Remove hardcoded admin functionality

steve-sullivan · steve-sullivan · commit 8882f4c80379 · 2026-05-08T17:01:32.000-07:00
diff --git a/app/controllers/proxy_borrower_admin_controller.rb b/app/controllers/proxy_borrower_admin_controller.rb
@@ -109,7 +109,7 @@ def init_form!; end
 
   # You shall not pass....unless you're an admin
   def require_admin!
-    @user_is_admin = current_user.any_role?(Role.proxyborrow_admin)
+    @user_is_admin = current_user.any_role?(Role.proxyborrow_admin, :framework_admin)
     redirect_to proxy_borrower_forms_path unless @user_is_admin
   end
 
diff --git a/app/controllers/proxy_borrower_forms_controller.rb b/app/controllers/proxy_borrower_forms_controller.rb
@@ -9,7 +9,7 @@ def index
     # I think I want to get the users role now... if they're in the DB
     # then I'll want to pass that info so they have the
     # admin link...otherwise, NO admin link!
-    @user_is_admin = current_user.any_role?(Role.proxyborrow_admin)
+    @user_is_admin = current_user.any_role?(Role.proxyborrow_admin, :framework_admin)
   end
 
   def dsp_form
diff --git a/app/controllers/reference_card_forms_controller.rb b/app/controllers/reference_card_forms_controller.rb
@@ -85,7 +85,7 @@ def validate_recaptcha!
 
   def require_admin!
     authenticate!
-    @user_is_admin = current_user.role?(Role.stackpass_admin)
+    @user_is_admin = current_user.any_role?(Role.stackpass_admin, :framework_admin)
     raise Error::ForbiddenError unless @user_is_admin
   end
 end
diff --git a/app/controllers/stack_pass_admin_controller.rb b/app/controllers/stack_pass_admin_controller.rb
@@ -51,7 +51,7 @@ def init_form!; end
 
   # You shall not pass....unless you're an admin
   def require_admin!
-    @user_is_admin = current_user.any_role?(Role.stackpass_admin)
+    @user_is_admin = current_user.any_role?(Role.stackpass_admin, :framework_admin)
     redirect_to stack_pass_forms_path unless @user_is_admin
   end
 
diff --git a/app/controllers/stack_pass_forms_controller.rb b/app/controllers/stack_pass_forms_controller.rb
@@ -86,6 +86,6 @@ def validate_recaptcha!
   end
 
   def require_admin!
-    @user_is_admin = authenticate_with_role!(Role.stackpass_admin)
+    @user_is_admin = authenticate_with_role!(Role.stackpass_admin, :framework_admin)
   end
 end
diff --git a/app/controllers/stack_requests_controller.rb b/app/controllers/stack_requests_controller.rb
@@ -8,7 +8,7 @@ class StackRequestsController < ApplicationController
   def forbidden; end
 
   def index
-    @user_is_admin = current_user.role?(Role.stackpass_admin)
+    @user_is_admin = current_user.any_role?(Role.stackpass_admin, :framework_admin)
   end
 
 end
diff --git a/app/helpers/field_builder.rb b/app/helpers/field_builder.rb
@@ -1,6 +1,5 @@
 require 'action_view/helpers/tag_helper'
 
-# rubocop:disable Rails/HelperInstanceVariable
 class FieldBuilder
   attr_reader :tag_helper
   attr_reader :builder
@@ -109,4 +108,3 @@ def error_feedback_tag
     content_tag(:div, first_error, class: 'invalid-feedback')
   end
 end
-# rubocop:enable Rails/HelperInstanceVariable
diff --git a/app/models/framework_users.rb b/app/models/framework_users.rb
@@ -21,18 +21,4 @@ class FrameworkUsers < ActiveRecord::Base
   validates :role,
             presence: true
 
