UI to assign space admins. Update space policy to allow admins to do stuff

Author: fbacall

app/assets/javascripts/templates/autocompleter/user_id.hbs

@@ -0,0 +1,7 @@
+<li data-id="{{ item.id }}">
+    <input type="hidden" name="{{ prefix }}[]" value="{{ item.id }}" />
+    {{ item.name }}
+    <a href="#" class="delete-list-item btn btn-icon">
+        <i class="icon cross-icon icon-sm icon-greyscale"></i>
+    </a>
+</li>

app/controllers/spaces_controller.rb

@@ -76,7 +76,7 @@ def set_space
   end
 
   def space_params
-    permitted = [:title, :description, :theme, :image, :image_url]
+    permitted = [:title, :description, :theme, :image, :image_url, { administrator_ids: [] }]
     permitted += [:host] if current_user.is_admin?
     params.require(:space).permit(*permitted)
   end

app/models/space.rb

@@ -11,6 +11,8 @@ class Space < ApplicationRecord
   has_many :learning_path_topics, dependent: :nullify
   has_many :space_roles, dependent: :destroy
   has_many :space_role_users, through: :space_roles, source: :user, class_name: 'User'
+  has_many :administrator_roles, -> { where(key: :admin) }, class_name: 'SpaceRole'
+  has_many :administrators, through: :administrator_roles, source: :user, class_name: 'User'
 
   has_image(placeholder: TeSS::Config.placeholder['content_provider'])
 
@@ -38,7 +40,7 @@ def default?
     false
   end
 
-  def with_space_role?(role)
+  def users_with_role(role)
     space_role_users.joins(:space_roles).where(space_roles: { key: role })
   end
 end

app/policies/space_policy.rb

@@ -5,7 +5,7 @@ def create?
   end
 
   def edit?
-    @user && (@user.is_owner?(@record) || manage?)
+    @user && (@user.is_owner?(@record) || @user.has_space_role?(@record, :admin) || manage?)
   end
 
   def update?

app/views/spaces/_form.html.erb

@@ -9,6 +9,12 @@
     <%= render partial: 'common/image_form', locals: { form: f } %>
   </div>
 
+  <%= f.autocompleter :administrators, url: users_path, transform_function: 'users', template: 'autocompleter/user_id',
+                      form_field_name: 'space[administrator_ids]',
+                      label_field: :name,
+                      id_field: :id,
+                      existing_items_method: :administrators %>
+
   <div class="form-group">
     <%= f.submit ( f.object.new_record? ? "Register" : "Update") + " space", class: 'btn btn-primary' %>
     <%= link_to t('.cancel', default:  t("helpers.links.cancel")),

config/data/space_roles.yml

@@ -24,7 +24,7 @@ class SpacesControllerTest < ActionController::TestCase
     assert_not_empty assigns(:spaces), 'spaces is empty'
   end
 
-  test 'admin should get index' do
+  test 'site admin should get index' do
     sign_in users(:admin)
     get :index
     assert_response :success
@@ -48,7 +48,16 @@ class SpacesControllerTest < ActionController::TestCase
     assert_select 'a.btn[href=?]', space_path(@space), text: 'Delete', count: 0
   end
 
-  test 'admin should show space' do
+  test 'space admin should show space' do
+    sign_in users(:space_admin)
+    get :show, params: { id: @space }
+    assert_response :success
+    assert assigns(:space)
+    assert_select 'a.btn[href=?]', edit_space_path(@space), count: 1
+    assert_select 'a.btn[href=?]', space_path(@space), text: 'Delete', count: 0
+  end
+
+  test 'site admin should show space' do
     sign_in users(:admin)
     get :show, params: { id: @space }
     assert_response :success
@@ -63,12 +72,18 @@ class SpacesControllerTest < ActionController::TestCase
     assert_redirected_to new_user_session_path
   end
 
-  test 'admin should get new' do
+  test 'site admin should get new' do
     sign_in users(:admin)
-    get :new, params: { content_provider_id: content_providers(:goblet) }
+    get :new
     assert_response :success
   end
 
+  test 'space admin should not get new' do
+    sign_in users(:space_admin)
+    get :new
+    assert_response :forbidden
+  end
+
   # EDIT Tests
   test 'public should not get edit' do
     get :edit, params: { id: @space }
@@ -87,7 +102,19 @@ class SpacesControllerTest < ActionController::TestCase
     assert_response :forbidden
   end
 
-  test 'admin should get edit' do
+  test 'space admin should get edit' do
+    sign_in users(:space_admin)
+    get :edit, params: { id: @space }
+    assert_response :success
+  end
+
+  test 'space admin should not get edit for other space' do
+    sign_in users(:space_admin)
+    get :edit, params: { id: spaces(:other) }
+    assert_response :forbidden
+  end
+
+  test 'site admin should get edit' do
     sign_in users(:admin)
     get :edit, params: { id: @space }
     assert_response :success
@@ -110,7 +137,16 @@ class SpacesControllerTest < ActionController::TestCase
     assert_response :forbidden
   end
 
