Allow admins to update registrations (#628)

* allow admins to update registrations * rubocop changes * fixed bulk update tests * removed commented lines in tests
thewca · Jul 31, 2024 · 33fdbc7 · 33fdbc7
1 parent 89bba96
commit 33fdbc7
Show file tree

Hide file tree

Showing 5 changed files with 1,048 additions and 1,111 deletions.
diff --git a/.rspec b/.rspec
@@ -1 +1,2 @@
+--format documentation
 --require spec_helper
diff --git a/app/services/registration_checker.rb b/app/services/registration_checker.rb
@@ -51,7 +51,7 @@ def self.bulk_update_allowed!(bulk_update_request, competition_info, requesting_
   class << self
     def user_can_create_registration!
       # Only an organizer or the user themselves can create a registration for the user
-      raise RegistrationError.new(:unauthorized, ErrorCodes::USER_INSUFFICIENT_PERMISSIONS) unless is_organizer_or_current_user?
+      raise RegistrationError.new(:unauthorized, ErrorCodes::USER_INSUFFICIENT_PERMISSIONS) unless @requester_user_id == @requestee_user_id
 
       # Only organizers can register when registration is closed, and they can only register for themselves - not for other users
       raise RegistrationError.new(:forbidden, ErrorCodes::REGISTRATION_CLOSED) unless @competition_info.registration_open? || organizer_modifying_own_registration?
@@ -64,7 +64,7 @@ def user_can_create_registration!
     end
 
     def user_can_modify_registration!
-      raise RegistrationError.new(:unauthorized, ErrorCodes::USER_INSUFFICIENT_PERMISSIONS) unless is_organizer_or_current_user?
+      raise RegistrationError.new(:unauthorized, ErrorCodes::USER_INSUFFICIENT_PERMISSIONS) unless can_administer_or_current_user?
       raise RegistrationError.new(:forbidden, ErrorCodes::USER_EDITS_NOT_ALLOWED) unless @competition_info.registration_edits_allowed? || @competition_info.is_organizer_or_delegate?(@requester_user_id)
       raise RegistrationError.new(:forbidden, ErrorCodes::ALREADY_REGISTERED_IN_SERIES) if existing_registration_in_series?
     end
@@ -73,11 +73,11 @@ def organizer_modifying_own_registration?
       @competition_info.is_organizer_or_delegate?(@requester_user_id) && (@requester_user_id == @requestee_user_id)
     end
 
-    def is_organizer_or_current_user?
+    def can_administer_or_current_user?
       # Only an organizer or the user themselves can create a registration for the user
       # One case where organizers need to create registrations for users is if a 3rd-party registration system is being used, and registration data is being
       # passed to the Registration Service from it
-      (@requester_user_id == @requestee_user_id) || @competition_info.is_organizer_or_delegate?(@requester_user_id)
+      (@requester_user_id == @requestee_user_id) || UserApi.can_administer?(@requester_user_id, @competition_info.id)
     end
 
     def validate_create_events!
@@ -158,8 +158,8 @@ def validate_update_status!
         current_status == 'waiting_list' && new_status == 'accepted' && @registration.competing_waiting_list_position != min_waiting_list_position
 
       # Otherwise, organizers can make any status change they want to
+      return if UserApi.can_administer?(@requester_user_id, @competition_info.id)
 
-      return if @competition_info.is_organizer_or_delegate?(@requester_user_id)
       # A user (ie not an organizer) is only allowed to:
       # 1. Reactivate their registration if they previously cancelled it (ie, change status from 'cancelled' to 'pending')
       # 2. Cancel their registration, assuming they are allowed to cancel

diff --git a/spec/controllers/registration_controller_spec.rb b/spec/controllers/registration_controller_spec.rb
@@ -13,6 +13,11 @@
       @registration = FactoryBot.create(:registration)
 
       update_request = FactoryBot.build(:update_request, user_id: @registration[:user_id], guests: 2, competing: { 'status' => 'cancelled' })
+      stub_request(:get, UserApi.permissions_path(update_request['submitted_by'])).to_return(
+        status: 200,
+        body: FactoryBot.build(:permissions_response, organized_competitions: [@competition['id']]).to_json,
+        headers: { content_type: 'application/json' },
+      )
 
       request.headers['Authorization'] = update_request['jwt_token']
       patch :update, params: update_request, as: :json
@@ -57,6 +62,15 @@
   describe '#bulk_update' do
     before do
       stub_request(:post, EmailApi.registration_email_path).to_return(status: 200, body: { emails_sent: 1 }.to_json)
+
+      @competition = FactoryBot.build(:competition, mock_competition: true)
+      stub_request(:get, CompetitionApi.comp_api_url(@competition['id'])).to_return(status: 200, body: @competition.to_json)
+
+      stub_request(:get, UserApi.permissions_path(1306)).to_return(
+        status: 200,
+        body: FactoryBot.build(:permissions_response, organized_competitions: [@competition['id']]).to_json,
+        headers: { content_type: 'application/json' },
+      )
     end
     # TODO: Consider refactor into separate contexts with one expect() per it-block
     it 'returns a 422 if there are validation errors' do
@@ -67,9 +81,6 @@
       registration3 = FactoryBot.create(:registration)
       update3 = FactoryBot.build(:update_request, user_id: registration3[:user_id])
 
