Skip to content

Users emulating SysAdmins should be able to approve requests #2024

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Users emulating SysAdmins should be able to approve requests #2024

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c8c90e2
Users emulating SysAdmins should be able to approve requests
JaymeeH Oct 13, 2025
59030f2
Adding tests to actor grant and revoke services
JaymeeH Oct 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions app/controllers/application_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,10 +77,18 @@ def session_error_handler
@retry_count < 3 # If the session is expired we should not have to retry more than once, but let's have a little wiggle room
end

# rubocop:disable Metrics/AbcSize
# rubocop:disable Metrics/CyclomaticComplexity
# rubocop:disable Metrics/PerceivedComplexity
# rubocop:disable Metrics/MethodLength
def emulate_user
return if Rails.env.production?
return if current_user.blank? || !current_user.trainer

if session[:emulation_role] != "System Administrator"
revoke_request if grant_request
end

if session[:emulation_role]
if session[:emulation_role] == "Eligible Data Sponsor"
emulate_sponsor
Expand All @@ -95,6 +103,10 @@ def emulate_user
end
end
end
# rubocop:enable Metrics/AbcSize
# rubocop:enable Metrics/CyclomaticComplexity
# rubocop:enable Metrics/PerceivedComplexity
# rubocop:enable Metrics/MethodLength

def emulate_sponsor
current_user.eligible_sponsor = true
Expand All @@ -112,6 +124,7 @@ def emulate_sysadmin
current_user.sysadmin = true
current_user.eligible_manager = false
current_user.eligible_sponsor = false
grant_request
end

def emulate_data_user
Expand All @@ -127,6 +140,22 @@ def return_to_self
current_user.sysadmin = false
end

def grant_request
@granted ||= true
grant_role_request = Mediaflux::ActorGrantRoleRequest.new(session_token: SystemUser.mediaflux_session, user: current_user, type: "user", role: "pu-lib:developer")
grant_role_request.resolve
raise grant_role_request.response_error[:message] if grant_role_request.error?
@granted
end

def revoke_request
revoke_role_request = Mediaflux::ActorRevokeRoleRequest.new(session_token: SystemUser.mediaflux_session, user: current_user, type: "user", role: "pu-lib:developer")
revoke_role_request.resolve
@granted = false
raise revoke_role_request.response_error[:message] if revoke_role_request.error?
@granted
end

def downtime_check
if Flipflop.disable_login?
if current_user.eligible_sysadmin?
Expand Down
44 changes: 44 additions & 0 deletions app/models/mediaflux/actor_grant_role_request.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# frozen_string_literal: true
module Mediaflux
class ActorGrantRoleRequest < Request
# Constructor
# @param session_token [String] the API token for the authenticated session
def initialize(session_token:, user:, type:, role:)
super(session_token: session_token)
@user = user
@type = type
@uid = user.uid

@user_name = "princeton:#{@uid}"
@role_name = role
end

# Specifies the Mediaflux service to use
# @return [String]
def self.service
"actor.grant"
# "actor.grant :type user :name princeton:[netid]] :role -type role pu-lib:developer"
end

def roles
xml_roles = response_xml.xpath("/response/reply/result")
xml_roles.map(&:text).sort
end

private

#
def build_http_request_body(name:)
super do |xml|
xml.args do
xml.type @type # e.g. :type user
xml.name @user_name # e.g. princeton:jsmith
xml.role @role do # e.g. :role
xml.parent.set_attribute("type", "role") # e.g. -type role
xml.text(@role_name) # e.g. pu-lib:developer
end
end
end
end
end
end
44 changes: 44 additions & 0 deletions app/models/mediaflux/actor_revoke_role_request.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# frozen_string_literal: true
module Mediaflux
class ActorRevokeRoleRequest < Request
# Constructor
# @param session_token [String] the API token for the authenticated session
def initialize(session_token:, user:, type:, role:)
super(session_token: session_token)
@user = user
@type = type
@uid = user.uid

