Merge branch 'rubyforgood:main' into issue-5759

.github/workflows/rspec.yml

@@ -10,10 +10,14 @@ on:
   pull_request:
     branches:
       - main
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 
 jobs:
   rspec:
     runs-on: ubuntu-latest
+    timeout-minutes: 20
     env:
       RAILS_ENV: test
 

Gemfile

@@ -65,7 +65,7 @@ group :development, :test do
   gem "rspec-rails"
   gem "rswag-specs"
   gem "shoulda-matchers"
-  gem "standard", "~> 1.36.0"
+  gem "standard", "~> 1.37.0"
   gem "parallel_tests"
   gem "rspec_junit_formatter"
 end

Gemfile.lock

@@ -298,7 +298,7 @@ GEM
     mutex_m (0.2.0)
     net-http-persistent (4.0.1)
       connection_pool (~> 2.2)
-    net-imap (0.4.12)
+    net-imap (0.4.13)
       date
       net-protocol
     net-pop (0.1.2)
@@ -322,12 +322,12 @@ GEM
     oj (3.16.3)
       bigdecimal (>= 3.0)
     orm_adapter (0.5.0)
-    parallel (1.24.0)
+    parallel (1.25.1)
     parallel_tests (4.7.1)
       parallel
     paranoia (2.6.3)
       activerecord (>= 5.1, < 7.2)
-    parser (3.3.1.0)
+    parser (3.3.3.0)
       ast (~> 2.4.1)
       racc
     pdf-forms (1.5.0)
@@ -408,8 +408,8 @@ GEM
     responders (3.1.1)
       actionpack (>= 5.2)
       railties (>= 5.2)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
+    rexml (3.3.0)
+      strscan
     rspec-core (3.13.0)
       rspec-support (~> 3.13.0)
     rspec-expectations (3.13.0)
@@ -440,7 +440,7 @@ GEM
     rswag-ui (2.13.0)
       actionpack (>= 3.1, < 7.2)
       railties (>= 3.1, < 7.2)
-    rubocop (1.63.5)
+    rubocop (1.64.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
@@ -453,7 +453,7 @@ GEM
       unicode-display_width (>= 2.4.0, < 3.0)
     rubocop-ast (1.31.3)
       parser (>= 3.3.1.0)
-    rubocop-performance (1.21.0)
+    rubocop-performance (1.21.1)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
     ruby-progressbar (1.13.0)
@@ -491,10 +491,10 @@ GEM
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
-    standard (1.36.0)
+    standard (1.37.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.63.0)
+      rubocop (~> 1.64.0)
       standard-custom (~> 1.0.0)
       standard-performance (~> 1.4)
     standard-custom (1.0.2)
@@ -625,7 +625,7 @@ DEPENDENCIES
   spring
   spring-commands-rspec
   sprockets-rails
-  standard (~> 1.36.0)
+  standard (~> 1.37.0)
   stimulus-rails
   strong_migrations
   traceroute

app/controllers/notifications_controller.rb

@@ -1,13 +1,25 @@
 class NotificationsController < ApplicationController
+  after_action :verify_authorized
+  before_action :set_notification, only: %i[mark_as_read]
+
   def index
+    authorize Noticed::Notification, policy_class: NotificationPolicy
+
     @deploy_time = Health.instance.latest_deploy_time
     @notifications = current_user.notifications.includes([:event]).newest_first
     @patch_notes = PatchNote.notes_available_for_user(current_user)
   end
 
   def mark_as_read
-    @notification = Noticed::Notification.find(params[:id])
+    authorize @notification, policy_class: NotificationPolicy
+
     @notification.mark_as_read unless @notification.read?
     redirect_to @notification.event.url
   end
+
+  private
+
+  def set_notification
+    @notification = Noticed::Notification.find(params[:id])
+  end
 end

app/policies/notification_policy.rb

@@ -0,0 +1,9 @@
+class NotificationPolicy < ApplicationPolicy
+  def index?
+    admin_or_supervisor_or_volunteer?
+  end
+
+  def mark_as_read?
+    record&.recipient == user
+  end
+end

app/values/all_casa_admin_parameters.rb

@@ -3,7 +3,7 @@ def initialize(params)
     params =
       params.require(:all_casa_admin).permit(:email, :password)
 
-    super(params)
+    super
   end
 
   def with_password(password)

package.json

@@ -37,11 +37,11 @@
     "lodash": "^4.17.21",
     "luxon": "^3.4.0",
     "popper.js": "^1.16.1",
-    "sass": "^1.77.4",
+    "sass": "^1.77.5",
     "select2": "^4.0.13",
     "select2-bootstrap-5-theme": "^1.3.0",
     "stimulus-rails-nested-form": "^4.1.0",
-    "strftime": "^0.10.2",
+    "strftime": "^0.10.3",
     "sweetalert2": "^11.3.5",
     "tom-select": "^2.3.1",
     "trix": "^2.1.1",

spec/models/casa_org_spec.rb

@@ -100,27 +100,6 @@
     end
   end
 
-  describe "user_count" do
-    let(:org) { create(:casa_org) }
-    subject(:count) { org.user_count }
-    before do
-      2.times { create(:user, casa_org: org) }
-    end
-    it { is_expected.to eq 2 }
-  end
-
-  describe "case_contacts_count" do
-    let(:org) { create(:casa_org) }
-    subject(:count) { org.case_contacts_count }
-    before do
-      5.times do
-        casa_case = create(:casa_case, casa_org: org)
-        3.times { create(:case_contact, casa_case: casa_case) }
-      end
-    end
-    it { is_expected.to eq 15 }
-  end
-
   describe "generate_defaults" do
     let(:org) { create(:casa_org) }
     let(:fake_topics) { [{"question" => "Test Title", "details" => "Test details"}] }

