Merge permissions

seek4science · Nov 24, 2023 · 1daacd7 · 1daacd7
1 parent a34e8c0
commit 1daacd7
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 0 deletions.
diff --git a/lib/seek/merging/person_merge.rb b/lib/seek/merging/person_merge.rb
@@ -9,6 +9,7 @@ def merge(other_person)
         merge_associations(group_memberships, other_person.group_memberships, 'work_group_id')
         merge_associations(subscriptions, other_person.subscriptions, 'subscribable_id')
         merge_resources(other_person)
+        merge_permissions(other_person)
         Person.transaction do
           save!
           other_person.destroy
@@ -84,6 +85,14 @@ def merge_resources(other_person)
         other_person.reload
       end
 
+      def merge_permissions(other_person)
+        permissions_other = Permission.where(contributor_type: "Person", contributor_id: other_person.id)
+        permissions_slef = Permission.where(contributor_type: "Person", contributor_id: id)
+        duplicated = permissions_other.pluck(:policy_id) & permissions_slef.pluck(:policy_id)
+        permissions_other.where(policy_id: duplicated).destroy_all
+        permissions_other.update_all(contributor_id: id)
+      end
+
     end
   end
 end
diff --git a/test/unit/person_test.rb b/test/unit/person_test.rb
@@ -1541,6 +1541,44 @@ def test_updated_not_changed_when_adding_notifiee_info
     assert_equal resource_types - types_without_creators.length, person_to_keep.created_items.length
   end
 
+  test 'merge permissions without duplication' do
+    person_to_keep = FactoryBot.create(:person)
+    other_person = FactoryBot.create(:person)
+
+    sop_keep = FactoryBot.create(:sop)
+    sop_keep.policy.permissions.build(contributor: person_to_keep, access_type: Policy::MANAGING)
+    sop_keep.policy.save
+    sop_both = FactoryBot.create :sop
+    sop_both.policy.permissions.build(contributor: person_to_keep, access_type: Policy::MANAGING)
+    sop_both.policy.permissions.build(contributor: other_person, access_type: Policy::MANAGING)
+    sop_both.policy.save
+    sop_other = FactoryBot.create :sop
+    sop_other.policy.permissions.build(contributor: other_person, access_type: Policy::MANAGING)
+    sop_other.policy.save
+
+    assert sop_keep.can_manage?(person_to_keep)
+    assert sop_both.can_manage?(person_to_keep)
+    refute sop_other.can_manage?(person_to_keep)
+    refute sop_keep.can_manage?(other_person)
+    assert sop_both.can_manage?(other_person)
+    assert sop_other.can_manage?(other_person)
+
+    disable_authorization_checks { person_to_keep.merge(other_person) }
+    person_to_keep.reload
+    sop_keep.reload
+    sop_both.reload
+    sop_other.reload
+    sop_keep.permission_for = nil
+    sop_both.permission_for = nil
+    sop_other.permission_for = nil
+
+    assert sop_keep.can_manage?(person_to_keep)
+    assert sop_both.can_manage?(person_to_keep)
+    assert sop_other.can_manage?(person_to_keep)
+    assert 1, sop_both.policy.permissions.length
+    assert 3, Permission.where(contributor_type: "Person",contributor_id: person_to_keep.id).length
+  end
+
   test 'other person is destroyed after merge' do
     person_to_keep = FactoryBot.create(:min_person)
     other_person = FactoryBot.create(:max_person)