kotovalexarian
/
lpr-partynest
Archived
1
0
Fork 0
Code

Remove guest accounts

This commit is contained in:
Alex Kotov 2019-09-01 16:27:18 +05:00
parent dc8e9933b5
commit 464c2e1bea
Signed by: kotovalexarian
GPG Key ID: 553C0EBBEB5D5F08
38 changed files with 29 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/controllers/application_controller.rb
View File

@ -6,7 +6,6 @@ class ApplicationController < ActionController::Base
protect_from_forgery with: :exception, prepend: true, unless: :json_request?
before_action :set_raven_context
# before_action :sign_in_guest_account
after_action :verify_authorized, except: :index
after_action :verify_policy_scoped, only: :index
@ -20,7 +19,6 @@ private
def current_account
@current_account ||= current_user&.account
# @current_account ||= Account.guests.find_by id: session[:guest_account_id]
end
alias pundit_user current_account
@ -34,14 +32,6 @@ private
Raven.extra_context params: params.to_unsafe_h, url: request.url
end
# def sign_in_guest_account
# return if current_account || params[:guest_token].blank?
# account = Account.guests.find_by! guest_token: params[:guest_token]
# remember_if_guest_account account
# redirect_to request.original_url
# end
def json_request?
request.format.json?
end
@ -69,8 +59,4 @@ private
format.json { render status: :method_not_allowed, json: {} }
end
end
# def remember_if_guest_account(account)
# session[:guest_account_id] = account.id if account.guest?
# end
end

4
app/controllers/users/sessions_controller.rb
View File

@ -21,10 +21,6 @@ class Users::SessionsController < Devise::SessionsController
def destroy
authorize %i[users session]
super
# super do
# set_flash_message! :notice, :signed_out if current_account&.guest?
# session[:guest_account_id] = nil
# end
end
protected

16
app/models/account.rb
View File

@ -3,12 +3,6 @@
class Account < ApplicationRecord
NICKNAME_RE = /\A[a-z][a-z0-9]*(_[a-z0-9]+)*\z/.freeze
##########
# Scopes #
##########
scope :guests, -> { includes(:user).where(users: { id: nil }) }
################
# Associations #
################
@ -34,8 +28,6 @@ class Account < ApplicationRecord
before_validation :turn_blanks_into_nils
before_validation :strip_extra_spaces
before_create :generate_guest_token
###############
# Validations #
###############
@ -66,10 +58,6 @@ class Account < ApplicationRecord
nickname
end
def guest?
user.nil?
end
def can_access_sidekiq_web_interface?
superuser?
end
@ -92,10 +80,6 @@ private
self.nickname ||= "noname_#{SecureRandom.hex(8)}"
end
def generate_guest_token
self.guest_token ||= SecureRandom.hex
end
def turn_blanks_into_nils
self.public_name = nil if public_name.blank?
self.biography = nil if biography.blank?

2
app/policies/settings/profile_policy.rb
View File

@ -2,7 +2,7 @@
class Settings::ProfilePolicy < ApplicationPolicy
def update?
account && !account.guest?
!!account
end
def permitted_attributes_for_update

1
config/application.rb
View File

@ -25,7 +25,6 @@ module Partynest
FILTER_PARAMS = %i[
api_token
confirmation_token
guest_token
password
password_confirmation
reset_password_token

16
db/migrate/20181129203927_initial_migration.rb
View File

@ -40,15 +40,6 @@ private
end
def change_functions
func :is_guest_token, <<~SQL
(str text) RETURNS boolean IMMUTABLE LANGUAGE plpgsql AS
$$
BEGIN
RETURN str ~ '^[0-9a-f]{32}$';
END;
$$;
SQL
func :is_nickname, <<~SQL
(str text) RETURNS boolean IMMUTABLE LANGUAGE plpgsql AS
$$
@ -260,8 +251,7 @@ private
create_table :accounts do |t|
t.timestamps null: false
t.string :guest_token, null: false, index: { unique: true }
t.string :nickname, null: false, index: { unique: true }
t.string :nickname, null: false, index: { unique: true }
t.string :public_name
t.text :biography
@ -421,10 +411,6 @@ private
regional_secretary_flag IS NULL OR role = 'regional_manager'
SQL
constraint :accounts, :guest_token, <<~SQL
is_guest_token(guest_token)
SQL
constraint :accounts, :nickname, <<~SQL
is_nickname(nickname)
SQL

