search

MushroomObserver / mushroom-observer

A website for sharing observations of mushrooms.
https://mushroomobserver.org
MIT License
77 stars 26 forks source link

Make field slip job trackers sensitive to initiator #2111

Closed mo-nathan closed 2 months ago

mo-nathan commented 2 months ago

FieldSlipJobTrackers now track the user that created them and only allows the initiator to download the job results. This should avoid confused users download other people's field slips and creating chaos.

To test: 1) Initiate field slip PDF generation from two different user accounts. 2) See that the job table now includes the user login and once the jobs are done the logged in user can only download PDFs they initiated.

coveralls commented 2 months ago

Coverage Status

coverage: 94.443%. remained the same when pulling 1f1a3fdb8d60f61c47bfb15cc46faed8a2e81433 on njw-field-slip-job-tracker-users into c80b9a76f02358b40b5cbbf50c54bdab82dbae25 on main.

JoeCohen commented 2 months ago

@mo-nathan: Throws an error when I click Create Field Slip PDF. (I created a new Project, added another user, clicked Create Field Slip PDF.)

NoMethodError in Projects::FieldSlips#new
Showing /Users/joe/mushroom-observer/app/views/controllers/projects/field_slips/_tracker_row.erb where line #12 raised:

undefined method `login' for nil
Extracted source (around line #13):

    end,
    tag.td(data: { field_slip_job_target: "link" }) do
      user_link(tracker.user_id, tracker.user.login)
    end,
    tag.td(class: "text-center", data: { field_slip_job_target: "seconds" }) do
      number_with_precision(tracker.elapsed_time, precision: 1)

Trace of template inclusion: #<ActionView::Template app/views/controllers/projects/field_slips/new.html.erb locals=[]>

Rails.root: /Users/joe/mushroom-observer

Application Trace | Framework Trace | Full Trace
app/views/controllers/projects/field_slips/_tracker_row.erb:12
app/views/controllers/projects/field_slips/_tracker_row.erb:11
app/views/controllers/projects/field_slips/_tracker_row.erb:2
app/views/controllers/projects/field_slips/new.html.erb:33
app/views/controllers/projects/field_slips/new.html.erb:31
app/views/controllers/projects/field_slips/new.html.erb:30
app/controllers/application_controller.rb:226:in `catch_errors_and_log_request_stats'
Request
Parameters:

{"project_id"=>"343"}
JoeCohen commented 2 months ago

/app/views/controllers/projects/field_slips/_tracker_row.erb line 12 should have @user.login instead of user.login. I'm not awake enough to write a test.

mo-nathan commented 2 months ago

/app/views/controllers/projects/field_slips/_tracker_row.erb line 12 should have @user.login instead of user.login. I'm not awake enough to write a test.

I believe the issue is that locally you have a FieldSlipJobTracker that has nil for the user_id. Made the code more robust against that possibility.