updating dependencies

Gemfile

@@ -27,6 +27,7 @@ gem 'maintenance_tasks', '2.10.1'
 gem 'pagy', '9.3.3'
 gem 'pg', '1.5.9'
 gem 'pghero', '3.6.1', '>= 2'
+gem 'pretender', '0.5.0'
 gem 'propshaft', '1.1.0'
 gem 'puma', '6.5.0'
 gem 'pundit', '2.4.0'

Gemfile.lock

@@ -288,6 +288,8 @@ GEM
     pg (1.5.9)
     pghero (3.6.1)
       activerecord (>= 6.1)
+    pretender (0.5.0)
+      actionpack (>= 6.1)
     propshaft (1.1.0)
       actionpack (>= 7.0.0)
       activesupport (>= 7.0.0)
@@ -512,6 +514,7 @@ DEPENDENCIES
   pagy (= 9.3.3)
   pg (= 1.5.9)
   pghero (>= 2, = 3.6.1)
+  pretender (= 0.5.0)
   propshaft (= 1.1.0)
   puma (= 6.5.0)
   pundit (= 2.4.0)

app/controllers/admin/users_controller.rb

@@ -103,6 +103,17 @@ def collection_export_xlsx
     )
   end
 
+  def impersonate
+    user = User.find(params[:id])
+    impersonate_user(user)
+    redirect_to root_path
+  end
+
+  def stop_impersonating
+    stop_impersonating_user
+    redirect_to admin_root_path
+  end
+
   private
 
   def create_params

app/controllers/application_controller.rb

@@ -5,6 +5,8 @@ class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
   add_flash_types :info, :error, :warning
 
+  impersonates :user
+
   def controller_class
     controller_name.classify.constantize
   end

app/models/user.rb

@@ -50,6 +50,10 @@ def access_authorized?(resource:, operation:)
     system_permissions.where(resource:, operation:).exists?
   end
 
+  def has_system_permission?
+    system_permissions.exists?
+  end
+
   def name
     full_name
   end

app/policies/dashboard_policy.rb

@@ -0,0 +1,9 @@
+class DashboardPolicy < ApplicationPolicy
+  def initialize(user, _record)
+    @user = user
+  end
+
+  def index?
+    user.has_system_permission?
+  end
+end

app/policies/user_policy.rb

@@ -2,4 +2,12 @@ class UserPolicy < ApplicationPolicy
   def trigger_password_reset_email?
     user_access_authorized?(:trigger_password_reset_email)
   end
+
+  def impersonate?
+    user_access_authorized?(:impersonate)
+  end
+
+  def stop_impersonating?
+    user_access_authorized?(:impersonate)
+  end
 end

app/views/admin/dashboard/index.html.erb

@@ -24,8 +24,7 @@
         <% card.with_link(name: "System Users", url: polymorphic_path([:admin, User]), policy: User) %>
       <% end %>
     </div>
-
-    <%= external_link_to("Test Staging", staging_site_url) %>
+
     <div class="col-6">
       <%= render Admin::DashboardCard::Component.new(title: "Development") do |card| %>
         <% card.with_link(name: "KC Tennis (Staging)", url: 'https://staging.kc.tennis', new_window: true) %>

app/views/admin/users/show.html.erb

@@ -10,4 +10,7 @@
     <% table.with_row(name: "Created at", value: default_date_format(@instance.created_at)) %>
     <% table.with_row(name: "Updated at", value: default_date_format(@instance.updated_at)) %>
   <% end %>
+  <%= render Admin::TableForShow::Component.new(title: 'Admin') do |table| %>
+    <% table.with_row(name: "Act As User", value: link_to("Impersonate", polymorphic_path([:impersonate, :admin, @instance]), method: :get, data: { turbo: false })) %>
+  <% end %>
 <% end %>

app/views/static/index.html.erb

@@ -1 +1,8 @@
 This is the static#index view.
+
+<% if current_user != true_user %>
+  You (<%= true_user.name %>) are signed in as <%= current_user.name %><br/>
+  <%= link_to("Stop Impersonating", stop_impersonating_admin_users_path, data: { turbo: false }) %>
+<% else %>
+  You are <%= current_user.full_name if current_user %>
+<% end %>

config/routes.rb

@@ -87,8 +87,13 @@
 
     resources :users, concerns: :collection_exportable do
       member do
+        get :impersonate
         put :trigger_password_reset_email
       end
+
+      collection do
+        get :stop_impersonating
+      end
     end
   end
 end

spec/models/user_spec.rb

@@ -27,6 +27,23 @@
     end
   end
 
+  describe '#has_system_permission?' do
+    it 'returns true when user has permissions' do
+      user = create(:user)
+      permission = create(:system_permission)
+      role = create(:system_role, system_permissions: [permission])
+      group = create(:system_group, system_roles: [role])
+      user.system_groups << group
+
+      expect(user.has_system_permission?).to be true
+    end
+
+    it 'returns false when user has no permissions' do
+      user = create(:user)
+      expect(user.has_system_permission?).to be false
+    end
+  end
+
   describe '#full_name' do
     it 'renders the user first and last name separated by a space' do
       user = create(:user, first_name: 'Bubba', last_name: 'Jones')

spec/policies/dashboard_policy_spec.rb

@@ -0,0 +1,26 @@
+require 'rails_helper'
+
+describe DashboardPolicy, type: :policy do
+  let(:user) { create(:user) }
+  let(:system_group) { create(:system_group) }
+  let(:system_role) { create(:system_role) }
+  let(:sp_archive) { create(:system_permission, name: 'User Archive', resource: 'User', operation: 'archive') }
+  let(:policy) { described_class.new(user, :dashboard) }
+
+  before do
+    system_role.system_permissions << sp_archive
+    system_group.system_roles << system_role
+    system_group.users << user
+  end
+
+  describe '#index?' do
+    it 'allows access if user has index permission' do
+      expect(policy.index?).to be_truthy
+    end
+
+    it 'denies access if user does not have index permission' do
+      system_role.system_permissions.destroy_all
+      expect(policy.index?).to be_falsey
+    end
+  end
+end