-      competition = FactoryBot.build(:competition, mock_competition: true)
-      stub_request(:get, CompetitionApi.comp_api_url(competition['id'])).to_return(status: 200, body: competition.to_json)
-
       updates = [update, update2, update3]
       bulk_update_request = FactoryBot.build(:bulk_update_request, requests: updates)
 
@@ -86,19 +97,16 @@
       registration3 = FactoryBot.create(:registration)
       update3 = FactoryBot.build(:update_request, user_id: registration3[:user_id])
 
-      competition = FactoryBot.build(:competition, mock_competition: true)
-      stub_request(:get, CompetitionApi.comp_api_url(competition['id'])).to_return(status: 200, body: competition.to_json)
-
       updates = [update, update2, update3]
       bulk_update_request = FactoryBot.build(:bulk_update_request, requests: updates)
 
       request.headers['Authorization'] = bulk_update_request['jwt_token']
       patch :bulk_update, params: bulk_update_request, as: :json
 
-      updated_registration = Registration.find("#{competition['id']}-#{registration[:user_id]}")
+      updated_registration = Registration.find("#{@competition['id']}-#{registration[:user_id]}")
       expect(updated_registration.competing_status).to eq('incoming')
 
-      updated_registration = Registration.find("#{competition['id']}-#{registration3[:user_id]}")
+      updated_registration = Registration.find("#{@competition['id']}-#{registration3[:user_id]}")
       expect(updated_registration.competing_status).to eq('incoming')
     end
 
@@ -110,9 +118,6 @@
       registration3 = FactoryBot.create(:registration)
       update3 = FactoryBot.build(:update_request, user_id: registration3[:user_id], competing: { 'comment' => 'test comment update' })
 
-      competition = FactoryBot.build(:competition, mock_competition: true)
-      stub_request(:get, CompetitionApi.comp_api_url(competition['id'])).to_return(status: 200, body: competition.to_json)
-
       updates = [update, update2, update3]
       bulk_update_request = FactoryBot.build(:bulk_update_request, requests: updates)
 
@@ -134,30 +139,24 @@
       registration3 = FactoryBot.create(:registration)
       update3 = FactoryBot.build(:update_request, user_id: registration3[:user_id], competing: { 'comment' => 'test comment update' })
 
-      competition = FactoryBot.build(:competition, mock_competition: true)
-      stub_request(:get, CompetitionApi.comp_api_url(competition['id'])).to_return(status: 200, body: competition.to_json)
-
       updates = [update, update2, update3]
       bulk_update_request = FactoryBot.build(:bulk_update_request, requests: updates)
 
       request.headers['Authorization'] = bulk_update_request['jwt_token']
       patch :bulk_update, params: bulk_update_request, as: :json
       expect(response.code).to eq('200')
 
-      updated_registration = Registration.find("#{competition['id']}-#{registration[:user_id]}")
+      updated_registration = Registration.find("#{@competition['id']}-#{registration[:user_id]}")
       expect(updated_registration.competing_status).to eq('accepted')
 
-      updated_registration3 = Registration.find("#{competition['id']}-#{registration3[:user_id]}")
+      updated_registration3 = Registration.find("#{@competition['id']}-#{registration3[:user_id]}")
       expect(updated_registration3.competing_comment).to eq('test comment update')
     end
 
     it 'admin submits a bulk update containing 1 update' do
       registration = FactoryBot.create(:registration)
       bulk_update_request = FactoryBot.build(:bulk_update_request, user_ids: [registration[:user_id]])
 
-      competition = FactoryBot.build(:competition, mock_competition: true)
-      stub_request(:get, CompetitionApi.comp_api_url(competition['id'])).to_return(status: 200, body: competition.to_json)
-
       request.headers['Authorization'] = bulk_update_request['jwt_token']
       patch :bulk_update, params: bulk_update_request, as: :json
       expect(response.code).to eq('200')
@@ -167,9 +166,6 @@
       registration = FactoryBot.create(:registration)
       bulk_update_request = FactoryBot.build(:bulk_update_request, user_ids: [registration[:user_id]])
 
-      competition = FactoryBot.build(:competition, mock_competition: true)
-      stub_request(:get, CompetitionApi.comp_api_url(competition['id'])).to_return(status: 200, body: competition.to_json)
-
       request.headers['Authorization'] = bulk_update_request['jwt_token']
       patch :bulk_update, params: {}, as: :json
       expect(response.code).to eq('400')

diff --git a/spec/factories/request_factory.rb b/spec/factories/request_factory.rb
@@ -67,6 +67,10 @@
       user_id { 1306 }
     end
 
+    trait :site_admin do
+      submitted_by { 1307 }
+    end
+
     trait :organizer_for_user do
       submitted_by { 1306 }
     end