-  test 'admin can create space' do
+  test 'space admin cannot create new space' do
+    sign_in users(:space_admin)
+    refute_permitted SpacePolicy, @space.user, :create?, Space
+    assert_no_difference 'Space.count' do
+      post :create, params: @space_params
+    end
+    assert_response :forbidden
+  end
+
+  test 'site admin can create space' do
     sign_in users(:admin)
     assert_difference 'Space.count', 1 do
       post :create, params: @space_params
@@ -138,7 +174,15 @@ class SpacesControllerTest < ActionController::TestCase
     assert_equal 'plants.mytess.training', assigns(:space).host, 'Non-admin user should not be able to modify host'
   end
 
-  test 'admin should update space' do
+  test 'space admin should update owned space' do
+    sign_in users(:space_admin)
+    patch :update, params: { id: @space, space: { title: 'New Title', host: 'newhost.mytess.golf' } }
+    assert_redirected_to space_path(assigns(:space))
+    assert_equal 'New Title', assigns(:space).title
+    assert_equal 'plants.mytess.training', assigns(:space).host, 'Non-admin user should not be able to modify host'
+  end
+
+  test 'site admin should update space' do
     sign_in users(:admin)
     assert_no_difference 'Space.count' do
       patch :update, params: { id: @space, space: { title: 'New Title', host: 'newhost.mytess.golf' } }
@@ -164,12 +208,34 @@ class SpacesControllerTest < ActionController::TestCase
     end
   end
 
-  test 'admin can destroy space' do
+  test 'space admin cannot destroy space' do
+    sign_in users(:space_admin)
+    assert_no_difference 'Space.count' do
+      delete :destroy, params: { id: @space }
+      assert_response :forbidden
+    end
+  end
+
+  test 'site admin can destroy space' do
     sign_in users(:admin)
     assert_difference 'Space.count', -1 do
       post :destroy, params: { id: @space }
       assert_redirected_to spaces_path
       assert_equal 'Space was successfully deleted.', flash[:notice]
     end
   end
+
+  test 'space admin can assign new space admins' do
+    existing_admin = users(:space_admin)
+    sign_in existing_admin
+    new_admin = users(:regular_user)
+    assert_difference('SpaceRole.count', 1) do # space_admin is already an admin, so only increases by 1
+      patch :update, params: { id: @space, space: { title: 'New Title', administrator_ids: [existing_admin.id, new_admin.id] } }
+      assert_redirected_to space_path(assigns(:space))
+    end
+
+    admins = assigns(:space).administrators
+    assert_includes admins, existing_admin
+    assert_includes admins, new_admin
+  end
 end

test/controllers/spaces_controller_test.rb

@@ -0,0 +1,4 @@
+space_admin:
+  key: admin
+  space: plants
+  user: space_admin

test/fixtures/space_roles.yml

@@ -157,3 +157,9 @@ learning_path_curator:
   encrypted_password: 'learning_paths_curator_encrypted_password'
   confirmed_at: <%= Time.zone.now %>
   role: learning_path_curator
+
+space_admin:
+  username: 'plant_boss'
+  email: 'plantboss@example.com'
+  encrypted_password: <%= Devise::Encryptor.digest(User, 'plantsrule') %>
+  confirmed_at: <%= Time.zone.now %>

test/fixtures/users.yml

@@ -17,17 +17,21 @@ class SpaceRoleTest < ActiveSupport::TestCase
   test 'can retrieve list of users with a given role in a space' do
     user = users(:regular_user)
     another_user = users(:another_regular_user)
+    existing_admin = users(:space_admin)
+    assert_equal [existing_admin], @space.users_with_role(:admin).to_a
+
     @space.space_roles.create!(user: user, key: :admin)
     @space.space_roles.create!(user: another_user, key: :admin)
 
-    admins = @space.with_space_role?(:admin)
-    assert_equal 2, admins.length
+    admins = @space.users_with_role(:admin)
+    assert_equal 3, admins.length
     assert_includes admins, user
     assert_includes admins, another_user
+    assert_includes admins, existing_admin
 
-    assert_equal 2, @space.with_space_role?('admin').length
+    assert_equal 3, @space.users_with_role('admin').length
 
-    assert_empty @space.with_space_role?(:badmin)
+    assert_empty @space.users_with_role(:badmin)
   end
 
   test 'can check if a user has a given role in a space' do

test/models/space_role_test.rb

@@ -0,0 +1,34 @@
+require 'test_helper'
+
+class SpaceTest < ActiveSupport::TestCase
+  setup do
+    @space = spaces(:plants)
+  end
+
+  test 'get administrators' do
+    admins = @space.administrators
+    assert_equal 1, admins.length
+    assert_includes admins, users(:space_admin)
+  end
+
+  test 'set administrators' do
+    user = users(:regular_user)
+    another_user = users(:another_regular_user)
+
+    assert_difference('SpaceRole.count', 1) do
+      @space.administrators = [user, another_user]
+    end
+
+    admins = @space.administrators
+    assert_equal 2, admins.length
+    assert_includes admins, user
+    assert_includes admins, another_user
+    assert_not_includes admins, users(:space_admin)
+
+    assert_difference('SpaceRole.count', -2) do
+      @space.administrators = []
+    end
+
+    assert_empty @space.administrators
+  end
+end