22
db/structure.sql
View File

@ -226,19 +226,6 @@ END;
$_$;
--
-- Name: is_guest_token(text); Type: FUNCTION; Schema: public; Owner: -
--
CREATE FUNCTION public.is_guest_token(str text) RETURNS boolean
LANGUAGE plpgsql IMMUTABLE
AS $_$
BEGIN
RETURN str ~ '^[0-9a-f]{32}$';
END;
$_$;
--
-- Name: is_nickname(text); Type: FUNCTION; Schema: public; Owner: -
--
@ -265,7 +252,6 @@ CREATE TABLE public.accounts (
id bigint NOT NULL,
created_at timestamp(6) without time zone NOT NULL,
updated_at timestamp(6) without time zone NOT NULL,
guest_token character varying NOT NULL,
nickname character varying NOT NULL,
public_name character varying,
biography text,
@ -273,7 +259,6 @@ CREATE TABLE public.accounts (
person_id bigint,
contact_list_id bigint NOT NULL,
CONSTRAINT biography CHECK (((biography IS NULL) OR public.is_good_big_text(biography))),
CONSTRAINT guest_token CHECK (public.is_guest_token((guest_token)::text)),
CONSTRAINT nickname CHECK (public.is_nickname((nickname)::text)),
CONSTRAINT public_name CHECK (((public_name IS NULL) OR public.is_good_small_text((public_name)::text)))
);
@ -1057,13 +1042,6 @@ ALTER TABLE ONLY public.users
CREATE UNIQUE INDEX index_accounts_on_contact_list_id ON public.accounts USING btree (contact_list_id);
--
-- Name: index_accounts_on_guest_token; Type: INDEX; Schema: public; Owner: -
--
CREATE UNIQUE INDEX index_accounts_on_guest_token ON public.accounts USING btree (guest_token);
--
-- Name: index_accounts_on_nickname; Type: INDEX; Schema: public; Owner: -
--

4
factories/accounts.rb
View File

@ -1,12 +1,12 @@
# frozen_string_literal: true
FactoryBot.define do
factory :guest_account, class: Account do
factory :initial_account, class: Account do
public_name { Faker::Name.name }
biography { Faker::Lorem.paragraph }
end
factory :usual_account, parent: :guest_account do
factory :usual_account, parent: :initial_account do
association :user
end

2
factories/users.rb
View File

@ -2,7 +2,7 @@
FactoryBot.define do
factory :user do
association :account, factory: :guest_account
association :account, factory: :initial_account
email { Faker::Internet.email }
password { Faker::Internet.password }

5
features/desktop/main_page.feature
View File

@ -3,11 +3,6 @@ Feature: Main page
When I visit the main page
Then I see the main page
Scenario: as a guest account
Given I am signed in as guest
When I visit the main page
Then I see the main page
Scenario: as a usual account
Given I am signed in with email "user@example.com"
When I visit the main page

5
features/desktop/sign_out.feature
View File

@ -1,9 +1,4 @@
Feature: Sign out
# Scenario: as a guest account
# Given I am signed in as guest
# When I try to sign out
# Then I am successfully signed out
Scenario: as a usual account
Given I am signed in with email "user@example.com"
When I try to sign out

5
features/step_definitions/user.rb
View File

@ -4,11 +4,6 @@ Given 'a user with email {string} and password {string}' do |email, password|
create :user, email: email, password: password
end
Given 'I am signed in as guest' do
@account = create :guest_account
visit root_path guest_token: @account.guest_token
end
Given 'I am signed in as superuser' do
@account = create :superuser_account