@user_name = "princeton:#{@uid}"
@role_name = role
end

# Specifies the Mediaflux service to use
# @return [String]
def self.service
"actor.revoke"
# "actor.revoke :type user :name princeton:[netid]] :role -type role pu-lib:developer"
end

def roles
xml_roles = response_xml.xpath("/response/reply/result")
xml_roles.map(&:text).sort
end

private

#
def build_http_request_body(name:)
super do |xml|
xml.args do
xml.type @type # e.g. :type user
xml.name @user_name # e.g. princeton:jsmith
xml.role @role do # e.g. :role
xml.parent.set_attribute("type", "role") # e.g. -type role
xml.text(@role_name) # e.g. pu-lib:developer
end
end
end
end
end
end
2 changes: 1 addition & 1 deletion spec/controllers/dashboard_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
end

context "when a user is logged in", connect_to_mediaflux: true do
let(:user) { FactoryBot.create :user, mediaflux_session: SystemUser.mediaflux_session }
let(:user) { FactoryBot.create :user, uid: "tigerdatatester", mediaflux_session: SystemUser.mediaflux_session }
before do
sign_in user
end
Expand Down
16 changes: 16 additions & 0 deletions spec/models/mediaflux/actor_grant_role_request.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# frozen_string_literal: true
require "rails_helper"

RSpec.describe Mediaflux::ActorGrantRoleRequest, connect_to_mediaflux: true, type: :model do
let(:user) { FactoryBot.create(:user, uid: "tigerdatatester", mediaflux_session: SystemUser.mediaflux_session) }

describe "#resolve" do
it "Adds a user to the pu-lib:developer group", :integration do
grant_role_request = described_class.new(session_token: user.mediaflux_session, type: "user", user: user, role: "pu-lib:developer")
grant_role_request.resolve

expect(grant_role_request.error?).to be false
expect(grant_role_request.roles).to eq [""]
end
end
end
16 changes: 16 additions & 0 deletions spec/models/mediaflux/actor_revoke_role_request.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# frozen_string_literal: true
require "rails_helper"

RSpec.describe Mediaflux::ActorRevokeRoleRequest, connect_to_mediaflux: true, type: :model do
let(:user) { FactoryBot.create(:user, uid: "tigerdatatester", mediaflux_session: SystemUser.mediaflux_session) }

describe "#resolve" do
it "Removes a user from the pu-lib:developer group", :integration do
revoke_role_request = described_class.new(session_token: user.mediaflux_session, type: "user", user: user, role: "pu-lib:developer")
revoke_role_request.resolve

expect(revoke_role_request.error?).to be false
expect(revoke_role_request.roles).to eq [""]
end
end
end
2 changes: 1 addition & 1 deletion spec/system/dashboard_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
end

context "authenticated user" do
let(:current_user) { FactoryBot.create(:user, uid: "pul123", mediaflux_session: SystemUser.mediaflux_session) }
let(:current_user) { FactoryBot.create(:user, uid: "tigerdatatester", mediaflux_session: SystemUser.mediaflux_session) }
let(:admin_user) { FactoryBot.create(:sysadmin, uid: "admin123") }
let(:other_user) { FactoryBot.create(:user, uid: "zz123") }
let(:no_projects_user) { FactoryBot.create(:user, uid: "qw999") }
Expand Down
2 changes: 1 addition & 1 deletion spec/system/emulator_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
require "rails_helper"

describe "Website banner", type: :system, connect_to_mediaflux: true, js: true do
let(:current_user) { FactoryBot.create(:trainer, uid: "pul123") }
let(:current_user) { FactoryBot.create(:trainer, uid: "tigerdatatester") }
it "has the banner on the homepage" do
sign_in current_user
visit "/"
Expand Down
2 changes: 1 addition & 1 deletion spec/system/users_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
require "rails_helper"

describe "Current Users page", type: :system, connect_to_mediaflux: false, js: true do
let(:current_user) { FactoryBot.create(:user, uid: "pul123") }
let(:current_user) { FactoryBot.create(:user, uid: "tigerdatatester") }
let(:sponsor_user) { FactoryBot.create(:project_sponsor, uid: "pul456", mediaflux_session: SystemUser.mediaflux_session) }
let(:sysadmin_user) { FactoryBot.create(:sysadmin, uid: "puladmin", mediaflux_session: SystemUser.mediaflux_session) }
let(:developer) { FactoryBot.create(:developer, uid: "root", mediaflux_session: SystemUser.mediaflux_session) }
Expand Down