spec/policies/notification_policy_spec.rb

@@ -0,0 +1,44 @@
+require "rails_helper"
+
+RSpec.describe NotificationPolicy, type: :policy do
+  subject { described_class }
+
+  let(:recipient) { create(:volunteer) }
+  let(:casa_admin) { create(:casa_admin) }
+  let(:volunteer) { build(:volunteer) }
+  let(:supervisor) { build(:supervisor) }
+
+  permissions :index? do
+    it "allows any volunteer" do
+      is_expected.to permit(casa_admin)
+    end
+
+    it "allows any supervisor" do
+      is_expected.to permit(supervisor)
+    end
+
+    it "allows any admin" do
+      is_expected.to permit(volunteer)
+    end
+  end
+
+  permissions :mark_as_read? do
+    let(:notification) { create(:notification, recipient: recipient) }
+
+    it "allows recipient" do
+      is_expected.to permit(recipient, notification)
+    end
+
+    it "does not allow other volunteer" do
+      is_expected.to_not permit(volunteer, notification)
+    end
+
+    it "does not permit other supervisor" do
+      is_expected.to_not permit(supervisor, notification)
+    end
+
+    it "does not permit other admin" do
+      is_expected.to_not permit(casa_admin, notification)
+    end
+  end
+end

spec/requests/notifications_spec.rb

@@ -114,4 +114,49 @@
       end
     end
   end
+
+  describe "POST #mark_as_read" do
+    let(:user) { create(:volunteer) }
+    let(:notification) { create(:notification, :followup_with_note, recipient: user, read_at: nil) }
+
+    before { sign_in user }
+
+    context "when user is authorized" do
+      it "marks the notification as read" do
+        post mark_as_read_notification_path(notification)
+
+        expect(notification.reload.read_at).not_to be_nil
+      end
+
+      it "redirects to the notification event URL" do
+        post mark_as_read_notification_path(notification)
+
+        expect(response).to redirect_to(notification.event.url)
+      end
+    end
+
+    context "when user is not authorized" do
+      let(:other_user) { create(:volunteer) }
+
+      before { sign_in other_user }
+
+      it "does not mark the notification as read" do
+        post mark_as_read_notification_path(notification)
+
+        expect(notification.reload.read_at).to be_nil
+      end
+
+      it "redirects to root" do
+        post mark_as_read_notification_path(notification)
+
+        expect(response).to redirect_to(root_path)
+      end
+    end
+
+    it "does not mark the notification as read if it is already read" do
+      notification = create(:notification, :followup_read, recipient: user)
+
+      expect { post mark_as_read_notification_path(notification) }.not_to(change { notification.reload.read_at })
+    end
+  end
 end

yarn.lock

@@ -4984,10 +4984,10 @@ safe-regex-test@^1.0.0:
   resolved "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz"
   integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
 
-sass@^1.77.4:
-  version "1.77.4"
-  resolved "https://registry.yarnpkg.com/sass/-/sass-1.77.4.tgz#92059c7bfc56b827c56eb116778d157ec017a5cd"
-  integrity sha512-vcF3Ckow6g939GMA4PeU7b2K/9FALXk2KF9J87txdHzXbUF9XRQRwSxcAs/fGaTnJeBFd7UoV22j3lzMLdM0Pw==
+sass@^1.77.5:
+  version "1.77.5"
+  resolved "https://registry.yarnpkg.com/sass/-/sass-1.77.5.tgz#5f9009820297521356e962c0bed13ee36710edfe"
+  integrity sha512-oDfX1mukIlxacPdQqNb6mV2tVCrnE+P3nVYioy72V5tlk56CPNcO4TCuFcaCRKKfJ1M3lH95CleRS+dVKL2qMg==
   dependencies:
     chokidar ">=3.0.0 <4.0.0"
     immutable "^4.0.0"
@@ -5160,10 +5160,10 @@ stream-combiner@~0.0.4:
   dependencies:
     duplexer "~0.1.1"
 
-strftime@^0.10.2:
-  version "0.10.2"
-  resolved "https://registry.yarnpkg.com/strftime/-/strftime-0.10.2.tgz#9cc5a63a6170455730ddf617e8b506ab06dde985"
-  integrity sha512-Y6IZaTVM80chcMe7j65Gl/0nmlNdtt+KWPle5YeCAjmsBfw+id2qdaJ5MDrxUq+OmHKab+jHe7mUjU/aNMSZZg==
+strftime@^0.10.3:
+  version "0.10.3"
+  resolved "https://registry.yarnpkg.com/strftime/-/strftime-0.10.3.tgz#d801427a07f794c1e16a622371efe660fa72123f"
+  integrity sha512-DZrDUeIF73eKJ4/GgGuv8UHWcUQPYDYfDeQFj3jrx+JZl6GQE656MbHIpvbo4mEG9a5DgS8GRCc5DxJXD2udDQ==
 
 string-length@^4.0.1:
   version "4.0.2"
@@ -5670,9 +5670,9 @@ write-file-atomic@^4.0.2:
     signal-exit "^3.0.7"
 
 ws@^8.8.0:
-  version "8.8.1"
-  resolved "https://registry.npmjs.org/ws/-/ws-8.8.1.tgz"
-  integrity sha512-bGy2JzvzkPowEJV++hF07hAD6niYSr0JzBNo/J29WsB57A2r7Wlc1UFcTR9IzrPvuNVO4B8LGqF8qcpsVOhJCA==
+  version "8.17.1"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b"
+  integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==
 
 xdg-basedir@^4.0.0:
   version "4.0.0"