4819 manage super user roles #5047
Conversation
… that are part of the org
…te sub directory, updated tests for organization path visited by super admin to only expect edit button for users
…as the ones making the request, updated tests for when super admins are logged in to run on both normal and super admin users
…wn for org admins is being used
…ers, added remove role system test
|
This is one of those cases where you don't see the flaws until you actually see what you asked for.... The "promote to admin" on the super doesn't make a lot of sense -- I guess they're a user and a superuser. But we only show the top. Let me think about this/ discuss it with the planning group and possibly the stakeholders. I think we either should be showing all the roles, or only the top one that is linked to the organization. I'm leaning toward the latter. FTR, this is very much an edge case -- but I want to talk about it with the core team so we can go "ok, this is what is most likely to make sense if we ever add new roles". |
|
The planning group discussed this and settled on showing only the top role that is associated with the organization. |
…t only consider user vs admin roles of the org
Alright, I pushed a commit so only the user's top role in their org will be shown. Let me know if there are any other changes to be made. |
|
"Lastly, this PR updates _organization_user.html.erb so that super admins will always be shown an 'edit' button that takes them to the super admin facing user edit page for the sake of consistency. Previously super admins were shown this edit button in place of the 'promote user' button, but still were shown the 'demote user' button." I'm not sure I agree with this -- the principle being that if someone is signed in as an org_admin on the bank, they should be seeing what the org_admin on the bank sees -- they are wearing that 'hat' at the moment (it sounds like what we had before was not right, either g) . |
Ah, apologies. I misinterpreted this comment as meaning that super admins should still use the super admin specific interface. Will work on changing this and updating the tests. |
|
Yeah - that was superadmins as superadmins. |
|
I'm aware of the failing test and working through addressing it. |
…super admin interface does make use of the organization controller's post actions, it doesn't use the show action
… be told whether the current user is a super admin or not for the sake of clarity
| <td><%= user.current_sign_in_at&.strftime('%Y/%m/%d') %></td> | ||
| <td><%= user.invitation_status %></td> | ||
| <td nowrap><%= reinvite_user_link(user) %></td> | ||
| <td> | ||
| <% unless user.has_cached_role?(Role::SUPER_ADMIN) || user.has_cached_role?(Role::ORG_ADMIN, current_organization) %> | ||
| <% unless user.has_role?(Role::ORG_ADMIN, current_organization) %> |
There was a problem hiding this comment.
Can we do user.has_cached_role? here?
Resolves #4819
Description
This PR updates
app/views/users/_organization_user.html.erbto show organization admins options to promote and demote other members of the organization, regardless of whether those other members are super admins. TheOrganizationsControllerand role services were already set up to allow an org admin to promote or demote super admins, so this was the only necessary change.This PR also updates
app/views/admin/users/_roles.html.erbto avoid encountering aNoMethodErrorwhen attempting to edit a super admin. Again, theAdmin::UsersControllerand role services correctly handled a super admin managing the org roles of another super admin.Lastly, this PR updates
_organization_user.html.erbso that super admins will always be shown an 'edit' button that takes them to the super admin facing user edit page for the sake of consistency. Previously super admins were shown this edit button in place of the 'promote user' button, but still were shown the 'demote user' button.Regarding the potential connection to the issue #4503, while a PR for 4503 might end up modifying some of the same files, resolving issue 4819 doesn't seem to rely on resolving 4503 and vice versa. As such, this PR will made while I am still working on 4503.
Type of change
How Has This Been Tested?
This was manually tested as an org admin and a super admin, verifying that both were able to manage the org roles of both normal users and super admins.
Tests were added to
spec/requests/organization_requests_spec.rbto verify the promote user, demote user, and remove user actions provided by theOrganizationsControllerworked on users and super admins. A check that was erroneously aimed at a path handled by theAdmin::OrganizationsControllerwas also moved to the more appropriatespec/requests/admin/organizations_requests_spec.rb.Tests were added to
spec/requests/admin/users_requests_spec.rbto verify that the add role and remove role actions provided by theAdmin::UsersControllerworked on users and super admins, as this is the interface super admins would use to manage org roles.Tests were added to
spec/system/organization_system_spec.rbandspec/system/admin/users_system_spec.rbto verify that the whole process of visiting these forms and using them to add or remove roles worked.Screenshots
The old org user list, as viewed by an org admin
The new org user list, as viewed by an org admin
The old org user list, as viewed by a super admin
The new org user list, as viewed by a super admin