Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(161623) Do not show "deleted" projects in application #1478

Merged
merged 6 commits into from
Apr 11, 2024
Merged

(161623) Do not show "deleted" projects in application #1478

merged 6 commits into from
Apr 11, 2024

Commits on Apr 10, 2024

  1. Do not return deleted projects by default (default_scope) 

    Adding default_scope to models can be problematic as default scopes can conceal
issues. However, now that we have a concept of "soft deleted" projects, we do
not want to return these projects ANYWHERE in the application - not in the UI,
exports or statistics. They should not be seen to exist.

To avoid explicitly asking for `active` and/or `completed` projects in all
our pages, use `default_scope` to exclude deleted projects.

If we want to view deleted projects in future, we will have to explicitly look
for them (e.g. using `Project.unscoped.where(state: :deleted)` as opposed to the
Project.deleted scope).
    @lozette
    lozette committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    d799bee View commit details
    Browse the repository at this point in the history

  2. Use ProjectPolicy to stop individual deleted projects being viewed & … 

    …edited

We don't want users viewing deleted projects by going to their `show` URL - so
ensure this doesn't happen using Policies.

This will return a 403 not a 404, which semantically isn't quite correct - the
project isn't deleted, so it's "found" but it's not viewable. But the user
shouldn't know it's not "deleted". However we think it will be rare for a user
to have a project URL and go to it directly.

The editing restricton is more of a theoretical need than a practical one, but
mark "soft deleted" projects as un-editable, just in case anyone manages to
access one and tries to edit it.
    @lozette
    lozette committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    dc41246 View commit details
    Browse the repository at this point in the history

  3. (Fix) Use the index? ProjectPolicy here, not show? 

    We were using ProjectPolicy.show? here but this is actually a project
_listing_ page, not a show page for an individual project. The naming on this
controller is a little obscure - it is _showing_ an individual month of projects
not an individual project. So `index?` is the appropriate Policy to call here.
    @lozette
    lozette committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    4431870 View commit details
    Browse the repository at this point in the history

  4. Add tests to ensure we are not exporting deleted projects 

    Add some tests to prove our exports are not including any "soft deleted"
projects.
    @lozette
    lozette committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    7f014f7 View commit details
    Browse the repository at this point in the history

  5. Add tests to ensure deleted projects are not counted in statistics

    @lozette
    lozette committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    347644f View commit details
    Browse the repository at this point in the history

  6. Add tests to ensure deleted projects are not shown in project listing… 

    … pages
    @lozette
    lozette committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    965ce31 View commit details
    Browse the repository at this point in the history