search

samvera / hyrax

Hyrax is a Ruby on Rails Engine built by the Samvera community. Hyrax provides a foundation for creating many different digital repository applications.
http://hyrax.samvera.org/
Apache License 2.0
182 stars 122 forks source link

Authentication guard clause in work reports controller #6824

Closed davidcam-src closed 1 week ago

davidcam-src commented 1 month ago

Fixes

Fixes #6821

Summary

If a user attempts to work reporting analytics but isn't logged in the work_reports_controller attempts to access the ability attribute of current_user which is nil, causing the server to return a 500.

Guidance for testing, such as acceptance criteria or new user interface behaviors:

Criteria: Users should be redirected to the log in page an receive a useful alert if they somehow access the work reporting page while not being signed in

  1. Sign in as an administrator and access the dashboard in Nurax.
  2. Click on 'Analytics' in the sidebar and then 'Works Report'
  3. Copy and paste the URL for the page into an incognito window.
  4. Verify that you've been redirected to the login page, with an alert that reads something along the lines of "You need to sign in or sign up before continuing."

Changes proposed in this pull request:

@samvera/hyrax-code-reviewers

github-actions[bot] commented 1 month ago

Test Results

    17 files  ±0      17 suites  ±0   2h 16m 19s :stopwatch: - 3m 12s  6 705 tests +1   6 408 :white_check_mark: +2  297 :zzz: ±0  0 :x:  - 1  13 178 runs  +3  12 783 :white_check_mark: +4  395 :zzz: ±0  0 :x:  - 1 

Results for commit cc3730f4. ± Comparison against base commit 52af985f.

This pull request removes 266 and adds 267 tests. Note that renamed tests count towards both. ``` spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to destroy AdminSet: 4a8c8ac7-ff85-4afd-81a1-8a5c47c94249 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to destroy Hyrax::AdministrativeSet: 1946627f-8fdb-4dd7-93dc-cb7dff3176f4 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to edit AdminSet: 9ea91db6-37b3-488f-8659-94e064100920 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to edit Hyrax::AdministrativeSet: 16a18629-53fa-413e-9ca7-4ff9a8dd64f7 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to update AdminSet: a555b3ee-d4c3-4f79-b2ed-7afc9c518953 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to update Hyrax::AdministrativeSet: d214f880-a833-48ca-9005-99a1a070cf9d … ``` ``` spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to destroy AdminSet: a23dd2c0-3dc7-4982-99c0-d9acdb6a9a1c spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to destroy Hyrax::AdministrativeSet: aad6bdd9-b412-48a2-b89e-1fc67ec72fae spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to edit AdminSet: 84c6dd7a-1777-4fb5-9515-8d9dfe55219a spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to edit Hyrax::AdministrativeSet: 5011273d-c4ac-43b3-89e4-2f93aaeff9b2 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to update AdminSet: ed66ec15-f527-4986-853b-947b33fe7182 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to update Hyrax::AdministrativeSet: ad9666d5-e873-43d2-b37c-504a4e335459 … ```

:recycle: This comment has been updated with latest results.