1106-staff-deactivation-refactor

app/controllers/organizations/activations_controller.rb

@@ -0,0 +1,23 @@
+module Organizations
+  class ActivationsController < Organizations::BaseController
+    def update
+      @user = User.find(params[:user_id])
+
+      authorize! @user, with: ActivationsPolicy
+
+      if @user.deactivated_at
+        @user.activate
+      else
+        @user.deactivate
+      end
+
+      respond_to do |format|
+        success = @user.deactivated_at.nil? ?
+          t(".activated", staff: @user.full_name) :
+          t(".deactivated", staff: @user.full_name)
+        format.html { redirect_to staff_staff_index_path, notice: success }
+        format.turbo_stream { flash.now[:notice] = success }
+      end
+    end
+  end
+end

app/controllers/organizations/staff/staff_controller.rb

@@ -1,5 +1,4 @@
 class Organizations::Staff::StaffController < Organizations::BaseController
-  before_action :set_staff, only: [:update_activation]
   include ::Pagy::Backend
 
   layout "dashboard"
@@ -12,28 +11,4 @@ def index
       limit: 10
     )
   end
-
-  def update_activation
-    if @staff.deactivated_at
-      @staff.activate
-    else
-      @staff.deactivate
-    end
-
-    respond_to do |format|
-      success = @staff.deactivated_at.nil? ?
-        t(".activated", staff: @staff.full_name) :
-        t(".deactivated", staff: @staff.full_name)
-      format.html { redirect_to staff_staff_index_path, notice: success }
-      format.turbo_stream { flash.now[:notice] = success }
-    end
-  end
-
-  private
-
-  def set_staff
-    @staff = User.find(params[:staff_id])
-
-    authorize! @staff
-  end
 end

app/models/concerns/authorizable.rb

@@ -57,6 +57,8 @@ def staff?(organization)
       view_people
       view_form_submissions
       manage_faqs
+      activate_adopter
+      activate_foster
     ]
   ).freeze
 

app/policies/organizations/activations_policy.rb

@@ -0,0 +1,18 @@
+module Organizations
+  class ActivationsPolicy < ApplicationPolicy
+    pre_check :verify_organization!
+    pre_check :verify_active_staff!
+
+    def update?
+      return false if record.id == user.id
+
+      record_role = record.roles.first.name
+
+      if %w[super_admin admin].include?(record_role)
+        permission?(:activate_staff)
+      else
+        permission?(:activate_foster) && permission?(:activate_adopter)
+      end
+    end
+  end
+end

app/policies/organizations/user_policy.rb

@@ -5,8 +5,4 @@ class Organizations::UserPolicy < ApplicationPolicy
   def index?
     permission?(:manage_staff)
   end
-
-  def update_activation?
-    permission?(:activate_staff) && record.id != user.id
-  end
 end

app/views/layouts/shared/_footer.html.erb

@@ -5,11 +5,11 @@
       <div class="col-lg-4 col-md-6 col-12">
         <!-- about company -->
         <div class="mb-4">
-          <h3> <%= t('.title') %> </h3>
+          <h3> <%= t('.organization_name', name: Current.tenant.name) %> </h3>
           <div class="mt-4">
           <p>
               <%= t('.call') %>
-              <%= link_to t('.action'), new_organization_account_request_path %>
+              <%= link_to t('.action'), Rails.env.production? ? "https://www.homewardtails.org/organization_account_request/new" : "http://localhost:3000/organization_account_request/new" %>
 
