rubyforgood · dorner · Aug 23, 2024 · Jan 21, 2024 · Jan 28, 2024 · Aug 4, 2024
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -93,6 +93,15 @@ def authorize_admin
       current_user.has_role?(Role::ORG_ADMIN, current_organization)
   end
 
+  def require_partner
+    unless current_partner
+      respond_to do |format|
+        format.html { redirect_to dashboard_path, flash: { error: "Logged in user is not set up as a 'partner'." } }
+        format.json { render body: nil, status: :forbidden }
+      end
+    end
+  end
+
   def log_active_user
     if current_user && should_update_last_request_at?
       # we don't want the user record to validate or run callbacks when we're tracking activity

diff --git a/app/controllers/partners/dashboards_controller.rb b/app/controllers/partners/dashboards_controller.rb
@@ -4,6 +4,8 @@ class DashboardsController < BaseController
 
     protect_from_forgery with: :exception
 
+    before_action :require_partner
+
     def index; end
 
     def show

diff --git a/spec/requests/partners/dashboard_requests_spec.rb b/spec/requests/partners/dashboard_requests_spec.rb
@@ -57,6 +57,16 @@
     end
   end
 
+  context "without a partner role" do
+    it "should redirect to the organization dashboard" do
+      partner_user.add_role(Role::ORG_USER, @organization)
+      partner_user.remove_role(Role::PARTNER_USER, partner)
+      allow(UsersRole).to receive(:current_role_for).and_return(partner_user.roles.find_by(name: "partner"))
+      get partners_dashboard_path
+      expect(response.body).to include("switch_to_role")
+    end
+  end
+
   context "BroadcastAnnouncement card" do
     it "displays announcements if there are valid ones" do
       BroadcastAnnouncement.create(message: "test announcement", user_id: 1, organization_id: 1)