From 89d213578f52e6070ac6d27b14d186c4ac899e6b Mon Sep 17 00:00:00 2001 From: Elliot Date: Mon, 13 Jan 2025 13:42:58 -0500 Subject: [PATCH 1/4] Hide time to housing header (#5052) --- .../all_neighbors_system_dashboard/header.rb | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/all_neighbors_system_dashboard/app/models/all_neighbors_system_dashboard/header.rb b/drivers/all_neighbors_system_dashboard/app/models/all_neighbors_system_dashboard/header.rb index 8ae047cff3..dfbca9408c 100644 --- a/drivers/all_neighbors_system_dashboard/app/models/all_neighbors_system_dashboard/header.rb +++ b/drivers/all_neighbors_system_dashboard/app/models/all_neighbors_system_dashboard/header.rb @@ -29,13 +29,13 @@ def header_data name: 'Housing Placements', display_method: :number_with_delimiter, }, - { - id: 'days_to_obtain_housing', - icon: 'icon-house', - value: average_days_to_obtain_housing.round.abs, - name: 'Average Number of Days Between Referral and Housing Move-in', - display_method: :number_with_delimiter, - }, + # { + # id: 'days_to_obtain_housing', + # icon: 'icon-house', + # value: average_days_to_obtain_housing.round.abs, + # name: 'Average Number of Days Between Referral and Housing Move-in', + # display_method: :number_with_delimiter, + # }, { id: 'no_return', icon: 'icon-clip-board-check', From 72d107d6aa3694820163300898ce82477caece86 Mon Sep 17 00:00:00 2001 From: Elliot Date: Mon, 13 Jan 2025 13:59:05 -0500 Subject: [PATCH 2/4] Allow nil mode_of_contact (#5053) --- app/models/health/qualifying_activity.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/health/qualifying_activity.rb b/app/models/health/qualifying_activity.rb index 61c026b3a3..630f540640 100644 --- a/app/models/health/qualifying_activity.rb +++ b/app/models/health/qualifying_activity.rb @@ -209,7 +209,7 @@ def self.date_search(start_date, end_date) end def face_to_face? - mode_of_contact.to_sym.in?(face_to_face_modes) + mode_of_contact&.to_sym.in?(face_to_face_modes) end # Return the string and the key so we can check either From 53125cd5ffb2e93f0ac83641c040221629c61031 Mon Sep 17 00:00:00 2001 From: Elliot Date: Tue, 14 Jan 2025 16:49:10 -0500 Subject: [PATCH 3/4] include linux headers in the dependencies (#5057) --- .github/dependencies.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/dependencies.txt b/.github/dependencies.txt index 0ca7392be7..3ab3a8ecef 100644 --- a/.github/dependencies.txt +++ b/.github/dependencies.txt @@ -32,6 +32,7 @@ libxext libxml2-dev libxrender libxslt-dev +linux-headers nodejs npm nss @@ -49,4 +50,4 @@ ttf-freefont ttf-liberation tzdata yaml-dev -yarn \ No newline at end of file +yarn From a79d56a3dd6fa4428ff8f2504fe18933581930f5 Mon Sep 17 00:00:00 2001 From: Dave G <149399758+dtgreiner@users.noreply.github.com> Date: Tue, 14 Jan 2025 21:26:42 -0500 Subject: [PATCH 4/4] Keep User Groups When Switching from Role-Based to ACLs (#5054) * Keep user group data assigned to user account when switching from role-based permissions to ACLs * move acl checks into separate methods * add spec for changing from lagacy to acls * Add spec fo user group checks when switching from ACLs to role-based * include checking access_group_id field in update method & update spec for additional fields --------- Co-authored-by: Elliot --- app/controllers/admin/users_controller.rb | 31 +++++++++-- spec/requests/admin/users_controller_spec.rb | 54 ++++++++++++++++++++ 2 files changed, 80 insertions(+), 5 deletions(-) diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 075f8283d1..070775da11 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -82,11 +82,11 @@ def update User.transaction do @user.skip_reconfirmation! # Associations don't play well with acts_as_paranoid, so manually clean up user ACLs - @user.user_group_members.where.not(user_group_id: assigned_user_group_ids).destroy_all + @user.user_group_members.where.not(user_group_id: assigned_user_group_ids).destroy_all unless changing_to_acls? # TODO: START_ACL remove when ACL transition complete # Associations don't play well with acts_as_paranoid, so manually clean up user roles - if ! @user.using_acls? + if ! user_using_or_changing_to_acls? @user.user_roles.where.not(role_id: user_params[:legacy_role_ids]&.select(&:present?)).destroy_all @user.access_groups.not_system. where.not(id: user_params[:access_group_ids]&.select(&:present?)).each do |g| @@ -98,12 +98,21 @@ def update end # END_ACL @user.disable_2fa! if user_params[:otp_required_for_login] == 'false' - @user.update!