From a4a12d4ab3afe149e3cfa3b56cbedb867470a046 Mon Sep 17 00:00:00 2001 From: Utkarsh Shukla Date: Mon, 5 Aug 2024 15:17:47 -0400 Subject: [PATCH 1/3] Bug 107413 (#2733) * adds consumer override policy * adds specs --- .../employers/employer_profiles_controller.rb | 2 +- .../employer_profile_policy.rb | 4 ++++ .../policies/employer_profile_policy_spec.rb | 24 +++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/app/controllers/employers/employer_profiles_controller.rb b/app/controllers/employers/employer_profiles_controller.rb index 8f3de203b68..210f8698279 100644 --- a/app/controllers/employers/employer_profiles_controller.rb +++ b/app/controllers/employers/employer_profiles_controller.rb @@ -8,7 +8,7 @@ class EmployerProfilesController < ::ApplicationController before_action :redirect_new_model, only: [:show, :welcome, :index, :new, :show_profile, :edit, :generate_sic_tree, :create] before_action :find_employer, only: [:show, :show_profile, :destroy, :inbox, - :bulk_employee_upload, :bulk_employee_upload_form, :download_invoice, :export_census_employees, :link_from_quote, :new_document, :upload_document, :generate_checkbook_urls] + :bulk_employee_upload, :bulk_employee_upload_form, :download_invoice, :export_census_employees, :link_from_quote, :new_document, :upload_document, :generate_checkbook_urls, :consumer_override] before_action :check_show_permissions, only: [:show, :show_profile, :destroy, :inbox, :bulk_employee_upload, :bulk_employee_upload_form] before_action :check_index_permissions, only: [:index] diff --git a/components/benefit_sponsors/app/policies/benefit_sponsors/employer_profile_policy.rb b/components/benefit_sponsors/app/policies/benefit_sponsors/employer_profile_policy.rb index 0ce7b9eadde..1a65e230741 100644 --- a/components/benefit_sponsors/app/policies/benefit_sponsors/employer_profile_policy.rb +++ b/components/benefit_sponsors/app/policies/benefit_sponsors/employer_profile_policy.rb @@ -115,6 +115,10 @@ def plan_design_proposal_claim? show? end + def consumer_override? + show? + end + def is_staff_role_for_employer? active_staff_roles = user.person.employer_staff_roles.active active_staff_roles.any? {|role| role.benefit_sponsor_employer_profile_id == record.id } diff --git a/components/benefit_sponsors/spec/policies/employer_profile_policy_spec.rb b/components/benefit_sponsors/spec/policies/employer_profile_policy_spec.rb index 89708a37128..ec96a382832 100644 --- a/components/benefit_sponsors/spec/policies/employer_profile_policy_spec.rb +++ b/components/benefit_sponsors/spec/policies/employer_profile_policy_spec.rb @@ -117,5 +117,29 @@ module BenefitSponsors end end end + + context 'for a user with broker role' do + let(:user) { FactoryBot.create(:user, person: person, roles: ["broker"]) } + let(:person) { FactoryBot.create(:person) } + let(:broker_role) { FactoryBot.create(:broker_role, person: person) } + let!(:broker_organization) { FactoryBot.build(:benefit_sponsors_organizations_general_organization, site: site)} + let!(:broker_agency_profile) { FactoryBot.create(:benefit_sponsors_organizations_broker_agency_profile, organization: broker_organization, market_kind: 'shop', legal_name: 'Legal Name1', primary_broker_role: broker_role) } + let(:employer_profile) {benefit_sponsorship.organization.employer_profile} + let!(:broker_agency_account) {FactoryBot.build(:benefit_sponsors_accounts_broker_agency_account, broker_agency_profile: broker_agency_profile, writing_agent_id: broker_role.id, is_active: true)} + + shared_examples_for 'should permit for a user with broker role' do |policy_type| + before do + employer_profile.broker_agency_accounts << broker_agency_account + employer_profile.save + end + + it 'should permit' do + expect(policy.send(policy_type)).to be true + end + end + + it_behaves_like 'should permit for a user with broker role', :show? + it_behaves_like 'should permit for a user with broker role', :consumer_override? + end end end From 11179287dc89f2abcd6f5c365c0f368a4c36cc96 Mon Sep 17 00:00:00 2001 From: utkarsh7989 Date: Mon, 5 Aug 2024 16:16:14 -0400 Subject: [PATCH 2/3] adds change user name and email permissions to hbx_tier3 users --- app/data_migrations/define_permissions.