Merge pull request #131 from lsa-mis/staging

staging into main 20250521

Author: rsmoke

.github/workflows/brakeman.yml

@@ -8,6 +8,10 @@ on:
   schedule:
     - cron: '0 0 * * 0'  # Run weekly on Sunday
 
+permissions:
+  contents: read
+  actions: write
+
 jobs:
   security:
     runs-on: ubuntu-latest

app/controllers/bulk_contest_instances_controller.rb

@@ -71,7 +71,6 @@ def create_contest_instances
         new_instance.date_closed = params[:bulk_contest_instance_form][:date_closed]
         new_instance.created_by = current_user.email
         new_instance.active = false
-        new_instance.archived = false
 
         # Copy relationships if they exist
         if last_instance

app/controllers/contest_descriptions_controller.rb

@@ -87,7 +87,7 @@ def set_contest_description
   end
 
   def contest_description_params
-    params.require(:contest_description).permit(:created_by, :active, :archived,
+    params.require(:contest_description).permit(:created_by, :active,
                                                 :eligibility_rules, :name, :notes,
                                                 :short_name,
                                                 :container_id)

app/controllers/contest_instances_controller.rb

@@ -177,6 +177,42 @@ def export_entries
     end
   end
 
+  def export_round_results
+    begin
+      @contest_instance = @contest_description.contest_instances.find(params[:id])
+      authorize @contest_instance, :export_entries?
+
+      round_id = params[:round_id]
+      judging_round = @contest_instance.judging_rounds.find_by(id: round_id)
+
+      if judging_round.nil?
+        redirect_to container_contest_description_contest_instance_path(@container, @contest_description, @contest_instance),
+                  alert: 'Judging round not found.'
+        return
+      end
+
+      @entries = judging_round.entries.distinct.includes(
+        :profile, :category,
+        entry_rankings: [:user]
+      )
+
+      respond_to do |format|
+        format.csv do
+          filename = "#{@contest_description.name.parameterize}-round-#{judging_round.round_number}-results-#{Time.zone.today}.csv"
+
+          csv_data = generate_round_results_csv(@entries, @contest_description, @contest_instance, judging_round)
+
+          send_data csv_data,
+                    type: 'text/csv; charset=utf-8; header=present',
+                    disposition: "attachment; filename=#{filename}"
+        end
+      end
+    rescue Pundit::NotAuthorizedError
+      flash[:alert] = 'Not authorized to access this contest instance'
+      redirect_to root_path
+    end
+  end
+
   private
 
   def authorize_container_access
@@ -202,7 +238,7 @@ def redirect_to_contest_instance_path
 
   def contest_instance_params
     params.require(:contest_instance).permit(
-      :active, :archived, :contest_description_id, :date_open, :date_closed,
+      :active, :contest_description_id, :date_open, :date_closed,
       :notes, :judging_open, :judge_evaluations_complete,
       :maximum_number_entries_per_applicant, :require_pen_name,
       :require_campus_employment_info, :require_finaid_info, :created_by,
@@ -255,4 +291,66 @@ def generate_entries_csv(entries, contest_description, contest_instance)
       end
     end
   end
+
+  def generate_round_results_csv(entries, contest_description, contest_instance, judging_round)
+    require 'csv'
+
+    CSV.generate do |csv|
+      # Header section
+      contest_info = "#{contest_description.name} - Round #{judging_round.round_number} Results"
+      header_row1 = [contest_info] + Array.new(15, '')
+      csv << header_row1
+      csv << Array.new(16, '')  # Empty row as separator
+
+      # Column headers
+      headers = [
+        'Title', 'Category',
+        'Pen Name', 'First Name', 'Last Name', 'UMID', 'Uniqname',
+        'Class Level', 'Campus', 'Entry ID', 'Selected for Next Round',
+        'Judge Name', 'Score', 'Judge Comments [External]', 'Judge Comments [Internal]'
+      ]
+      csv << headers
+
+      # Entry data
+      entries.each do |entry|
+        profile = entry.profile
+        rankings = entry.entry_rankings.where(judging_round: judging_round)
+        selected = rankings.exists?(selected_for_next_round: true)
+
+        # Base entry data
+        base_data = [
+          entry.title,
+          entry.category&.kind,
+          entry.pen_name,
+          profile&.user&.first_name,
+          profile&.user&.last_name,
+          profile&.umid,
+          profile&.user&.uniqname,
+          profile&.class_level&.name,
+          profile&.campus&.campus_descr,
+          entry.id,
+          selected ? 'Yes' : 'No'
+        ]
+
+        # If there are rankings, create a row for each judge's ranking
+        if rankings.any?
+          rankings.each do |ranking|
+            score = ranking.rank
+            external_comments = ranking.external_comments.presence || 'No comment entered'
+            internal_comments = ranking.internal_comments.presence || 'No comment entered'
+
+            csv << base_data + [
+              "#{ranking.user.display_name_or_first_name_last_name} (#{ranking.user.uid})",
+              score,
+              external_comments,
+              internal_comments
+            ]
+          end
+        else
+          # If no rankings, just output the base data with empty judge fields
+          csv << base_data + [ '', '' ]
+        end
+      end
+    end
+  end
 end

