Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent '%{org_title} Plans' Section From Displaying Plans Created by Users From Other Organisations #3413

Closed
wants to merge 5 commits into from
Closed

Prevent '%{org_title} Plans' Section From Displaying Plans Created by Users From Other Organisations #3413

wants to merge 5 commits into from

Commits on Apr 30, 2024

  1. Add pdf handling in render_respond_to_format_with_error_message 

    `render_respond_to_format_with_error_message` is called both when rescuing from Pundit::NotAuthorizedError and ActiveRecord::RecordNotFound. The method works properly with .html format, but prior to this change, ActionController::UnknownFormat was thrown for .pdf format.
    @aaronskiba
    aaronskiba committed Apr 30, 2024
    Configuration menu
    Copy the full SHA
    1ef6bd0 View commit details
    Browse the repository at this point in the history

  2. edit scope :organisationally_or_publicly_visible 

    - This commit changes the Plan.organisationally_or_publicly_visible(user) scope
- Prior to this commit, we used `Org.org_admin_plans`. This would return any plan where plan.org_id = Org.id. In addition, it would return any plan where a user with user.org_id = Org.id had Administrator access on the plan.
- This commit instead uses Org.owned_plans. This only returns plans where Creator access belongs to a user with user.org_id = Org.id.
    @aaronskiba
    aaronskiba committed Apr 30, 2024
    Configuration menu
    Copy the full SHA
    b802b68 View commit details
    Browse the repository at this point in the history

  3. refactor scope :organisationally_or_publicly_visible 

    Here, instead of first assigning to the `plan_ids` variable, we are directly referencing `user.org.owned_plans`. This change should not affect the query result of `scope :organisationally_or_publicly_visible`
    @aaronskiba
    aaronskiba committed Apr 30, 2024
    Configuration menu
    Copy the full SHA
    8bc8a48 View commit details
    Browse the repository at this point in the history

  4. Make Rubocop happy

    @aaronskiba
    aaronskiba committed Apr 30, 2024
    Configuration menu
    Copy the full SHA
    86504f6 View commit details
    Browse the repository at this point in the history

  5. Remove duplicate code in application_controller.rb 

    Removing `rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized` from line 25, because the exact statement also exists on line 20 of this same file.
    @aaronskiba
    aaronskiba committed Apr 30, 2024
    Configuration menu
    Copy the full SHA
    185e8aa View commit details
    Browse the repository at this point in the history