-  class << self
-    # Hardcoded admins - so if for some reason all of the
-    # admins in the DB are deleted, we still have a way of
-    # getting in and managing things!
-    HARDCODED_ADMIN_UIDS = [
-      '7165',    # Lisa Weber
-      '1707532'  # Steve Sullivan
-    ].freeze
-
-    def hardcoded_admin?(uid)
-      HARDCODED_ADMIN_UIDS.include?(uid.to_s)
-    end
-  end
-
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -72,19 +72,8 @@ def primary_patron_record
     @primary_patron_record ||= find_primary_record
   end
 
-  # TODO: Unify this, faculty/staff checks, framework/alma admin checks
-  #       (and improve the design)
   def role?(role)
-    role_value =
-      if role.respond_to?(:role)
-        role.role
-      elsif role.respond_to?(:name)
-        role.name
-      else
-        role
-      end
-
-    role_name = role_value.to_sym
+    role_name = role_name_for(role)
 
     case role_name
     when :framework_admin
@@ -93,9 +82,6 @@ def role?(role)
       return true if alma_admin?
     end
 
-    # TODO: Remove this hackery!!!
-    return true if FrameworkUsers.hardcoded_admin?(uid)
-
     user = FrameworkUsers.find_by(lcasid: uid)
     return false unless user
 
@@ -124,4 +110,17 @@ def uid_patron_record
   def find_primary_record
     uid_patron_record
   end
+
+  def role_name_for(role)
+    role_value =
+      if role.respond_to?(:role)
+        role.role
+      elsif role.respond_to?(:name)
+        role.name
+      else
+        role
+      end
+
+    role_value.to_sym
+  end
 end
diff --git a/spec/calnet_helper.rb b/spec/calnet_helper.rb
@@ -2,8 +2,8 @@
 require 'alma_helper'
 
 module CalnetHelper
-  # Lisa Weber's UID, hard-coded in FrameworkUsers
-  STACK_REQUEST_ADMIN_UID = '7165'.freeze
+  # UID used for test authentication
+  TEST_UID = '7165'.freeze
 
   # Mocks a calnet login as the specified patron, and stubs the corresponding
   # Millennium patron dump file. Suitable for calling from a before() block.
@@ -31,7 +31,7 @@ def with_patron_login(patron_id)
     user = login_as_patron(patron_id)
     yield user
   rescue StandardError => e
-    puts "#{e}\n\t#{e.backtrace.join("\n\t")}" # rubocop:disable Rails/Output
+    puts "#{e}\n\t#{e.backtrace.join("\n\t")}"
     raise
   ensure
     logout!
diff --git a/spec/jobs_helper.rb b/spec/jobs_helper.rb
@@ -112,7 +112,7 @@
 
       expect { job.perform_now(patron.id) }.to(
         raise_error(StandardError).and(
-          (change { ActionMailer::Base.deliveries.count }).by(1)
+          change { ActionMailer::Base.deliveries.count }.by(1)
         )
       )
       last_email = ActionMailer::Base.deliveries.last
diff --git a/spec/request/doemoff_patron_email_forms_spec.rb b/spec/request/doemoff_patron_email_forms_spec.rb
@@ -16,7 +16,7 @@
 
   context 'specs for logged in user' do
     before do
-      mock_login(CalnetHelper::STACK_REQUEST_ADMIN_UID)
+      mock_login(CalnetHelper::TEST_UID)
       @required_params = {
         patron_email: 'test@berkeley.edu',
         patron_message: 'test message',
diff --git a/spec/request/framework_user_request_spec.rb b/spec/request/framework_user_request_spec.rb
@@ -3,7 +3,7 @@
 describe :forms_proxy_borrower_admin, type: :request do
   context 'specs with hardcoded admin' do
     before do
-      mock_login(CalnetHelper::STACK_REQUEST_ADMIN_UID)
+      mock_login(CalnetHelper::TEST_UID)
     end
 
     it 'removes an admin user' do
diff --git a/spec/request/proxy_borrower_forms_request_spec.rb b/spec/request/proxy_borrower_forms_request_spec.rb
@@ -10,7 +10,7 @@
 
   let(:alma_api_key) { 'totally-fake-key' }
 
-  context 'specs without admin privledges' do
+  context 'specs without admin privileges' do
     before do
       allow(Rails.application.config).to receive(:alma_api_key).and_return(alma_api_key)
       @patron_id = Alma::Type.sample_id_for(Alma::Type::FACULTY)
@@ -33,7 +33,7 @@
     end
   end
 
