Conversation
Updated the calendar events index view to use a new instance variable, @can_update_calendar_events, for determining if the user can update calendar events. This change simplifies the permission check by removing direct policy calls from the view.
Updated various controllers and views to utilize instance variables for permission checks, improving readability and maintainability. This includes adding @can_update and @can_view variables for affiliated resources, appointments, questionnaires, students, and vips, and updating the corresponding views to use these variables instead of direct policy calls.
Created a student user and associated it with a program in the student request specs. Updated response checks to use a custom matcher for action elements, improving clarity in the tests.
Updated the questionnaires index view to use the instance variable @can_create_questionnaires for determining if the user can create new questionnaires. This change enhances readability by removing direct policy calls from the view.
Updated the students controller to introduce a new method, set_students_and_enrollment_dates, for managing student data and their enrollment dates. This change enhances code readability and maintainability by centralizing the logic for fetching student enrollment dates. The index view has been updated accordingly to utilize this new method.
Updated the VipsController to create a VIP instance before authorization checks, enhancing code clarity and maintainability. This change ensures that the authorization logic is more consistent and easier to follow.
Updated the appointment policy to restrict department admins from accessing appointments of programs in other departments. Added tests to verify this behavior in both the appointment request specs and the appointment policy specs, ensuring proper authorization checks are in place.
Updated the calendar event policy to restrict department admins from accessing calendar events of programs in other departments. Added tests to verify this behavior in the calendar events request specs and policy specs, ensuring proper authorization checks are in place.
Updated the index action in CalendarEventsController to include eager loading of associated calendar_event_faculties and vips. This change improves performance by reducing the number of database queries when fetching calendar events, while maintaining the existing order by start_time.
Updated the appointments index view to use the instance variable @can_create_appointments for determining if the user can create new appointments. This change enhances readability by removing direct policy calls from the view. Additionally, the appointments controller was updated to set this variable based on the user's permissions.
Updated the calendar events index view to utilize the instance variable @can_create_calendar_events for determining if the user can create new events. This change improves readability by eliminating direct policy calls from the view. The controller was also modified to set this variable based on the user's permissions.
Updated the affiliated resources index view to utilize the instance variable @can_create_affiliated_resources for determining if the user can create new resources. This change enhances readability by removing direct policy calls from the view. The affiliated resources controller was also modified to set this variable based on the user's permissions.
Updated the questionnaire policy to restrict department admins from accessing questionnaires of programs in other departments. Added tests to verify this behavior in the questionnaires request specs and policy specs, ensuring proper authorization checks are in place. Additionally, improved the request specs to include scenarios for department admins and their access rights.
Updated the Vips index view to utilize the instance variable @can_create_vips for determining if the user can create new VIPs. This change improves readability by removing direct policy calls from the view. The VipsController was also modified to set this variable based on the user's permissions.
Updated the index action in AffiliatedResourcesController to create an instance of AffiliatedResource before performing authorization checks. This change improves code readability and maintainability by centralizing the resource instantiation, ensuring consistent policy evaluations for create, update, and destroy permissions.
Updated the questionnaires index view to use the `size` method instead of `count` for displaying the number of questions. This change improves performance by reducing database queries when accessing the questions associated with each questionnaire.
Modified the appointment request specs to replace the "View" label with "Actions" and included the appointment path in the response body checks. This change ensures that the tests accurately reflect the updated UI and functionality for appointment actions.
Modified the student request specs to check for the presence of the bulk upload link in the response body and action elements. This change ensures that the tests accurately reflect the updated UI and functionality related to bulk uploads for department program students.
Modified the appointment request specs to ensure that the "View" link correctly points to the appointment show path. This change enhances the accuracy of the tests in reflecting the updated UI and functionality for appointment actions.
… anchor Modified the student request specs to enhance the validation of the bulk upload link by asserting against the specific anchor text "Bulk Upload" in the response body. This change ensures that the tests accurately reflect the updated UI and functionality for bulk uploads in department program students.
Updated the appointment policy methods to improve readability and maintainability by restructuring the authorization checks. Each method now clearly handles user presence and program association, ensuring that department admins can only access appointments for their respective departments. This change enhances the overall clarity of the policy logic.
N+1 cal events ctrl index
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request enhances authorization logic across several controllers and views, making permission checks more consistent and efficient. It introduces controller instance variables for permission states, refactors policy checks in views to use these variables, and strengthens policy logic for appointments, calendar events, and questionnaires. Additionally, student listing and enrollment date handling are improved for clarity and maintainability.
Authorization and Permission Handling:
@can_create_*,@can_update_*,@can_destroy_*,@can_view_*) for permission checks, replacing direct policy calls in views. This improves efficiency and makes templates cleaner.Policy Logic Improvements:
Appointment,CalendarEvent, andQuestionnaireare refactored to ensure department admins can only access resources in their own department, with clearer super admin handling and robust record checks.Student Listing and Enrollment Dates:
set_students_and_enrollment_datesmethod, simplifying student listing and ensuring enrollment dates are available for each student. This method is used in both index and create actions for error handling.Other Minor Improvements:
.sizeinstead of.countfor questions, improving performance and correctness.