Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify that our only user role is "admin" and simplify code #13047

Merged
merged 5 commits into from
Jan 17, 2025
Merged

Clarify that our only user role is "admin" and simplify code #13047

merged 5 commits into from
Jan 17, 2025

Conversation

mkllnk
Copy link
Member

@mkllnk mkllnk commented Dec 18, 2024

What? Why?

Whenever I needed to make a user account admin in the console I had to type Spree::Role.find_by(name: "admin"). This was unnecessarily long, especially since we don't use any other roles. The database seeding was also adding the "user" role but we never use it. So here are a few steps to simplify this:

  • A new method Spree::Role.admin to access that role easily.
  • Removing the option of the user role from the UI so that people don't wonder what it's for.
  • Simplify code better prepared for getting rid of Spree::Role altogether

Shall we replace Spree::Role.admin with an admin flag on the user?

I would love to hear your thoughts around this. It would replace two database tables with one boolean column on spree_users. I'm sure it would have a positive effect on performance and simplify the code base further. And I think that I could do that in one or two hours.

What should we test?

Specs cover this quite well. We can't test the setup of a new instance. I tested db:reset and ofn:sample_data. So I would suggest a minimal check of the worst case scenario:

  • Sign up as new enterprise user.
  • Verify that you don't have super-admin access.
  • Make that user super-admin. Check.
  • Remove super-admin flag from the user. Check.

Release notes

Changelog Category (reviewers may add a label for the release notes):

  • User facing changes
  • API changes (V0, V1, DFC or Webhook)
  • Technical changes only
  • Feature toggled

The title of the pull request will be included in the release notes.

Dependencies

Documentation updates

@mkllnk
Use plain static value for spree_roles
fa82f80
@mkllnk
Remove unused user role from seeding
a529d95 
We only ever check for the admin role.
@mkllnk
Use only admin role, on demand
a7140d1 
We are now creating the role on demand which removes the need for
seeding it as well.
@mkllnk
Replace has_spree_role? with simpler admin?
54f83b4 
We have only one role, so let's get rid of the unneeded method.

Now we are in a better place to get rid of Spree::Role and replace it
with a simple boolean.
@mkllnk
Leverage Rails' caching when checking for admin
5db8cb4 
The privileges of a user should never change within a request
life cycle. The `spree_roles` association is very small, between 0 and 2
items are quickly searched in memory without the need of additional
database queries.

From memory, I've seen a lot of spree_roles queries in log files per
request. This should reduce it to one.
@mkllnk mkllnk added the user facing changes Thes pull requests affect the user experience label Dec 18, 2024
@mkllnk mkllnk self-assigned this Dec 18, 2024
@mkllnk mkllnk marked this pull request as ready for review December 18, 2024 23:39
dacook
dacook approved these changes Jan 2, 2025
View reviewed changes
Copy link
Member

@dacook dacook left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, thanks for tidying this up! I've often wondered how much of the roles system we actually need, and you've demonstrated the answer: none!

I guess the reason we've never needed the roles system is because user permissions are based on their enterprise and enterprise permissions.

I can imagine perhaps one day we would want a lesser "admin" role (eg a customer support role that doesn't need to update instance config), but.. if we ever need that we can build it as needed.

Shall we replace Spree::Role.admin with an admin flag on the user?

So my answer is yes; you've already brought us halfway there 👍

app/models/spree/user.rb
@@ -60,7 +60,7 @@ def self.admin_created?

# Checks whether the specified user is a superadmin, with full control of the instance
def admin?
spree_roles.where(name: "admin").any?
spree_roles.any? { |role| role.name == "admin" }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good solution. I would have simply reached for elvis (@admin ||= ), but this is no more queries, and ensures that if the roles are updated during a request, we get the up-to-date value.

rioug
rioug approved these changes Jan 5, 2025
View reviewed changes
Copy link
Collaborator

@rioug rioug left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice cleanup 🧹

Shall we replace Spree::Role.admin with an admin flag on the user?

Yes we should, there is no point keeping extra complexity just in the off chance we might need it later.

@filipefurtad0 filipefurtad0 self-assigned this Jan 16, 2025
@filipefurtad0 filipefurtad0 added the pr-staged-au staging.openfoodnetwork.org.au label Jan 16, 2025
@filipefurtad0
Copy link
Contributor

Hey @mkllnk,

Thanks for the test case outline; I've went through these, and added a few:

  • Signed up as new (regular) user
    -> Verified that the user does not have admin nor super-admin access
  • Registered the user as an enterprise manager
    -> Verified that the user does has admin but not super-admin access
  • Made the user super admin
    -> Verified that the user has both admin and super-admin access
  • Remove super-admin flag from the user
    -> Verified that the user does has admin but not super-admin access

Created a new admin user via super admin (via /admin/users/new). Repeated the tests above.

All greens 🟢

Awesome! Merging.

@filipefurtad0 filipefurtad0 removed the pr-staged-au staging.openfoodnetwork.org.au label Jan 17, 2025
@filipefurtad0 filipefurtad0 merged commit 3c1dd10 into openfoodfoundation:master Jan 17, 2025
56 checks passed
@filipefurtad0
Copy link
Contributor

A quick check on this one: is it really a user-facing change? Sounds like more of a technical change. Can you confirm @mkllnk ?

@mkllnk mkllnk deleted the spree-roles branch January 21, 2025 00:06
@mkllnk
Copy link
Member Author

mkllnk commented Jan 21, 2025

is it really a user-facing change?

The change is only visible to super-admin. You see only one option for the role there. So I guess that we don't call that a user-facing change, you are right.

@mkllnk mkllnk added technical changes only These pull requests do not contain user facing changes and are grouped in release notes and removed user facing changes Thes pull requests affect the user experience labels Jan 21, 2025
@filipefurtad0
Copy link
Contributor

The change is only visible to super-admin.

Ah, got it. It was not clear to me, that this PR had any impact on the UI. Thanks!

@mkllnk mkllnk mentioned this pull request Jan 22, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dacook dacook dacook approved these changes

@rioug rioug rioug approved these changes

Assignees

@mkllnk mkllnk

@filipefurtad0 filipefurtad0

Labels
technical changes only These pull requests do not contain user facing changes and are grouped in release notes
Projects
OFN Delivery board
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mkllnk @filipefurtad0 @dacook @rioug