7
spec/models/account_spec.rb
View File

@ -5,8 +5,6 @@ require 'rails_helper'
RSpec.describe Account do
subject { create :personal_account }
pending '.guests'
pending '#guest?'
pending '#can_access_sidekiq_web_interface?'
describe '#to_param' do
@ -178,11 +176,6 @@ RSpec.describe Account do
let(:regional_office) { create :regional_office }
context 'for guest account' do
subject { create :guest_account }
specify { expect(result).to equal false }
end
context 'for usual account' do
subject { create :usual_account }
specify { expect(result).to equal false }

2
spec/policies/account_policy_spec.rb
View File

@ -7,7 +7,7 @@ RSpec.describe AccountPolicy do
let!(:record) { create :personal_account }
for_account_types nil, :guest, :usual, :superuser do
for_account_types nil, :usual, :superuser do
it { is_expected.to permit_action :show }
it { is_expected.to forbid_action :index }

2
spec/policies/application_policy_spec.rb
View File

@ -7,7 +7,7 @@ RSpec.describe ApplicationPolicy do
let(:record) { nil }
for_account_types nil, :guest, :usual, :superuser do
for_account_types nil, :usual, :superuser do
it do
is_expected.to \
forbid_actions %i[index show new create edit update destroy]

2
spec/policies/federal_subject_policy_spec.rb
View File

@ -14,7 +14,7 @@ RSpec.describe FederalSubjectPolicy do
before { create_list :federal_subject, 3 }
for_account_types nil, :guest, :usual, :superuser do
for_account_types nil, :usual, :superuser do
it { is_expected.to permit_actions %i[index show] }
it { is_expected.to forbid_new_and_create_actions }
it { is_expected.to forbid_edit_and_update_actions }

2
spec/requests/accounts/show_spec.rb
View File

@ -10,7 +10,7 @@ RSpec.describe 'GET /accounts/:nickname' do
get "/accounts/#{account_record.nickname}"
end
for_account_types nil, :guest, :usual, :superuser do
for_account_types nil, :usual, :superuser do
specify do
expect(response).to have_http_status :ok
end

2
spec/requests/country_states/index_spec.rb
View File

@ -11,7 +11,7 @@ RSpec.describe 'GET /federal_subjects' do
get '/federal_subjects'
end
for_account_types nil, :guest, :usual, :superuser do
for_account_types nil, :usual, :superuser do
specify do
expect(response).to have_http_status :ok
end

2
spec/requests/country_states/show_spec.rb
View File

@ -10,7 +10,7 @@ RSpec.describe 'GET /federal_subjects/:id' do
get "/federal_subjects/#{federal_subject.number}"
end
for_account_types nil, :guest, :usual, :superuser do
for_account_types nil, :usual, :superuser do
specify do
expect(response).to have_http_status :ok
end

2
spec/requests/federal_subjects/index_spec.rb
View File

@ -11,7 +11,7 @@ RSpec.describe 'GET /federal_subjects' do
get '/federal_subjects'
end
for_account_types nil, :guest, :usual, :superuser do
for_account_types nil, :usual, :superuser do
specify do
expect(response).to have_http_status :ok
end

2
spec/requests/federal_subjects/show_spec.rb
View File

@ -11,7 +11,7 @@ RSpec.describe 'GET /federal_subjects/:number' do
get "/federal_subjects/#{federal_subject.number}"
end
for_account_types nil, :guest, :usual, :superuser do
for_account_types nil, :usual, :superuser do
specify do
expect(response).to have_http_status :ok
end

2
spec/requests/root_spec.rb
View File

@ -12,7 +12,7 @@ RSpec.describe 'GET /' do
make_request
end
for_account_types nil, :guest, :usual, :superuser do
for_account_types nil, :usual, :superuser do
specify do
expect(response).to have_http_status :ok
end

