482 - Correct staff codes access

[Janell-Huyck]

We had no link on the admin header for staff codes, and standard users were able to access this page.

This PR corrects these two errors, adding a link in the admin header and removing access for the standard users.

Additionally, we are removing the ability for any user to delete or destroy a staff code. If the preservation team needs to remove a staff code in the future, we will need to do it for them.

File changes:

• app/controllers/staff_codes_controller.rb
  • remove delete method
• app/models/ability.rb
  • removes standard user access to staff codes
  • removes admin ability to delete staff codes
• app/views/shared/_navigation.html.erb
  • adds link for staff codes to permitted users (admin-only)
• app/views/staff_codes/index.html.erb
  • remove links to destroy staff codes
• config/routes.rb
  • remove destroy routing for staff codes
• spec/controllers/staff_codes_controller_spec.rb
  • remove testing for deleting records
• spec/features/admin_user_spec.rb
  • expect admins to have a link
  • remove duplication of check for staff codes editing
  • fix link specification
• spec/features/standard_user_spec.rb
  • update standard user tests to check that they cannot access staff codes
• spec/helpers/in_house_repair_records_helper_spec.rb
  • broken test due to previous update adding in staff code seed data
• spec/models/ability_spec.rb
  • update checks on abilities for standard user
• spec/requests/staff_codes_spec.rb
  • update now-failing test
• spec/routing/staff_codes_routing_spec.rb
  • remove test for destroy routing

Additional changes to increase coveralls %

These changes reduced the number of lines in controllers, and thus reduced the % of testing. I discovered an unreachable call to "super" in app/controllers/users/registrations_controller.rb which couldn't be tested because it was never called. Deleting this line increased our testing % from -0.1% to -0.01%.

Adding and configuring a test for the Devise mailer allows us to indirectly test our ApplicationMailer. Devise inherits from the ApplicationMailer class. We're not using the ApplicationMailer directly anywhere, but Devise will pull defaults from our class. This was as close as I could get to testing ApplicationMailer.

This increase in testing was not recognized by Coveralls, so I created yet another file: spec/mailers/application_mailer_spec.rb which has some very simple tests about the content of that class. This bumped our spec % from -0.01% to +0.5%

[hortongn]

Let's discuss this with @crowesn. We may not want to give CRUD access for staff codes to anyone. I think it's very rare a new staff code would be needed. Also seems dangerous to allow them to delete a staff code when it is linked to repair records.

[Janell-Huyck]

Link to Teams discussion: https://teams.microsoft.com/l/message/19:597d4e762f5648c49087dacf89dc415e@thread.skype/1713900125433?tenantId=f5222e6c-5fc6-48eb-8f03-73db18203b63&groupId=05379e3e-d136-48a1-ba71-81ecaf83cfab&parentMessageId=1713900125433&teamName=UCL%20Application%20Development%20Unit&channelName=treatment-db&createdTime=1713900125433&allowXTenantAccess=false