             </p>
           </div>

app/views/organizations/activations/update.turbo_stream.erb

@@ -0,0 +1 @@
+<%= turbo_stream.replace "flash", partial: "layouts/shared/flash_messages" %>

app/views/organizations/staff/adopters/_adopter_cards.html.erb

@@ -16,6 +16,10 @@
         <span><%= t(:joined) %></span>
         <span><%= adopter.created_at.strftime("%d %B, %Y") %></span>
       </div>
+      <div class="d-flex justify-content-between pt-2">
+        <span><%= t(:deactivate) %></span>
+        <%= render "organizations/staff/shared/deactivate_toggle", user: adopter.user %>
+      </div>
     </div>
   </div>
 </div>

app/views/organizations/staff/adopters/_adopter_table.html.erb

@@ -6,6 +6,7 @@
         <tr>
           <th scope="col"><%= t(:name) %></th>
           <th scope="col"><%= t(:joined_at) %></th>
+          <th class="text-center" scope="col"><%= t(:deactivate) %></th>
         </tr>
       </thead>
       <tbody>
@@ -25,6 +26,9 @@
             <td>
               <%= adopter.created_at.strftime("%d %B, %Y") %>
             </td>
+            <td>
+              <%= render "organizations/staff/shared/deactivate_toggle", user: adopter.user %>
+            </td>
           </tr>
         <% end %>
       </tbody>

app/views/organizations/staff/fosterers/_fosterer_cards.html.erb

@@ -16,6 +16,10 @@
         <span><%= t(:joined) %></span>
         <span><%= fosterer.created_at.strftime("%d %B, %Y") %></span>
       </div>
+      <div class="d-flex justify-content-between pt-2">
+        <span><%= t(:deactivate) %></span>
+        <%= render "organizations/staff/shared/deactivate_toggle", user: fosterer.user %>
+      </div>
     </div>
   </div>
 </div>

app/views/organizations/staff/fosterers/_fosterer_table.html.erb

@@ -8,6 +8,7 @@
         <tr>
           <th scope="col"><%= t(:name) %></th>
           <th scope="col"><%= t(:email) %></th>
+          <th class="text-center" scope="col"><%= t(:deactivate) %></th>
           <th scope="col"><%= t(:phone) %></th>
           <% if can_edit_person %>
             <th scope="col"><%= t(:action) %></th>
@@ -31,6 +32,9 @@
             <td>
               <%= fosterer.email %>
             </td>
+            <td>
+              <%= render "organizations/staff/shared/deactivate_toggle", user: fosterer.user %>
+            </td>
             <td>
               <%= fosterer.phone_number %>
             </td>

app/views/organizations/staff/staff/_deactivate_toggle.html.erb → app/views/organizations/staff/shared/_deactivate_toggle.html.erb

@@ -1,12 +1,12 @@
-<div class=<%= "staff_deactivate_toggle_#{staff.id}" %>>
-  <%= form_with model: staff, url: staff_staff_update_activation_path(staff) do |form| %>
+<div class=<%= "user_deactivate_toggle_#{user.id}" %>>
+  <%= form_with model: user, url: activations_path(user_id: user.id) do |form| %>
     <div class='form-group d-flex justify-content-center'>
       <div class="form-check form-switch">
         <%= form.check_box :deactivated?,
           {
             class: "form-check-input",
             role: "switch",
-            disabled: staff == current_user,
+            disabled: user == current_user,
             id: "flexSwitchCheckChecked",
             onchange: "this.form.requestSubmit()"
           },

app/views/organizations/staff/staff/_staff_cards.html.erb

@@ -22,7 +22,7 @@
       </div>
       <div class="d-flex justify-content-between pt-2">
         <span><%= t(:deactivate) %></span>
-        <%= render "deactivate_toggle", staff: staff %>
+        <%= render "organizations/staff/shared/deactivate_toggle", user: staff %>
       </div>
     </div>
   </div>

app/views/organizations/staff/staff/_staff_table.html.erb

@@ -31,7 +31,7 @@
               <%= staff.created_at.strftime("%d %B, %Y") %>
             </td>
             <td>
-              <%= render "deactivate_toggle", staff: staff %>
+              <%= render "organizations/staff/shared/deactivate_toggle", user: staff %>
             </td>
           </tr>
         <% end %>

