Merge pull request #2422 from alphagov/org-permissions-rake-task

Add rake task to assign access permissions for an organisation
alphagov · Nov 27, 2024 · 3dd049a · 3dd049a
2 parents ab54db8 + 06a376e
commit 3dd049a
Show file tree

Hide file tree

Showing 2 changed files with 108 additions and 0 deletions.
diff --git a/lib/tasks/access_and_permissions.rake b/lib/tasks/access_and_permissions.rake
@@ -0,0 +1,53 @@
+require "csv"
+
+namespace :permissions do
+  desc "Add an organisation to a document's access permissions list"
+  task :add_organisation_access, %i[document_content_id org_content_id log_file] => :environment do |_, args|
+    document = Artefact.find_by(id: args[:document_content_id])
+
+    if document.nil?
+      message = "Document ID #{args[:document_content_id]} not found, no permissions added for organisation with ID: #{args[:org_content_id]}"
+    elsif document.latest_edition.owning_org_content_ids.include?(args[:org_content_id])
+      message = "Organisation with ID: #{args[:org_content_id]} already has permission to access the document with ID: #{document.id}"
+    else
+      Edition.where(panopticon_id: document.id).each do |edition|
+        edition.owning_org_content_ids << args[:org_content_id]
+        edition.save!(validate: false)
+      end
+      document.save_as_task!("PermissionsAddition")
+      message = "Access permission for organisation ID: #{args[:org_content_id]}, successfully assigned to document with ID: #{document.id}"
+    end
+    args[:log_file] ? args[:log_file].puts(message) : puts(message)
+  rescue Mongoid::Errors::DocumentNotFound => e
+    error_message = "An error occurred while processing document ID #{args[:document_content_id]}: #{e.message}"
+    args[:log_file] ? args[:log_file].puts(error_message) : puts(error_message)
+  end
+
+  desc "Bulk process access permissions from CSV of URLs"
+  task :bulk_process_access_flags, %i[csv_filename organisation_id] => :environment do |_, args|
+    log_file = File.open("/tmp/permissions_rake_log.txt", "w")
+    log_file.puts("Adding access permissions for the organisation with ID - #{args[:organisation_id]}")
+
+    begin
+      CSV.foreach(args[:csv_filename], headers: true) do |row|
+        path = row[1]
+        path&.slice!("https://www.gov.uk/")
+        document = Artefact.find_by(slug: path)
+
+        if document.nil?
+          log_file.puts "Document with slug '#{path}' not found. Skipping..."
+          next
+        end
+
+        Rake::Task["permissions:add_organisation_access"].reenable
+        Rake::Task["permissions:add_organisation_access"].invoke(document.id, args[:organisation_id], log_file)
+      rescue StandardError => e
+        log_file.puts "--- Error occurred ---"
+        log_file.puts e.detailed_message
+        log_file.puts "------"
+      end
+    ensure
+      log_file.close
+    end
+  end
+end
diff --git a/test/unit/tasks/access_and_permissions_test.rb b/test/unit/tasks/access_and_permissions_test.rb
@@ -0,0 +1,55 @@
+require "test_helper"
+require "rake"
+
+class AccessAndPermissionsTaskTest < ActiveSupport::TestCase
+  setup do
+    @add_organisation_access_task = Rake::Task["permissions:add_organisation_access"]
+    @bulk_process_task = Rake::Task["permissions:bulk_process_access_flags"]
+
+    @add_organisation_access_task.reenable
+    @bulk_process_task.reenable
+
+    @artefact1 = FactoryBot.create(:artefact, slug: "example-slug-1")
+    @artefact2 = FactoryBot.create(:artefact, slug: "example-slug-2")
+    @edition1 = FactoryBot.create(:edition, panopticon_id: @artefact1.id, owning_org_content_ids: [])
+    @edition2 = FactoryBot.create(:edition, panopticon_id: @artefact2.id, owning_org_content_ids: [])
+    @csv_file_path = Rails.root.join("tmp/test_bulk_access.csv")
+    CSV.open(@csv_file_path, "w") do |csv|
+      csv << %w[Header1 URL]
+      csv << ["Row1", "https://www.gov.uk/example-slug-1"]
+      csv << ["Row2", "https://www.gov.uk/example-slug-2"]
+    end
+  end
+
+  test "add_organisation_access assigns permissions correctly" do
+    organisation_id = "test-org-id"
+
+    @add_organisation_access_task.invoke(@artefact1.id, organisation_id)
+    @edition1.reload
+
+    assert_includes @edition1.owning_org_content_ids, organisation_id
+    assert_not_includes @edition2.owning_org_content_ids, organisation_id
+  end
+
+  test "add_organisation_access does not duplicate access" do
+    organisation_id = "test-org-id"
+    @edition1.update!(owning_org_content_ids: [organisation_id])
+
+    @add_organisation_access_task.invoke(@artefact1.id, organisation_id)
+    @edition1.reload
+
+    assert_equal(1, @edition1.owning_org_content_ids.count { |id| id == organisation_id })
+  end
+
+  test "bulk_process_access_flags processes all rows in CSV" do
+    organisation_id = "test-org-id"
+
+    @bulk_process_task.invoke(@csv_file_path.to_s, organisation_id)
+
+    @edition1.reload
+    @edition2.reload
+
+    assert_includes @edition1.owning_org_content_ids, organisation_id
+    assert_includes @edition2.owning_org_content_ids, organisation_id
+  end
+end