Add banner to allow user to accept ToS changes #11795
Conversation
rioug
force-pushed
the
11720-enterprise-user-consent-to-ToS-changes
branch
from
802c32c to
d19016d
Compare
rioug
force-pushed
the
11720-enterprise-user-consent-to-ToS-changes
branch
from
d19016d to
718aaec
Compare
rioug
force-pushed
the
11720-enterprise-user-consent-to-ToS-changes
branch
3 times, most recently
from
ca48a5f to
efefb1c
Compare
rioug
force-pushed
the
11720-enterprise-user-consent-to-ToS-changes
branch
from
6add097 to
b775e24
Compare
sigmundpetersen
changed the title
| bottom: 0; | ||
| left: 0; | ||
| width: 100%; | ||
| z-index: 1000; |
There was a problem hiding this comment.
With z-index, I try to only increase it as much as is needed. Often only a 1 or 2 is needed. I find it helps keep the numbers manageable, rather than trying to work out how many zeros to add on the end!
Oh, I just reviewed some of the z-indexes in the codebase, it seems they're very large already, maybe this was necessary?
It would be great to register this as a new variable in theglobals/variables.scss file, then we can at least start to see where z-index is used across the app.
There was a problem hiding this comment.
I didn't put too much though into this, upon further review I think 102 should be enough for the admin pages. Added in globals/variables.scss
| @@ -0,0 +1,31 @@ | |||
| .banner-container { | |||
There was a problem hiding this comment.
I'm wondering if we could just add the form-actions class to the element and get most of these styles for free, without having to duplicate them?
app/webpacker/controllers/terms_of_service_banner_controller.js
Outdated
Show resolved
Hide resolved
db/migrate/20231103061213_add_terms_of_service_accepted_at_to_spree_users.rb
Show resolved
Hide resolved
db/migrate/20231103061213_add_terms_of_service_accepted_at_to_spree_users.rb
Outdated
Show resolved
Hide resolved
|
|
||
| current_spree_user.terms_of_service_accepted_at.present? && | ||
| current_spree_user.terms_of_service_accepted_at > file_uploaded_at && | ||
| current_spree_user.terms_of_service_accepted_at < DateTime.now |
There was a problem hiding this comment.
That's an interesting condition. So if I, for some weird reason, manage to tell the OFN database that I will accept future ToS until 3rd of March 2025 then this will be seen as invalid and it looks like I didn't accept the ToS. Until time passes and on the 3rd of March 2025, suddenly, I appear to have accepted the ToS. This is an impossible scenario at the moment but I wonder why you included it?
There was a problem hiding this comment.
Also, if I just accepted the ToS right now and our computers are so fast that the rendering happens in the same fraction of a second then it looks like I didn't accept the ToS?
Luckily timestamps are very accurate, although, the database is less accurate and therefore, within the accuracy of the database now would always be bigger than the stored timestamp. But I think that would need to be within a microsecond. Those zeros are nanoseconds:
Thu, 12 Oct 2023 10:51:46.765599000 AEDT +11:00
There was a problem hiding this comment.
David asked a similar question, see my answer here: #11795 (comment)
I admit it's a bit overkilled.
spec/system/admin/tos_banner_spec.rb
Outdated
| context "when updating Terms of Service" do | ||
| let(:test_file_path) { "public/Terms-of-service.pdf" } | ||
|
|
||
| it "shows the banner" do | ||
| # ToS has been accepted | ||
| admin_user.update!(terms_of_service_accepted_at: 2.days.ago) | ||
|
|
||
| # Upload new ToS | ||
| visit admin_terms_of_service_files_path | ||
| attach_file "Attachment", Rails.root.join(test_file_path) | ||
| click_button "Create Terms of service file" | ||
|
|
||
| # check it has been uploaded | ||
| expect(page).to have_link "Terms of Service" | ||
|
|
||
| expect(page).to have_content("Terms of Service have been updated") | ||
| end | ||
| end |
There was a problem hiding this comment.
I would suggest that we just need to test showing/hiding, and don't need this second spec about exact conditions of when it shows/hides, because that's covered in the request spec. But maybe that's just personal preference.
There was a problem hiding this comment.
However, I would at least suggest that instead simulating the upload of new ToS file, you could just update it directly in the model, which would be a lot quicker.
Uploading of the new ToS is covered in spec/system/admin/configuration/terms_of_service_files_spec.rb.
There was a problem hiding this comment.
I thought that, too, and just went to do this, but this test has only one page visit and a form submission. The test conditions are then carried out on the same page. Replacing this doesn't result in any speed-up of the test. So it's better to run real user interaction instead of manual database changes then.
|
Hi @rioug, Positive test cases
Here is the query for reference:
Negative test cases
Both of the latter issues have the same root cause, which is that accepting the ToS during registration of an enterprise is not updating the terms_of_service_accepted_at entry in the DB. ConclusionI think we should fix those test cases before releasing. Thanks again! |
mariocarabotta
added
pr-staged-au
Plus spec, this is tested on the dashboard page. The banner will show if the user accepted_at is before the tos file updated at time.
The banner can in some case overlap element we are trying to interact with. Add a fake ToS file and make sure user have accepted the ToS, so that the banner is not shown
Timecop intefere with the fake terms of service, so we need to manually accept the terms of service to make the banner disappear
It shouldn't be possible for the update to fail, as we are not sending any parameter. Any other failure should be handled by rails already, ie missing csrf token.
Now that the banner isn't displayed if enterprise are not required to sign ToS, the fix is useless
Spree::Admin::UserController is for super admin user only. Moving to a reflex simplifies the code by getting rid of a new route and a new stimulus controller
It easier to understand when we can see the logic to display the banner in the view.
Reuse existing css when possible, and use variable for z-index so its easier to track usage of z-index
It's not needed, as the reflex get the curent user based on the user session
Now that we check if there is a ToS file before displaying the banner it's not needed anymore
Actually create a ToS file instead of using a fake one
These styles should only apply to the form-actions in the products form.
drummer83
force-pushed
the
11720-enterprise-user-consent-to-ToS-changes
branch
from
4ae9da7 to
1bb4a66
Compare
What? Why?
We need an "automatic" way of notifying enterprise user that Terms of Service have been updated, and they need to accept the new ToS. To do so, we show a banner on every admin page which will disappear once they accept the new ToS
What should we test?
Turn on
admin_style_v3feature, and repeat above scenarioRelease notes
Changelog Category (reviewers may add a label for the release notes):
The title of the pull request will be included in the release notes.