-  context 'specs with created admin privledges' do
+  context 'specs with created admin privileges' do
     before do
       allow(Rails.application.config).to receive(:alma_api_key).and_return(alma_api_key)
 
@@ -83,151 +83,4 @@
       expect(response).to have_http_status :ok
     end
   end
-
-  context 'specs with hard-coded admin privledges' do
-    before do
-      allow(Rails.application.config).to receive(:alma_api_key).and_return(alma_api_key)
-
-      # Need to create a request for search!!!
-      @req = ProxyBorrowerRequests.create(
-        faculty_name: 'Test Search User',
-        department: 'ABCD',
-        faculty_id: '12345',
-        student_name: nil,
-        student_dsp: nil,
-        dsp_rep: nil,
-        research_last: 'RLast',
-        research_first: 'RFirst',
-        research_middle: nil,
-        date_term: Date.tomorrow,
-        renewal: 0,
-        status: nil
-      )
-
-      @patron_id = Alma::Type.sample_id_for(Alma::Type::FACULTY)
-      @user = login_as_patron(patron_id)
-      @patron = Alma::User.find(patron_id)
-
-      admin_user = User.new(uid: '1707532', affiliations: ['EMPLOYEE-TYPE-ACADEMIC'])
-      allow_any_instance_of(ProxyBorrowerAdminController).to receive(:current_user).and_return(admin_user)
-    end
-
-    it 'DSP Form renders correct form' do
-      get forms_proxy_borrower_dsp_path
-      expect(response.body).to include('<h1>Proxy Borrower Card Application Form - DSP</h1>')
-      expect(response).to have_http_status :ok
-    end
-
-    it 'Faculty Form forbids non-faculty members' do
-      get forms_proxy_borrower_faculty_path
-      expect(response).to have_http_status :forbidden
-    end
-
-    it 'Admin page renders' do
-      get forms_proxy_borrower_admin_path
-      expect(response).to have_http_status :ok
-    end
-
-    it 'Admin View DB page renders' do
-      get forms_proxy_borrower_admin_view_path
-      expect(response).to have_http_status :ok
-    end
-
-    it 'Admin Export redirects' do
-      get forms_proxy_borrower_admin_export_path
-      expect(response).to have_http_status :found
-    end
-
-    it 'Admin Search renders page' do
-      get forms_proxy_borrower_admin_search_path
-      expect(response).to have_http_status :ok
-    end
-
-    it 'Admin Search indicates if there are no search results found' do
-      get(forms_proxy_borrower_admin_search_path, params: {
-            search_term: 'SEARCHVALUE'
-          })
-
-      expect(response).to have_http_status :ok
-      expect(response.body).to match(/we could not find any results/)
-    end
-
-    it 'Admin Search finds a record' do
-      get(forms_proxy_borrower_admin_search_path, params: {
-            search_term: 'RLast'
-          })
-
-      expect(response).to have_http_status :ok
-      expect(response.body).to match(/Test Search User/)
-    end
-
-    it 'Admin Search handles date searches' do
-      get(forms_proxy_borrower_admin_search_path, params: {
-            search_term: '4/13/1996'
-          })
-
-      expect(response).to have_http_status :ok
-      expect(response.body).to match(/we could not find any results/)
-    end
-
-    it 'Admin Add/Edit Users form renders' do
-      get forms_proxy_borrower_admin_users_path
-      expect(response).to have_http_status :ok
-    end
-
-    it 'Results page renders' do
-      get forms_proxy_borrower_result_path
-      expect(response).to have_http_status :ok
-    end
-
-    it 'Faculty Form rejects a submission with missing fields' do
-      post(forms_proxy_borrower_request_faculty_path, params: { proxy_borrower_requests: {
-             faculty_name: 'John Doe',
-             research_last: '',
-             research_first: '',
-             date_term: '',
-             renewal: ''
-           } })
-
-      expect(response).to have_http_status :unprocessable_content
-      expect(response.body).to match(/Please correct these and resubmit the form/)
-    end
-
-    it 'submission enqueues confirmation + alert emails' do
-      expect do
-        post(forms_proxy_borrower_request_dsp_path, params: {
-               proxy_borrower_requests: {
-                 student_name: 'Veronica Names',
-                 dsp_rep: 'DSP Rep',
-                 research_last: 'last',
-                 research_first: 'first',
-                 date_term: Date.tomorrow,
-                 renewal: 0
-               }
-             })
-      end.to have_enqueued_job(ActionMailer::MailDeliveryJob).exactly(2).times
-
-      expect(response).to have_http_status(:created)
-    end
-
-    it 'Faculty submission enqueues confirmation + alert emails' do
-      allow_any_instance_of(User).to receive(:ucb_faculty?).and_return(true)
-
-      expect do
-        post(forms_proxy_borrower_request_faculty_path, params: {
-               proxy_borrower_requests: {
-                 faculty_name: 'Thelonius Monk',
-                 department: 'History',
-                 research_last: 'Last',
-                 research_first: 'First',
-                 date_term: Date.tomorrow,
-                 renewal: 0
-               }
-             })
-      end.to have_enqueued_job(ActionMailer::MailDeliveryJob).exactly(2).times
-
-      expect(response).to have_http_status(:created)
-    end
-
-  end
 end
diff --git a/spec/request/reference_card_forms_request_spec.rb b/spec/request/reference_card_forms_request_spec.rb
@@ -8,10 +8,10 @@
   attr_reader :patron
   attr_reader :user
 