(user_params) + + # The User Group data is not captured for update when using the Role-Based view. This means it will not be included + # in the params when switching from Role-Based permissions to ACLs. In order to prevent wiping out any existing + # user_group_id data, we need to ignore this param when changing to an ACL based permissions. + # The reverse is true for the access_group_ids field. + params_to_update = user_params + params_to_update = params_to_update.except(:user_group_ids) if changing_to_acls? + params_to_update = params_to_update.except(:access_group_ids) if changing_to_role_based? + @user.update!(params_to_update) + # if we have a user to copy user groups from, add them - copy_user_groups if @user.using_acls? + copy_user_groups if user_using_or_changing_to_acls? # TODO: START_ACL remove when ACL transition complete # Restore any health roles we previously had - if ! @user.using_acls? + if ! user_using_or_changing_to_acls? @user.legacy_roles = (@user.legacy_roles + existing_health_roles).uniq @user.set_viewables viewable_params end @@ -148,6 +157,18 @@ def title_for_index 'User List' end + private def changing_to_acls? + params[:user][:permission_context] == 'acls' && @user.permission_context != params[:user][:permission_context] + end + + private def changing_to_role_based? + params[:user][:permission_context] == 'role_based' && @user.permission_context != params[:user][:permission_context] + end + + private def user_using_or_changing_to_acls? + @user.using_acls? || changing_to_acls? + end + private def adding_admin? @adding_admin ||= begin adding_admin = false diff --git a/spec/requests/admin/users_controller_spec.rb b/spec/requests/admin/users_controller_spec.rb index 68dd41acd1..033be93d00 100644 --- a/spec/requests/admin/users_controller_spec.rb +++ b/spec/requests/admin/users_controller_spec.rb @@ -47,5 +47,59 @@ expect(updated_user.reload.notify_on_client_added).to be true end end + + context 'when updating user from Role-Based to ACLs' do + let!(:legacy_user) { create :user } + let!(:user_group) { create :user_group } + let!(:role) { create :role } + let!(:access_group) { create :access_group } + + it 'updated user keeps fields' do + user_group.add(legacy_user) + legacy_user.legacy_roles << role + legacy_user.access_groups << access_group + legacy_user.save! + # Ensure the orignal user is using role-based permissions and is assigned the user group + expect(legacy_user.permission_context).to eq('role_based') + expect(legacy_user.user_group_ids).to eq([user_group.id]) + expect(legacy_user.legacy_role_ids).to eq([role.id]) + expect(legacy_user.access_group_ids.include?(access_group.id)).to be true + # The Role-Based user edit form does not include a field for user_group_ids. As a result, it will + # not be included in the parameters sent when switching from Role-Based permissions to ACLs + patch admin_user_path(legacy_user), params: { user: { permission_context: 'acls', access_group_ids: [access_group.id] } } + # Ensure the updated user is using ACLs and is still assigned the user group + expect(legacy_user.reload.permission_context).to eq('acls') + expect(legacy_user.reload.user_group_ids).to eq([user_group.id]) + expect(legacy_user.reload.legacy_role_ids).to eq([role.id]) + expect(legacy_user.reload.access_group_ids.include?(access_group.id)).to be true + end + end + + context 'when updating user from ACLs to Role-Based' do + let!(:acl_user) { create(:acl_user) } + let!(:user_group) { create :user_group } + let!(:role) { create :role } + let!(:access_group) { create :access_group } + + it 'updated user keeps fields' do + user_group.add(acl_user) + acl_user.legacy_roles << role + acl_user.access_groups << access_group + acl_user.save! + # Ensure the orignal user is using role-based permissions and is assigned the user group + expect(acl_user.permission_context).to eq('acls') + expect(acl_user.user_group_ids).to eq([user_group.id]) + expect(acl_user.legacy_role_ids).to eq([role.id]) + expect(acl_user.access_group_ids.include?(access_group.id)).to be true + # The ACL user edit form includes a field for user_group_ids. As a result, it will be + # included in the parameters sent when switching from ACLs to Role-Based permissions + patch admin_user_path(acl_user), params: { user: { permission_context: 'role_based', user_group_ids: [user_group.id] } } + # Ensure the updated user is using ACLs and is still assigned the user group + expect(acl_user.reload.permission_context).to eq('role_based') + expect(acl_user.reload.user_group_ids).to eq([user_group.id]) + expect(acl_user.reload.legacy_role_ids).to eq([role.id]) + expect(acl_user.reload.access_group_ids.include?(access_group.id)).to be true + end + end end end