[3260] Add feature to manage partner users for a Partner as a Organization/Bank #3266
Conversation
|
@edwinthinks pushed the change - this is really just using plain old Rails forms. Everything seems to work fine. Not sure why the revoking logic doesn't work right now but this has to be rebased/merged off main anyway. |
Conflicts: Gemfile.lock app/controllers/partners_controller.rb app/views/partners/show.html.erb
|
I merged in main and fixed conflicts. |
…r-management Conflicts: db/seeds.rb
|
@cielf fixed this up, it should be good to test out! |
|
Finally! I'm not going to try to get it in for this weekend -- it's already pretty meaty -- but I will kick the tires. |
There was a problem hiding this comment.
Not a complete review -- a couple of phrasing suggestions , then -- I ran into a 500 error...
How I got that:
bin/setup
bin/start
sign in as org_admin1
Partner Agencies | All Partners
choose Pawnee Parent Service
Users
In "invite user" fill in Name: User 1, email [email protected]
(that's the user with org_user status in the seed)
I got an Argument Error "nil can't be converted to a Time value" at line 45 in app/views/partner_users/_users.html.erb
It does send the email -- it's just failing on displaying?
I also want to check with the stakeholder circle on whether org_user level folk should have access to this . I know that's what it says on the issue -- but I'm not sure the question was asked.
| }.to change { partner_user.roles.count }.from(1).to(0) | ||
|
|
||
| expect(response).to redirect_to(root_path) | ||
| expect(flash[:notice]).to eq("Access to #{partner_user.name} has been revoked.") |
There was a problem hiding this comment.
Wording change, This should be more like "#{partner_user.name}'s access has been revoked."
That form handles 99% of the cases for possessives, and may be "good enough". There is a possessive gem -- it's fairly old, but the rules don't change [I haven't looked into it in detail]
Alternatively, we could say "Access to # {partner.name} has been revoked for #{partner_user.name}"
However -- We should be using the display name in the same manner as we have in the superadmin interface (displaying the email if the name is not given) -- There are a lot of partners whose names we do not have.
app/views/partners/show.html.erb
Outdated
| @@ -34,6 +34,12 @@ | |||
| <h2 class="card-title">Partner Actions</h2> | |||
| </div> | |||
| <div class="card-body p-3"> | |||
| <%= link_to partner_users_path(@partner) do %> | |||
| <div class="btn btn-app bg-success"> | |||
| <i class="fas fa-users"></i> Users | |||
There was a problem hiding this comment.
Please change this to "Manage Users" to follow the same form for the other actions on the page.
|
@dorner From tonight's stakeholder meeting -- can we please limit access to this to org_admins ? Thanks. |
# Conflicts: # config/locales/en.yml
|
The bug you found was because you were inviting a user that already existed in the system - and that user doesn't have an |
|
Addressed other feedback! |
Probably -- we should address that in the seed (I'm making a note for a new issue around that), and I'll test the appropriate case with a newly invited user. |
|
@cielf fixed! |
|
The status on this is waiting for @awwaiid to take a look at it then. |
| @@ -129,18 +129,6 @@ def invite | |||
| end | |||
| end | |||
|
|
|||
| def invite_partner_user | |||
There was a problem hiding this comment.
This is still referenced from config/routes.rb, but nothing submits to it, so not an immediate blocker
There was a problem hiding this comment.
I created #4459 to address
| # frozen_String_literal: true | ||
|
|
||
| class PartnerUsersController < ApplicationController | ||
| before_action :set_partner, only: %i[index create destroy resend_invitation] |
There was a problem hiding this comment.
We only link to this controller from bank admins, but we don't here restrict access to only admins. I'll open a separate ticket to address this minor security flaw.
|
@edwinthinks: Your PR |
Resolves #3260
Description
This PR adds a page to manage the users for a partner as an organization. This uses the roles!
A few additional things to change in an upcoming PR:
Partner::UsersControllerwhich we can deprecate in favor of using common code.Type of change
How Has This Been Tested?
Tested locally. Still need to add specs.
Screenshots
See for quick recording - https://jam.dev/c/9c61fa7a-ba15-415e-8568-aabd3e4171e3