From a4b877737c4bc97586936893eaa9411798d2dddd Mon Sep 17 00:00:00 2001
From: Brock Wilcox <awwaiid@thelackthereof.org>
Date: Sun, 21 Jan 2024 13:52:35 -0500
Subject: [PATCH 1/5] Require a partner for the partner dashboard

---
 app/controllers/application_controller.rb         | 9 +++++++++
 app/controllers/partners/dashboards_controller.rb | 2 ++
 2 files changed, 11 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index cfc4e2786f..b1469ee749 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -93,6 +93,15 @@ def authorize_admin
       current_user.has_role?(Role::ORG_ADMIN, current_organization)
   end
 
+  def require_partner
+    unless current_partner
+      respond_to do |format|
+        format.html { redirect_to dashboard_path, flash: { error: "Logged in user is not set up as a 'partner'." } }
+        format.json { render body: nil, status: :forbidden }
+      end
+    end
+  end
+
   def log_active_user
     if current_user && should_update_last_request_at?
       # we don't want the user record to validate or run callbacks when we're tracking activity
diff --git a/app/controllers/partners/dashboards_controller.rb b/app/controllers/partners/dashboards_controller.rb
index da88707c22..84abb6fce1 100644
--- a/app/controllers/partners/dashboards_controller.rb
+++ b/app/controllers/partners/dashboards_controller.rb
@@ -4,6 +4,8 @@ class DashboardsController < BaseController
 
     protect_from_forgery with: :exception
 
+    before_action :require_partner
+
     def index; end
 
     def show

From b5b799cde59f000e77cc85464f233731f6f29e3f Mon Sep 17 00:00:00 2001
From: Brock Wilcox <awwaiid@thelackthereof.org>
Date: Sun, 28 Jan 2024 10:46:31 -0500
Subject: [PATCH 2/5] Validate that a non-partner user gets redirected

---
 spec/requests/partners/dashboard_requests_spec.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/spec/requests/partners/dashboard_requests_spec.rb b/spec/requests/partners/dashboard_requests_spec.rb
index 97f98eaab9..790ad2493d 100644
--- a/spec/requests/partners/dashboard_requests_spec.rb
+++ b/spec/requests/partners/dashboard_requests_spec.rb
@@ -57,6 +57,16 @@
     end
   end
 
+  context "without a partner role" do
+    it "should redirect to the organization dashboard" do
+      partner_user.add_role(Role::ORG_USER, @organization)
+      partner_user.remove_role(Role::PARTNER_USER, partner)
+      allow(UsersRole).to receive(:current_role_for).and_return(partner_user.roles.find_by(name: "partner"))
+      get partners_dashboard_path
+      expect(response.body).to include("switch_to_role")
+    end
+  end
+
   context "BroadcastAnnouncement card" do
     it "displays announcements if there are valid ones" do
       BroadcastAnnouncement.create(message: "test announcement", user_id: 1, organization_id: 1)

From 5caa4c07d097f3059a44598d15c36fb885e06d7e Mon Sep 17 00:00:00 2001
From: Brock Wilcox <awwaiid@thelackthereof.org>
Date: Sun, 4 Aug 2024 16:08:01 -0400
Subject: [PATCH 3/5] Centralize partner-user requirement to partner base
 controller

---
 app/controllers/application_controller.rb         |  9 ---------
 app/controllers/partners/base_controller.rb       | 11 +++++++++++
 app/controllers/partners/dashboards_controller.rb |  2 --
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 527b7bdf4e..e80333a9ee 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -70,15 +70,6 @@ def authorize_admin
       current_user.has_role?(Role::ORG_ADMIN, current_organization)
   end
 
-  def require_partner
-    unless current_partner
-      respond_to do |format|
-        format.html { redirect_to dashboard_path, flash: { error: "Logged in user is not set up as a 'partner'." } }
-        format.json { render body: nil, status: :forbidden }
-      end
-    end
-  end
-
   def log_active_user
     if current_user && should_update_last_request_at?
       # we don't want the user record to validate or run callbacks when we're tracking activity
diff --git a/app/controllers/partners/base_controller.rb b/app/controllers/partners/base_controller.rb
index 0b217375d1..145ded6335 100644
--- a/app/controllers/partners/base_controller.rb
+++ b/app/controllers/partners/base_controller.rb
@@ -2,12 +2,23 @@ module Partners
   class BaseController < ApplicationController
     layout 'partners/application'
 
+    before_action :require_partner
+
     private
 
     def redirect_to_root
       redirect_to root_path
     end
 
+    def require_partner
+      unless current_partner
+        respond_to do |format|
+          format.html { redirect_to dashboard_path, flash: { error: "Logged in user is not set up as a 'partner'." } }
+          format.json { render body: nil, status: :forbidden }
+        end
+      end
+    end
+
     def verify_partner_is_active
       if current_partner.deactivated?
         flash[:alert] = 'Your account has been disabled, contact the organization via their email to reactivate'
diff --git a/app/controllers/partners/dashboards_controller.rb b/app/controllers/partners/dashboards_controller.rb
index 860d48bd66..0483ac0f6b 100644
--- a/app/controllers/partners/dashboards_controller.rb
+++ b/app/controllers/partners/dashboards_controller.rb
@@ -4,8 +4,6 @@ class DashboardsController < BaseController
 
     protect_from_forgery with: :exception
 
-    before_action :require_partner
-
     def index; end
 
     def show

From c8c790532da7d49e53983aedcbbe8e8a6f535d38 Mon Sep 17 00:00:00 2001
From: Brock Wilcox <awwaiid@thelackthereof.org>
Date: Mon, 19 Aug 2024 12:01:18 -0400
Subject: [PATCH 4/5] Clean out the lint!

---
 app/controllers/partners/base_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/partners/base_controller.rb b/app/controllers/partners/base_controller.rb
index 145ded6335..37435df4a6 100644
--- a/app/controllers/partners/base_controller.rb
+++ b/app/controllers/partners/base_controller.rb
@@ -13,7 +13,7 @@ def redirect_to_root
     def require_partner
       unless current_partner
         respond_to do |format|
-          format.html { redirect_to dashboard_path, flash: { error: "Logged in user is not set up as a 'partner'." } }
+          format.html { redirect_to dashboard_path, flash: {error: "Logged in user is not set up as a 'partner'."} }
           format.json { render body: nil, status: :forbidden }
         end
       end

From 221ed0e4220ce17312bc5d5174cfe2f8abf7b528 Mon Sep 17 00:00:00 2001
From: Brock Wilcox <awwaiid@thelackthereof.org>
Date: Mon, 19 Aug 2024 12:12:36 -0400
Subject: [PATCH 5/5] Fix redirect spec

---
 spec/requests/partners/dashboard_requests_spec.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec/requests/partners/dashboard_requests_spec.rb b/spec/requests/partners/dashboard_requests_spec.rb
index 38f69ed551..b800f4f776 100644
--- a/spec/requests/partners/dashboard_requests_spec.rb
+++ b/spec/requests/partners/dashboard_requests_spec.rb
@@ -89,10 +89,10 @@
   context "without a partner role" do
     it "should redirect to the organization dashboard" do
       partner_user.add_role(Role::ORG_USER, @organization)
-      partner_user.remove_role(Role::PARTNER_USER, partner)
+      partner_user.remove_role(Role::PARTNER, partner)
       allow(UsersRole).to receive(:current_role_for).and_return(partner_user.roles.find_by(name: "partner"))
       get partners_dashboard_path
-      expect(response.body).to include("switch_to_role")
+      expect(response).to redirect_to(dashboard_path)
     end
   end