From 200296562475d890d98ff9822f627c7b8a4f78f9 Mon Sep 17 00:00:00 2001 From: Helen Pickavance Date: Wed, 27 Nov 2024 14:47:28 +0000 Subject: [PATCH] Fix removal methods and add tests --- lib/tasks/access_and_permissions.rake | 42 +++++++++++++++ .../unit/tasks/access_and_permissions_test.rb | 54 +++++++++++++++++++ 2 files changed, 96 insertions(+) diff --git a/lib/tasks/access_and_permissions.rake b/lib/tasks/access_and_permissions.rake index 3895cff88..8e28e8aac 100644 --- a/lib/tasks/access_and_permissions.rake +++ b/lib/tasks/access_and_permissions.rake @@ -50,4 +50,46 @@ namespace :permissions do log_file.close end end + + desc "Remove an organisation from an document's access permissions list" + task :remove_organisation_access, %i[document_content_id org_content_id] => :environment do |_, args| + document = Artefact.find_by(id: args[:document_content_id]) + + if document.nil? + message = "Document not found, no permissions changed." + elsif !document.latest_edition.owning_org_content_ids.include?(args[:org_content_id]) + message = "Organisation with ID #{args[:organisation_id]} did not have access to document with ID - #{document.id} no change made" + else + Edition.where(panopticon_id: document.id).each do |edition| + edition.owning_org_content_ids.delete(args[:org_content_id]) + edition.save!(validate: false) + end + document.save_as_task!("PermissionsRemoval") + message = "Access permission for successfully removed for the organisation with ID #{args[:organisation_id]} from document with ID - #{document.id}" + end + puts message + rescue Mongoid::Errors::DocumentNotFound => e + error_message = "An error occurred while processing document with ID #{args[:document_content_id]}: #{e.message}" + puts error_message + end + + desc "Remove all access permissions from an document" + task :remove_all_access_flags, %i[document_content_id] => :environment do |_, args| + document = Artefact.find_by(id: args[:document_content_id]) + + if document.nil? + message = "Document not found, no permissions changed." + else + Edition.where(panopticon_id: document.id).each do |edition| + edition.owning_org_content_ids.clear + edition.save!(validate: false) + end + document.save_as_task!("PermissionsClear") + message = "All access permissions for all organisations successfully removed from document with ID - #{document.id}" + end + puts message + rescue Mongoid::Errors::DocumentNotFound => e + error_message = "An error occurred while processing document with ID #{args[:document_content_id]}: #{e.message}" + puts error_message + end end diff --git a/test/unit/tasks/access_and_permissions_test.rb b/test/unit/tasks/access_and_permissions_test.rb index 22fb5586f..161508b72 100644 --- a/test/unit/tasks/access_and_permissions_test.rb +++ b/test/unit/tasks/access_and_permissions_test.rb @@ -6,13 +6,20 @@ class AccessAndPermissionsTaskTest < ActiveSupport::TestCase @add_organisation_access_task = Rake::Task["permissions:add_organisation_access"] @bulk_process_task = Rake::Task["permissions:bulk_process_access_flags"] + @remove_organisation_access_task = Rake::Task["permissions:remove_organisation_access"] + @remove_all_access_flags_task = Rake::Task["permissions:remove_all_access_flags"] + @add_organisation_access_task.reenable @bulk_process_task.reenable + @remove_organisation_access_task.reenable + @remove_all_access_flags_task.reenable @artefact1 = FactoryBot.create(:artefact, slug: "example-slug-1") @artefact2 = FactoryBot.create(:artefact, slug: "example-slug-2") + @edition1 = FactoryBot.create(:edition, panopticon_id: @artefact1.id, owning_org_content_ids: []) @edition2 = FactoryBot.create(:edition, panopticon_id: @artefact2.id, owning_org_content_ids: []) + @csv_file_path = Rails.root.join("tmp/test_bulk_access.csv") CSV.open(@csv_file_path, "w") do |csv| csv << %w[Header1 URL] @@ -52,4 +59,51 @@ class AccessAndPermissionsTaskTest < ActiveSupport::TestCase assert_includes @edition1.owning_org_content_ids, organisation_id assert_includes @edition2.owning_org_content_ids, organisation_id end + + test "remove_organisation_access removes permissions correctly" do + organisation_id = "org-id-to-remove" + + @add_organisation_access_task.invoke(@artefact1.id, organisation_id) + @edition1.reload + assert_includes @edition1.owning_org_content_ids, organisation_id + + @remove_organisation_access_task.invoke(@artefact1.id, organisation_id) + @edition1.reload + + assert_not_includes @edition1.owning_org_content_ids, organisation_id + end + + test "remove_organisation_access does not affect other organisation permissions" do + org_id_to_keep = "saved-org-id" + org_id_to_remove = "removable-org-id" + artefact3 = FactoryBot.create(:artefact, slug: "example-slug-3") + edition3 = FactoryBot.create(:edition, panopticon_id: artefact3.id, owning_org_content_ids: [org_id_to_keep, org_id_to_remove]) + assert_includes edition3.owning_org_content_ids, org_id_to_keep + assert_includes edition3.owning_org_content_ids, org_id_to_remove + + @remove_organisation_access_task.invoke(artefact3.id, org_id_to_remove) + edition3.reload + + assert_not_includes edition3.owning_org_content_ids, org_id_to_remove + assert_includes edition3.owning_org_content_ids, org_id_to_keep + end + + test "remove_all_access_flags removes all permissions" do + organisation_id1 = "org-id-one" + organisation_id2 = "org-id-two" + + @add_organisation_access_task.invoke(@artefact1.id, organisation_id1) + @add_organisation_access_task.reenable + @add_organisation_access_task.invoke(@artefact1.id, organisation_id2) + @edition1.reload + + assert_includes @edition1.owning_org_content_ids, organisation_id1 + assert_includes @edition1.owning_org_content_ids, organisation_id2 + + @remove_all_access_flags_task.invoke(@artefact1.id, organisation_id2) + @edition1.reload + + assert_not_includes @edition1.owning_org_content_ids, organisation_id1 + assert_not_includes @edition1.owning_org_content_ids, organisation_id2 + end end