/models/ticket_stakeholder.rb
@@ -9,6 +9,14 @@ class TicketStakeholder < ApplicationRecord
   belongs_to :ticket
   belongs_to :stakeholder, polymorphic: true
 
+  scope :belongs_to_user, lambda { |user_id|
+    where(stakeholder_type: "User", stakeholder_id: user_id)
+  }
+
+  scope :belongs_to_groups, lambda { |group_ids|
+    where(stakeholder_type: "UserGroup", stakeholder_id: group_ids)
+  }
+
   DEFAULT_SERIALIZE_OPTIONS = {
     methods: %w[stakeholder],
   }.freeze

diff --git a/spec/factories/tickets_edit_person.rb b/spec/factories/tickets_edit_person.rb
@@ -19,6 +19,13 @@
           connection: :assigned,
           is_active: true,
         )
+        FactoryBot.create(
+          :ticket_stakeholder,
+          ticket: edit_name_ticket.ticket,
+          stakeholder: FactoryBot.create(:user),
+          connection: :cc,
+          is_active: true,
+        )
       end
     end
 

diff --git a/spec/models/ticket_spec.rb b/spec/models/ticket_spec.rb
@@ -20,4 +20,27 @@
       expect(edit_name_ticket.ticket.user_stakeholders(normal_user).any? { |stakeholder| stakeholder.stakeholder == UserGroup.teams_committees_group_wrt }).to eq(false)
     end
   end
+
+  describe 'can_user_access?' do
+    let(:edit_name_ticket) { FactoryBot.create(:edit_name_ticket) }
+
+    it "can_user_access? returns false if user is nil" do
+      expect(edit_name_ticket.ticket.can_user_access?(nil)).to eq(false)
+    end
+
+    it "can_user_access? returns true if user is a WRT member" do
+      wrt_member = FactoryBot.create(:wrt_member_role).user
+      expect(edit_name_ticket.ticket.can_user_access?(wrt_member)).to eq(true)
+    end
+
+    it "can_user_access? returns true if user is a direct stakeholder" do
+      direct_stakeholder = edit_name_ticket.ticket.ticket_stakeholders.find_by(stakeholder_type: "User")
+      expect(edit_name_ticket.ticket.can_user_access?(direct_stakeholder.stakeholder)).to eq(true)
+    end
+
+    it "can_user_access? returns false if user is a normal user" do
+      normal_user = FactoryBot.create(:user)
+      expect(edit_name_ticket.ticket.can_user_access?(normal_user)).to eq(false)
+    end
+  end
 end