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/data_migrations/define_permissions.rb b/app/data_migrations/define_permissions.rb index e0592d640ad..44af7c23e61 100644 --- a/app/data_migrations/define_permissions.rb +++ b/app/data_migrations/define_permissions.rb @@ -41,7 +41,7 @@ def initial_hbx .update_attributes!(modify_family: true, modify_employer: true, revert_application: true, list_enrollments: true, send_broker_agency_message: true, approve_broker: true, approve_ga: true, can_update_ssn: false, can_complete_resident_application: false, can_add_sep: false, can_lock_unlock: true, can_view_username_and_email: true, can_reset_password: false, modify_admin_tabs: true, - view_admin_tabs: true, view_the_configuration_tab: true, can_submit_time_travel_request: false) + view_admin_tabs: true, view_the_configuration_tab: true, can_submit_time_travel_request: false, can_change_username_and_email: true) Permission .find_or_initialize_by(name: 'super_admin') .update_attributes!(modify_family: true, modify_employer: true, revert_application: true, list_enrollments: true, @@ -177,6 +177,7 @@ def hbx_admin_can_update_enrollment_end_date_or_reinstate def hbx_admin_can_change_username_and_email Permission.super_admin.update_attributes!(can_change_username_and_email: true) + Permission.hbx_tier3.update_attributes!(can_change_username_and_email: true) end def hbx_admin_view_login_history From 78e1c5d785efc20aa64494f88aed7143eae5a852 Mon Sep 17 00:00:00 2001 From: utkarsh7989 Date: Mon, 5 Aug 2024 16:17:17 -0400 Subject: [PATCH 3/3] adds specs --- spec/data_migrations/permissions_spec.rb | 30 ++++++++++++++++++------ 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/spec/data_migrations/permissions_spec.rb b/spec/data_migrations/permissions_spec.rb index 4472c3c9acf..8aa8361507f 100644 --- a/spec/data_migrations/permissions_spec.rb +++ b/spec/data_migrations/permissions_spec.rb @@ -41,17 +41,33 @@ end context 'update can change username and email for super admin hbx staff role', dbclean: :before_each do - let(:given_task_name) {':hbx_admin_can_change_username_and_email'} - let(:person) { FactoryBot.create(:person) } - let(:permission) { FactoryBot.create(:permission, :super_admin) } - let(:role) { FactoryBot.create(:hbx_staff_role, person: person, subrole: "super_admin", permission_id: permission.id) } before do subject.hbx_admin_can_change_username_and_email end - it "updates hbx_admin_can_change_username_and_email to true" do - expect(permission.reload.can_change_username_and_email).to be true + context "of an hbx super admin" do + let(:hbx_super_admin) do + FactoryBot.create(:person).tap do |person| + FactoryBot.create(:hbx_staff_role, person: person, subrole: "super_admin", permission_id: Permission.super_admin.id) + end + end + + it 'returns true' do + expect(hbx_super_admin.hbx_staff_role.permission.can_change_username_and_email).to be true + end + end + + context "of an hbx tier3" do + let(:hbx_tier3) do + FactoryBot.create(:person).tap do |person| + FactoryBot.create(:hbx_staff_role, person: person, subrole: "hbx_tier3", permission_id: Permission.hbx_tier3.id) + end + end + + it 'returns true' do + expect(hbx_tier3.hbx_staff_role.permission.can_change_username_and_email).to be true + end end end @@ -1194,4 +1210,4 @@ expect(Person.all.to_a.map{|p| p.hbx_staff_role.subrole}).to match_array roles end end -end \ No newline at end of file +end