-  context 'specs without admin privledges' do
+  context 'specs without admin privileges' do
     before do
       login_as_patron(Alma::NON_FRAMEWORK_ADMIN_ID)
-      allow_any_instance_of(User).to receive(:role?).with(Role.stackpass_admin).and_return(false)
+      allow_any_instance_of(User).to receive(:any_role?).with(Role.stackpass_admin, :framework_admin).and_return(false)
     end
 
     it 'reference card index page redirects to form' do
@@ -88,9 +88,9 @@
     end
   end
 
-  context 'specs with admin privledges' do
+  context 'specs with admin privileges' do
     before do
-      admin_user = User.new(display_name: 'Test Admin', uid: '1707532', affiliations: ['EMPLOYEE-TYPE-ACADEMIC'])
+      admin_user = User.new(display_name: 'Test Admin', uid: '1707532', framework_admin: true, affiliations: ['EMPLOYEE-TYPE-ACADEMIC'])
       allow_any_instance_of(ReferenceCardFormsController).to receive(:current_user).and_return(admin_user)
       allow_any_instance_of(StackRequestsController).to receive(:current_user).and_return(admin_user)
     end
diff --git a/spec/request/security_incident_report_forms_spec.rb b/spec/request/security_incident_report_forms_spec.rb
@@ -16,7 +16,7 @@
 
   context 'specs for logged in user' do
     before do
-      mock_login(CalnetHelper::STACK_REQUEST_ADMIN_UID)
+      mock_login(CalnetHelper::TEST_UID)
       @required_params = {
         incident_location: 'Camponille Tower',
         incident_date: '2024-05-03',
diff --git a/spec/request/stack_pass_form_request_spec.rb b/spec/request/stack_pass_form_request_spec.rb
diff --git a/spec/system/proxy_borrower_admin_system_spec.rb b/spec/system/proxy_borrower_admin_system_spec.rb
diff --git a/spec/system/reference_card_forms_system_spec.rb b/spec/system/reference_card_forms_system_spec.rb
diff --git a/spec/system/stack_pass_admin_system_spec.rb b/spec/system/stack_pass_admin_system_spec.rb
diff --git a/spec/system/stack_pass_forms_system_spec.rb b/spec/system/stack_pass_forms_system_spec.rb
