From ecc5a7b9ca20418f1bdb45cdc3ce5b41a11f3593 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Wed, 15 Apr 2020 19:12:31 +0100
Subject: Add assigned_(users|categories)_only functionality

Users with assigned_categories_only will only see staff features on a
report page in their assigned categories.

Users will only see staff features on a report page in a category with
assigned_users_only if it is in their assigned categories.
---
 t/app/controller/admin/users.t | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 't/app/controller/admin/users.t')

diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index 4f0298103..bc8d28e2d 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -299,6 +299,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
                 roles => $role->id,
             },
@@ -320,6 +321,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
                 roles => $role->id,
             },
@@ -341,6 +343,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
                 roles => $role->id,
             },
@@ -365,6 +368,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
             },
             changes => {
@@ -385,6 +389,7 @@ FixMyStreet::override_config {
                 flagged => 'on',
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
             },
             changes => {
@@ -394,7 +399,7 @@ FixMyStreet::override_config {
             log_entries => [qw/edit edit edit edit/],
         },
         {
-            desc => 'edit user add is_superuser',
+            desc => 'edit user add is_superuser and assigned_categories_only',
             fields => {
                 name => 'Changed User',
                 email => 'changed@example.com',
@@ -405,10 +410,12 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
             },
             changes => {
                 is_superuser => 'on',
+                assigned_categories_only => 'on',
             },
             removed => [
                 keys %default_perms,
@@ -428,6 +435,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => 'on',
                 area_ids => undef,
+                assigned_categories_only => 'on',
             },
             changes => {
                 is_superuser => undef,
-- 
cgit v1.2.3


From 7af4f2cc87cd6ff55501bb2856193a03fe72158c Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Wed, 5 Aug 2020 15:56:10 +0100
Subject: Add database index for user full text search.

---
 t/app/controller/admin/users.t | 2 --
 1 file changed, 2 deletions(-)

(limited to 't/app/controller/admin/users.t')

diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index bc8d28e2d..a3bd4a784 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -84,8 +84,6 @@ subtest 'user search' => sub {
         permissions => ['moderate', 'user_edit'],
     });
     $user->add_to_roles($role);
-    $mech->get_ok('/admin/users?search=' . $haringey->id );
-    $mech->content_contains('test@example.com');
     $mech->get_ok('/admin/users?role=' . $role->id);
     $mech->content_contains('selected>Role A');
     $mech->content_contains('test@example.com');
-- 
cgit v1.2.3


From 9150a5f72725d58055f9b5e60d339a781f9440f1 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Fri, 16 Oct 2020 15:11:50 +0100
Subject: allow bulk removal of staff status from users

Bulk option to remove body, roles and permisions, and disable login in
admin for users.

Fixes mysociety/fixmystreet-commercial#2025
---
 t/app/controller/admin/users.t | 49 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

(limited to 't/app/controller/admin/users.t')

diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index a3bd4a784..6f3971149 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -6,6 +6,8 @@ my $user = $mech->create_user_ok('test@example.com', name => 'Test User');
 my $original_user_id = $user->id; # For log later
 my $user2 = $mech->create_user_ok('test2@example.com', name => 'Test User 2');
 my $user3 = $mech->create_user_ok('test3@example.com', name => 'Test User 3');
+my $user4 = $mech->create_user_ok('test4@example.com', name => 'Test User 4');
+my $user5 = $mech->create_user_ok('test5@example.com', name => 'Test User 5');
 
 my $superuser = $mech->create_user_ok('superuser@example.com', name => 'Super User', is_superuser => 1);
 
@@ -13,6 +15,21 @@ my $oxfordshire = $mech->create_body_ok(2237, 'Oxfordshire County Council');
 my $haringey = $mech->create_body_ok(2509, 'Haringey Borough Council');
 my $southend = $mech->create_body_ok(2607, 'Southend-on-Sea Borough Council');
 
+$user4->from_body( $oxfordshire->id );
+$user4->update;
+$user4->user_body_permissions->create( {
+    body => $oxfordshire,
+    permission_type => 'user_edit',
+} );
+$user5->from_body( $oxfordshire->id );
+$user5->update;
+my $occ_role = $user5->roles->create({
+    body => $oxfordshire,
+    name => 'Role A',
+    permissions => ['moderate', 'user_edit'],
+});
+$user5->add_to_roles($occ_role);
+
 $mech->log_in_ok( $superuser->email );
 
 subtest 'search abuse' => sub {
@@ -97,6 +114,38 @@ subtest 'user assign role' => sub {
     is $user->roles->count, 1;
 };
 
+subtest 'remove users from staff' => sub {
+    is $user4->from_body->id, $oxfordshire->id, 'user4 has a body';
+    is $user4->email_verified, 1, 'user4 email is verified';
+    is $user4->user_body_permissions->count, 1, 'user4 has permissions';
+    is $user5->from_body->id, $oxfordshire->id, 'user5 has a body';
+    is $user5->email_verified, 1, 'user5 email is verified';
+    is $user5->user_roles->count, 1, 'user5 has a role';
+
+    $mech->get_ok('/admin/users');
+    $mech->content_contains($user4->email);
+    $mech->content_contains($user5->email);
+
+    $mech->submit_form_ok({ with_fields => { uid => $user4->id, 'remove-staff' => 'remove-staff'} });
+    $mech->content_lacks($user4->email);
+    $mech->content_contains($user5->email);
+    $user4->discard_changes;
+    $user5->discard_changes;
+    is $user4->from_body, undef, 'user4 removed from body';
+    is $user4->email_verified, 0, 'user4 email unverified';
+    is $user4->user_body_permissions->count, 0, 'no user4 permissions';
+    is $user5->from_body->id, $oxfordshire->id, 'user5 has a body';
+    is $user5->email_verified, 1, 'user5 email is verified';
+    is $user5->user_roles->count, 1, 'user5 has a role';
+
+    $mech->submit_form_ok({ with_fields => { uid => $user5->id, 'remove-staff' => 'remove-staff'} });
+    $mech->content_lacks($user5->email);
+    $user5->discard_changes;
+    is $user5->from_body, undef, 'user5 has no body';
+    is $user5->email_verified, 0, 'user5 email unverified';
+    is $user5->user_roles->count, 0, 'no user5 roles';
+};
+
 subtest 'search does not show user from another council' => sub {
     FixMyStreet::override_config {
         ALLOWED_COBRANDS => [ 'oxfordshire' ],
-- 
cgit v1.2.3