app/controllers/entries_controller.rb

@@ -1,6 +1,6 @@
 class EntriesController < ApplicationController
   include AvailableContestsConcern
-  before_action :set_entry, only: %i[ show edit update destroy soft_delete toggle_disqualified ]
+  before_action :set_entry, only: %i[ show edit update destroy soft_delete toggle_disqualified modal_details ]
   before_action :set_entry_for_profile, only: %i[ applicant_profile ]
   before_action :authorize_entry, only: %i[show edit update destroy]
   before_action :authorize_index, only: [ :index ]
@@ -16,6 +16,12 @@ def show
     authorize @entry
   end
 
+  # GET /entries/1/modal_details
+  def modal_details
+    authorize @entry, :show?
+    render layout: false
+  end
+
   # GET /entries/new
   def new
     contest_instance_id = params[:contest_instance_id]

app/helpers/entries_helper.rb

@@ -6,12 +6,4 @@ def disqualified_icon(entry)
       ''
     end
   end
-
-  def archived_icon(entry)
-    if entry.archived
-      content_tag(:i, '', class: 'bi bi-eye', style: 'font-size: 1.5rem;', aria: { hidden: 'true' })
-    else
-      ''
-    end
-  end
 end

app/models/container.rb

@@ -80,7 +80,7 @@ def active_entries
     Entry.joins(contest_instance: { contest_description: :container })
          .where(containers: { id: id })
          .where(deleted: false)
-         .where(contest_instances: { active: true, archived: false })
-         .where(contest_descriptions: { active: true, archived: false })
+         .where(contest_instances: { active: true })
+         .where(contest_descriptions: { active: true })
   end
 end

app/models/contest_description.rb

@@ -31,5 +31,4 @@ class ContestDescription < ApplicationRecord
   validates :name, presence: true, uniqueness: true
 
   scope :active, -> { where(active: true) }
-  scope :archived, -> { where(archived: true) }
 end

app/models/contest_instance.rb

@@ -59,7 +59,7 @@ class ContestInstance < ApplicationRecord
 
   # Scopes
   scope :active_and_open, -> {
-    where(active: true, archived: false)
+    where(active: true)
     .where('date_open <= ? AND date_closed >= ?', Time.zone.now, Time.zone.now)
   }
 
@@ -89,7 +89,7 @@ class ContestInstance < ApplicationRecord
   }
 
   def open?
-    active && !archived && Time.current.between?(date_open, date_closed)
+    active && Time.current.between?(date_open, date_closed)
   end
 
   def judging_open?(user = nil)

app/policies/entry_policy.rb

@@ -14,7 +14,22 @@ def toggle_disqualified?
   def view_applicant_profile?
     container = record.contest_instance.contest_description.container
     record.profile.user == user ||
-    user&.has_container_role?(container, ['Collection Administrator', 'Collection Manager']) ||
+    user&.has_container_role?(container, [ 'Collection Administrator', 'Collection Manager' ]) ||
+    axis_mundi?
+  end
+
+  def show?
+    # Allow users to see their own entries
+    return true if record.profile.user == user
+
+    # Allow collection admins/managers to see entries from their containers
+    container = record.contest_instance.contest_description.container
+    return true if user&.has_container_role?(container)
+
+    # Allow judges to see entries they've been assigned to judge
+    return true if user&.judging_assignments&.pluck(:contest_instance_id)&.include?(record.contest_instance_id)
+
+    # Fall back to axis_mundi check
     axis_mundi?
   end