Fix current_user usage in management section

In the management section, `current_user` is the user impersonated by the manager. We were deciding whether to show the admin menu depending on the privileges of the current user, but this menu should be shown according to the privileges of the manager who is impersonating the user. We're doing a similar (very subtle) change in the login items. We were rendering the `login_items` partial passing `current_user: user`. However, inside this method, we were using `user_signed_in`, which ignored the `current_user` we were passing. The result was always the same expect in tests where we manually sign in users, but we're changing it anyway in order to reduce confusion.
2023-01-12 15:48:09 +01:00
parent 44e3a393a0
commit cb2aebe2c8
5 changed files with 27 additions and 31 deletions
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -35,34 +35,10 @@ module UsersHelper
    end
  end

-  def current_administrator?
-    current_user&.administrator?
-  end
-
-  def current_moderator?
-    current_user&.moderator?
-  end
-
-  def current_valuator?
-    current_user&.valuator?
-  end
-
-  def current_manager?
-    current_user&.manager?
-  end
-
-  def current_sdg_manager?
-    current_user&.sdg_manager?
-  end
-
-  def current_poll_officer?
-    current_user&.poll_officer?
-  end
-
-  def show_admin_menu?(user = nil)
+  def show_admin_menu?(user)
    unless namespace == "officing"
-      current_administrator? || current_moderator? || current_valuator? || current_manager? ||
-        user&.administrator? || current_poll_officer? || current_sdg_manager?
+      user&.administrator? || user&.moderator? || user&.valuator? ||
+        (user&.manager? && namespace != "management") || user&.poll_officer? || user&.sdg_manager?
    end
  end

--- a/app/views/devise/menu/_login_items.html.erb
+++ b/app/views/devise/menu/_login_items.html.erb
@@ -1,4 +1,4 @@
-<% if user_signed_in? %>
+<% if current_user %>
  <li>
    <%= layout_menu_link_to t("layouts.header.my_activity_link"),
                              user_path(current_user),
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -17,7 +17,7 @@
      <h2 class="inline-block">
        <%= avatar_image(@user, seed: @user.id, size: 60) %>
        <%= @user.name %>
-        <% if current_administrator? %>
+        <% if current_user&.administrator? %>
          <small><%= @user.email %></small>
        <% end %>
      </h2>
--- a/spec/components/layout/admin_header_component_spec.rb
+++ b/spec/components/layout/admin_header_component_spec.rb
@@ -11,7 +11,6 @@ describe Layout::AdminHeaderComponent do
  context "management section", controller: Management::BaseController do
    it "shows the menu for administrators" do
      create(:administrator, user: user)
-      sign_in(user)

      render_inline Layout::AdminHeaderComponent.new(user)

@@ -24,7 +23,6 @@ describe Layout::AdminHeaderComponent do

    it "does not show the menu managers" do
      create(:manager, user: user)
-      sign_in(user)

      render_inline Layout::AdminHeaderComponent.new(user)

--- a/spec/system/management_spec.rb
+++ b/spec/system/management_spec.rb
@@ -0,0 +1,22 @@
+require "rails_helper"
+
+describe "Management" do
+  let(:user) { create(:user) }
+
+  scenario "Does not show the admin menu when managing users having the admin menu" do
+    create(:manager, user: user)
+    create(:moderator, user: create(:user, :in_census, document_number: "12345678M"))
+
+    login_as(user)
+    visit management_sign_in_path
+    click_link "Select user"
+    fill_in "Document number", with: "12345678M"
+    click_button "Check document"
+
+    expect(page).to have_content "This user account is already verified"
+    expect(page).not_to have_content "You don't have new notifications"
+    expect(page).not_to have_content "My content"
+    expect(page).not_to have_content "My account"
+    expect(page).not_to have_content "Sign out"
+  end
+end