Fix role updates (#2727)

* Allow some providers to update role on staging * Refactor
2 months ago · 72d83bcd44
2 changed files with 15 additions and 8 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -257,13 +257,7 @@ private

  def user_params
    if @user == current_user
-      if current_user.data_coordinator?
-        params.require(:user).permit(:email, :phone, :phone_extension, :name, :password, :password_confirmation, :role, :is_dpo, :is_key_contact, :initial_confirmation_sent)
-      elsif current_user.support?
-        params.require(:user).permit(:email, :phone, :phone_extension, :name, :password, :password_confirmation, :role, :is_dpo, :is_key_contact, :initial_confirmation_sent, :organisation_id)
-      else
-        params.require(:user).permit(:email, :phone, :phone_extension, :name, :password, :password_confirmation, :initial_confirmation_sent)
-      end
+      current_user_params
    elsif current_user.data_coordinator?
      params.require(:user).permit(:email, :phone, :phone_extension, :name, :role, :is_dpo, :is_key_contact, :active, :initial_confirmation_sent)
    elsif current_user.support?
@ -271,6 +265,15 @@ private
    end
  end

+  def current_user_params
+    base_params = %i[email phone phone_extension name password password_confirmation initial_confirmation_sent]
+    return params.require(:user).permit(*(base_params + %i[role is_dpo is_key_contact])) if current_user.data_coordinator?
+    return params.require(:user).permit(*(base_params + %i[role is_dpo is_key_contact organisation_id])) if current_user.support?
+    return params.require(:user).permit(*(base_params + [:role])) if Rails.env.staging? && current_user.in_staging_role_update_email_allowlist?
+
+    params.require(:user).permit(*base_params)
+  end
+
  def user_params_without_org
    user_params.except(:organisation_id)
  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -212,7 +212,7 @@ class User < ApplicationRecord
  end

  def assignable_roles
-    if Rails.env.staging? && Rails.application.credentials[:staging_role_update_email_allowlist].include?(email.split("@").last.downcase)
+    if Rails.env.staging? && in_staging_role_update_email_allowlist?
      return ROLES
    end

@ -222,6 +222,10 @@ class User < ApplicationRecord
    ROLES.except(:support)
  end

+  def in_staging_role_update_email_allowlist?
+    Rails.application.credentials[:staging_role_update_email_allowlist].include?(email.split("@").last.downcase)
+  end
+
  def logs_filters(specific_org: false)
    if (support? && !specific_org) || organisation.has_managing_agents? || organisation.has_stock_owners?
      %w[years status needstypes assigned_to user owning_organisation managing_organisation bulk_upload_id user_text_search owning_organisation_text_search managing_organisation_text_search]