6
spec/requests/settings/profile/edit_spec.rb
View File

@ -14,12 +14,6 @@ RSpec.describe 'GET /settings/profile/edit' do
end
end
xfor_account_types :guest do
specify do
expect(response).to have_http_status :ok
end
end
for_account_types :usual, :superuser do
specify do
expect(response).to have_http_status :ok

2
spec/requests/settings/profile/update_spec.rb
View File

@ -21,7 +21,7 @@ RSpec.describe 'PATCH/PUT /settings/profile' do
patch '/settings/profile', params: { account: account_attributes }
end
for_account_types nil, :guest do
for_account_types nil do
before { make_request }
specify do

3
spec/requests/staff/accounts/index_spec.rb
View File

@ -6,7 +6,6 @@ RSpec.describe 'GET /staff/accounts' do
before do
sign_in current_account.user if current_account&.user
create :guest_account
create :usual_account
create :personal_account
create :superuser_account
@ -14,7 +13,7 @@ RSpec.describe 'GET /staff/accounts' do
get '/staff/accounts'
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/accounts/show_spec.rb
View File

@ -15,7 +15,7 @@ RSpec.describe 'GET /staff/accounts/:nickname' do
make_request
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/contact_networks/index_spec.rb
View File

@ -11,7 +11,7 @@ RSpec.describe 'GET /staff/contact_networks' do
get '/staff/contact_networks'
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/people/create_spec.rb
View File

@ -15,7 +15,7 @@ RSpec.describe 'POST /staff/people' do
sign_in current_account.user if current_account&.user
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect { make_request }.not_to change(Person, :count)
end

2
spec/requests/staff/people/index_spec.rb
View File

@ -14,7 +14,7 @@ RSpec.describe 'GET /staff/people' do
get '/staff/people'
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/people/new_spec.rb
View File

@ -9,7 +9,7 @@ RSpec.describe 'GET /staff/people/new' do
get '/staff/people/new'
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/people/passports/index_spec.rb
View File

@ -13,7 +13,7 @@ RSpec.describe 'GET /staff/people/:person_id/passports' do
get "/staff/people/#{person.to_param}/passports"
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/people/person_comments/create_spec.rb
View File

@ -18,7 +18,7 @@ RSpec.describe 'POST /staff/people/:person_id/comments' do
sign_in current_account.user if current_account&.user
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect { make_request }.not_to change(PersonComment, :count)
end

2
spec/requests/staff/people/person_comments/index_spec.rb
View File

@ -14,7 +14,7 @@ RSpec.describe 'GET /staff/people/:person_id/comments' do
get "/staff/people/#{person.to_param}/comments"
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/people/relationships/index_spec.rb
View File

@ -15,7 +15,7 @@ RSpec.describe 'GET /staff/people/:person_id/relationships' do
get "/staff/people/#{person.to_param}/relationships"
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/people/show_spec.rb
View File

@ -15,7 +15,7 @@ RSpec.describe 'GET /staff/people/:id' do
make_request
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/root_spec.rb
View File

@ -12,7 +12,7 @@ RSpec.describe 'GET /staff' do
make_request
end
for_account_types nil, :guest, :usual do
for_account_types nil, :usual do
specify do
expect(response).to have_http_status :forbidden
end

2
spec/requests/staff/sidekiq/show_spec.rb
View File

@ -9,7 +9,7 @@ RSpec.describe 'GET /staff/sidekiq' do
get '/staff/sidekiq'
end
for_account_types nil, :guest do
for_account_types nil do
specify do
expect(response).to redirect_to @new_user_session_url
end

2
spec/requests/users/destroy_spec.rb
View File

@ -11,7 +11,7 @@ RSpec.describe 'DELETE /users' do
sign_in current_account.user if current_account&.user
end
for_account_types nil, :guest do
for_account_types nil do
specify do
expect { make_request }.not_to change(User, :count)
end