Merge branch 'np/LG-14884/migrate-role-users' into 'main'

LG-14884 migrate roles for past users See merge request lg/identity-dashboard!213
18F · Feb 12, 2025 · ac38082 · ac38082
2 parents cfa6484 + e9ca36f
commit ac38082
Show file tree

Hide file tree

Showing 3 changed files with 138 additions and 0 deletions.
diff --git a/app/services/populate_roles.rb b/app/services/populate_roles.rb
@@ -0,0 +1,56 @@
+# PopulateRole designed to be invoked from a rake task
+# as such, uses puts() instead of logger
+include TeamHelper
+
+class PopulateRoles
+  USAGE_WARNING = <<-WARN.strip.freeze
+      WARNING: this will loop through all UserTeams with invalid or nil roles and reset roles based on legacy permissions
+    WARN
+
+    VALID_ROLENAMES = %w[partner_admin partner_developer partner_readonly logingov_admin]
+
+    def initialize(logger)
+        @logger = logger
+        @logger.warn(USAGE_WARNING)
+        @userteamswithoutrole = UserTeam.where(role_name: nil)
+          .or UserTeam.where.not(role_name: PopulateRoles::VALID_ROLENAMES)
+        # check against array of exact role names (not friendly names)
+        @logger.info(@userteamswithoutrole)
+    end
+
+    def call
+      if @userteamswithoutrole.length == 0
+        @logger.info('INFO: All UserTeams already have valid roles.')
+      end
+      begin
+        @userteamswithoutrole.each do |userteam|
+          user = get_user(userteam)
+          role = get_legacy_role(user)
+          set_role(userteam, role)
+          @logger.info("User #{user.email} role updated to #{role}")
+        end
+        rescue StandardError => err
+          @logger.warn("ERROR: #{err}")
+      end
+      @logger.info('SUCCESS: All invalid UserTeams have been updated')
+    end
+
+    private
+
+    def get_user(userteam)
+        User.find(userteam.user_id)
+    end
+
+    def get_legacy_role(user)
+        # partner_admin = legacy allowlisted
+        return 'partner_admin' if allowlisted_user?(user)
+
+        'partner_developer'
+    end
+
+    def set_role(userteam, role)
+        userteam.role = Role.find_by(name: role)
+        userteam.save!
+    end
+
+  end
diff --git a/lib/tasks/populate_roles.rake b/lib/tasks/populate_roles.rake
@@ -0,0 +1,7 @@
+namespace :user_teams do
+  desc 'Update legacy permissions to roles'
+  task populate_roles: :environment do
+    logger = Logger.new(STDOUT)
+    PopulateRoles.new(logger).call
+  end
+end
diff --git a/spec/services/populate_roles_spec.rb b/spec/services/populate_roles_spec.rb
@@ -0,0 +1,75 @@
+require 'rails_helper'
+
+describe PopulateRoles do
+  let(:gov_account) { 'test@example.gov,Robert,Smith' }
+  let(:gov_email)      { gov_account.split(',')[0] }
+  let(:gov_first_name) { gov_account.split(',')[1] }
+  let(:gov_last_name)  { gov_account.split(',')[2] }
+
+  let(:nongov_account) { 'test@example.com,Bob,Walters' }
+  let(:nongov_email)      { nongov_account.split(',')[0] }
+  let(:nongov_first_name) { nongov_account.split(',')[1] }
+  let(:nongov_last_name)  { nongov_account.split(',')[2] }
+
+  let(:without_role_membership) { create(:user_team) }
+  let(:with_role_membership) { create(:user_team, :partner_developer) }
+  let(:logger) { instance_double(Logger) }
+
+  subject { described_class.new(logger) }
+
+  describe '#call' do
+    before do
+      allow(logger).to receive(:info).with(any_args)
+      allow(logger).to receive(:warn).with(any_args)
+    end
+
+    context 'when the user has gov email address' do
+      it 'updates role name to partner_admin' do
+        user = User.create(
+            email: gov_email,
+            first_name: gov_first_name,
+            last_name: gov_last_name,
+            admin: false,
+          )
+        user.user_teams << without_role_membership
+        subject.call
+        user.reload
+        expect(user.user_teams.first.role_name).to eq('partner_admin')
+        expect(logger).to have_received(:info)
+          .with('SUCCESS: All invalid UserTeams have been updated')
+      end
+    end
+
+    context 'when the user does not have a gov email address' do
+      it 'updates role name to partner_developer' do
+        user = User.create(
+            email: nongov_email,
+            first_name: nongov_first_name,
+            last_name: nongov_last_name,
+            admin: false,
+          )
+        user.user_teams << without_role_membership
+        subject.call
+        user.reload
+        expect(user.user_teams.first.role_name).to eq('partner_developer')
+        expect(logger).to have_received(:info)
+          .with('SUCCESS: All invalid UserTeams have been updated')
+      end
+    end
+
+    context 'when there are no invalid or nil User Teams' do
+        it 'display a message and exit script' do
+            user = User.create(
+                email: nongov_email,
+                first_name: nongov_first_name,
+                last_name: nongov_last_name,
+                admin: false,
+            )
+            user.user_teams << with_role_membership
+            subject.call
+            expect(logger).to have_received(:info)
+              .with('INFO: All UserTeams already have valid roles.')
+        end
+    end
+  end
+end