Merge branch 'release-148' into dg/acl_reports-7121

.github/dependencies.txt

@@ -32,6 +32,7 @@ libxext
 libxml2-dev
 libxrender
 libxslt-dev
+linux-headers
 nodejs
 npm
 nss
@@ -49,4 +50,4 @@ ttf-freefont
 ttf-liberation
 tzdata
 yaml-dev
-yarn
+yarn

app/controllers/admin/users_controller.rb

@@ -82,11 +82,11 @@ def update
         User.transaction do
           @user.skip_reconfirmation!
           # Associations don't play well with acts_as_paranoid, so manually clean up user ACLs
-          @user.user_group_members.where.not(user_group_id: assigned_user_group_ids).destroy_all
+          @user.user_group_members.where.not(user_group_id: assigned_user_group_ids).destroy_all unless changing_to_acls?
 
           # TODO: START_ACL remove when ACL transition complete
           # Associations don't play well with acts_as_paranoid, so manually clean up user roles
-          if ! @user.using_acls?
+          if ! user_using_or_changing_to_acls?
             @user.user_roles.where.not(role_id: user_params[:legacy_role_ids]&.select(&:present?)).destroy_all
             @user.access_groups.not_system.
               where.not(id: user_params[:access_group_ids]&.select(&:present?)).each do |g|
@@ -98,12 +98,21 @@ def update
           end
           # END_ACL
           @user.disable_2fa! if user_params[:otp_required_for_login] == 'false'
-          @user.update!(user_params)
+
+          # The User Group data is not captured for update when using the Role-Based view. This means it will not be included
+          # in the params when switching from Role-Based permissions to ACLs. In order to prevent wiping out any existing
+          # user_group_id data, we need to ignore this param when changing to an ACL based permissions.
+          # The reverse is true for the access_group_ids field.
+          params_to_update = user_params
+          params_to_update = params_to_update.except(:user_group_ids) if changing_to_acls?
+          params_to_update = params_to_update.except(:access_group_ids) if changing_to_role_based?
+          @user.update!(params_to_update)
+
           # if we have a user to copy user groups from, add them
-          copy_user_groups if @user.using_acls?
+          copy_user_groups if user_using_or_changing_to_acls?
           # TODO: START_ACL remove when ACL transition complete
           # Restore any health roles we previously had
-          if ! @user.using_acls?
+          if ! user_using_or_changing_to_acls?
             @user.legacy_roles = (@user.legacy_roles + existing_health_roles).uniq
             @user.set_viewables viewable_params
           end
@@ -148,6 +157,18 @@ def title_for_index
       'User List'
     end
 
+    private def changing_to_acls?
+      params[:user][:permission_context] == 'acls' && @user.permission_context != params[:user][:permission_context]
+    end
+
+    private def changing_to_role_based?
+      params[:user][:permission_context] == 'role_based' && @user.permission_context != params[:user][:permission_context]
+    end
+
+    private def user_using_or_changing_to_acls?
+      @user.using_acls? || changing_to_acls?
+    end
+
     private def adding_admin?
       @adding_admin ||= begin
         adding_admin = false

app/models/health/qualifying_activity.rb

@@ -209,7 +209,7 @@ def self.date_search(start_date, end_date)
     end
 
     def face_to_face?
-      mode_of_contact.to_sym.in?(face_to_face_modes)
+      mode_of_contact&.to_sym.in?(face_to_face_modes)
     end
 
     # Return the string and the key so we can check either

drivers/all_neighbors_system_dashboard/app/models/all_neighbors_system_dashboard/header.rb

@@ -29,13 +29,13 @@ def header_data
           name: 'Housing Placements',
           display_method: :number_with_delimiter,
         },
-        {
-          id: 'days_to_obtain_housing',
-          icon: 'icon-house',
-          value: average_days_to_obtain_housing.round.abs,
-          name: 'Average Number of Days Between Referral and Housing Move-in',
-          display_method: :number_with_delimiter,
-        },
+        # {
+        #   id: 'days_to_obtain_housing',
+        #   icon: 'icon-house',
+        #   value: average_days_to_obtain_housing.round.abs,
+        #   name: 'Average Number of Days Between Referral and Housing Move-in',
+        #   display_method: :number_with_delimiter,
+        # },
         {
           id: 'no_return',
           icon: 'icon-clip-board-check',

spec/requests/admin/users_controller_spec.rb

@@ -47,5 +47,59 @@
         expect(updated_user.reload.notify_on_client_added).to be true
       end
     end
+
+    context 'when updating user from Role-Based to ACLs' do
+      let!(:legacy_user)  { create :user }
+      let!(:user_group)   { create :user_group }
+      let!(:role)         { create :role }
+      let!(:access_group) { create :access_group }
+
+      it 'updated user keeps fields' do
+        user_group.add(legacy_user)
+        legacy_user.legacy_roles << role
+        legacy_user.access_groups << access_group
+        legacy_user.save!
+        # Ensure the orignal user is using role-based permissions and is assigned the user group
+        expect(legacy_user.permission_context).to eq('role_based')
+        expect(legacy_user.user_group_ids).to eq([user_group.id])
+        expect(legacy_user.legacy_role_ids).to eq([role.id])
+        expect(legacy_user.access_group_ids.include?(access_group.id)).to be true
+        # The Role-Based user edit form does not include a field for user_group_ids. As a result, it will
+        # not be included in the parameters sent when switching from Role-Based permissions to ACLs
+        patch admin_user_path(legacy_user), params: { user: { permission_context: 'acls', access_group_ids: [access_group.id] } }
+        # Ensure the updated user is using ACLs and is still assigned the user group
+        expect(legacy_user.reload.permission_context).to eq('acls')
+        expect(legacy_user.reload.user_group_ids).to eq([user_group.id])
+        expect(legacy_user.reload.legacy_role_ids).to eq([role.id])
+        expect(legacy_user.reload.access_group_ids.include?(access_group.id)).to be true
+      end
+    end
+
+    context 'when updating user from ACLs to Role-Based' do
+      let!(:acl_user)   { create(:acl_user) }
+      let!(:user_group) { create :user_group }
+      let!(:role)       { create :role }
+      let!(:access_group) { create :access_group }
+
+      it 'updated user keeps fields' do
+        user_group.add(acl_user)
+        acl_user.legacy_roles << role
+        acl_user.access_groups << access_group
+        acl_user.save!
+        # Ensure the orignal user is using role-based permissions and is assigned the user group
+        expect(acl_user.permission_context).to eq('acls')
+        expect(acl_user.user_group_ids).to eq([user_group.id])
+        expect(acl_user.legacy_role_ids).to eq([role.id])
+        expect(acl_user.access_group_ids.include?(access_group.id)).to be true
+        # The ACL user edit form includes a field for user_group_ids. As a result, it will be
+        # included in the parameters sent when switching from ACLs to Role-Based permissions
+        patch admin_user_path(acl_user), params: { user: { permission_context: 'role_based', user_group_ids: [user_group.id] } }
+        # Ensure the updated user is using ACLs and is still assigned the user group
+        expect(acl_user.reload.permission_context).to eq('role_based')
+        expect(acl_user.reload.user_group_ids).to eq([user_group.id])
+        expect(acl_user.reload.legacy_role_ids).to eq([role.id])
+        expect(acl_user.reload.access_group_ids.include?(access_group.id)).to be true
+      end
+    end
   end
 end