config/locales/en.yml

@@ -174,7 +174,7 @@ en:
   layouts:
     shared:
       footer:
-        title: "Homeward Tails"
+        organization_name: "%{name}"
         call: "If you are a pet adoption or foster organization and want a website like this one, for free,"
         action: "Click Here"
         company: "Company"
@@ -195,7 +195,7 @@ en:
         dashboard: "Dashboard"
         demo: "This is a demo site"
       no_tenant_footer:
-        title: "Open Pet Rescue"
+        title: "Homeward Tails"
         about: "About Us"
         rescues: 'Rescues'
         ruby_for_good: 'Ruby For Good'
@@ -371,6 +371,10 @@ en:
     authorization_error: "You are not authorized to perform this action."
     try_again: "Error. Please try again."
   organizations:
+    activations:
+      update:
+        activated: "%{staff} was activated."
+        deactivated: "%{staff} was deactivated."
     home:
       index:
         every_paw: "Where every paw finds a home"
@@ -660,10 +664,6 @@ en:
             help_text:
               label: "Label"
               help_text: "help text"
-      staff:
-        update_activation:
-          activated: "%{staff} was activated."
-          deactivated: "%{staff} was deactivated."
       external_form_upload:
         index:
           description: "If you collect information from adopters from a third party service, like Google Forms, you can export a CSV file from Google Forms and upload it here. We will import the questions and answers for any adopters who have an account on your Homeward Tails website, providing they use the same email address. Then you will be able to see the information for each adopter when reviewing applications."

config/routes.rb

@@ -37,6 +37,7 @@
     # Staff Routes
     namespace :staff do
       resource :organization, only: %i[edit update]
+      resources :staff, only: %i[index]
       resource :custom_page, only: %i[edit update]
       resources :external_form_upload, only: %i[index create]
       resources :default_pet_tasks
@@ -84,10 +85,6 @@
         resources :form_answers, only: [:index]
       end
 
-      resources :staff do
-        patch "update_activation"
-      end
-
       namespace :custom_form do
         resources :forms do
           resources :questions
@@ -116,6 +113,9 @@
       end
     end
 
+    # Activate/Deactivate users
+    resource :activations, only: [:update]
+
     # File Purging
     delete "staff/attachments/:id/purge", to: "attachments#purge", as: "staff_purge_attachment"
     delete "attachments/:id/purge_avatar", to: "attachments#purge_avatar", as: "purge_avatar"

test/controllers/organizations/activations_controller_test.rb

@@ -0,0 +1,19 @@
+require "test_helper"
+require "action_policy/test_helper"
+
+class Organizations::ActivationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @organization = ActsAsTenant.current_tenant
+    @staff = create(:admin)
+    sign_in @staff
+  end
+
+  test "update activation should modify user deactivated at state" do
+    user = create(:super_admin)
+    sign_in user
+
+    assert_changes -> { User.find(@staff.id).deactivated_at } do
+      patch activations_url(user_id: @staff.id), as: :turbo_stream
+    end
+  end
+end

test/controllers/organizations/staff/staff_controller_test.rb

@@ -11,16 +11,6 @@ class Organizations::Staff::StaffControllerTest < ActionDispatch::IntegrationTes
   context "authorization" do
     include ActionPolicy::TestHelper
 
-    context "#update_activation" do
-      should "be authorized" do
-        assert_authorized_to(
-          :update_activation?, @staff, with: Organizations::UserPolicy
-        ) do
-          patch staff_staff_update_activation_url(@staff)
-        end
-      end
-    end
-
     context "#index" do
       should "be authorized" do
         assert_authorized_to(
@@ -48,14 +38,4 @@ class Organizations::Staff::StaffControllerTest < ActionDispatch::IntegrationTes
       end
     end
   end
-
-  test "update activation should respond with turbo_stream when toggled on staff page" do
-    user = create(:super_admin)
-    sign_in user
-
-    patch staff_staff_update_activation_url(@staff), as: :turbo_stream
-
-    assert_equal Mime[:turbo_stream], response.media_type
-    assert_response :success
-  end
 end