Merge pull request #1846 from datadryad/resource-roles

Allow multiple user roles on resources
datadryad · Nov 4, 2024 · f5f8d1d · f5f8d1d
2 parents e673670 + 506e872
commit f5f8d1d
Show file tree

Hide file tree

Showing 66 changed files with 322 additions and 443 deletions.
diff --git a/app/controllers/stash_api/datasets_controller.rb b/app/controllers/stash_api/datasets_controller.rb
@@ -579,7 +579,7 @@ def check_may_set_payment_id
     def duplicate_resource
       nr = @resource.amoeba_dup
       nr.curation_activities&.update_all(user_id: @user.id)
-      nr.current_editor_id = @resource.user_id
+      nr.current_editor_id = @user.id
       nr.save!
       @resource = nr
     end

diff --git a/app/controllers/stash_datacite/resources_controller/dataset_presenter.rb b/app/controllers/stash_datacite/resources_controller/dataset_presenter.rb
@@ -54,12 +54,12 @@ def publication_date
 
       def edited_by_name
         u = resource.editor
-        u = resource.user if u.nil?
+        u = resource.submitter if u.nil?
         "#{u.first_name} #{u.last_name}"
       end
 
       def edited_by_name_w_role
-        return edited_by_name if resource.current_editor_id.nil? || resource.user_id == resource.current_editor_id
+        return edited_by_name if resource.current_editor_id.nil? || resource.users.pluck(&:id).include?(resource.current_editor_id)
 
         "#{edited_by_name} (admin)"
       end

diff --git a/app/controllers/stash_engine/admin_dashboard_controller.rb b/app/controllers/stash_engine/admin_dashboard_controller.rb
@@ -15,7 +15,7 @@ def index; end
     def results
       @datasets = StashEngine::Resource.latest_per_dataset.select(
         :id, :title, :total_file_size, :user_id, :tenant_id, :identifier_id, :last_curation_activity_id, :publication_date,
-        :current_editor_id, :current_resource_state_id
+        :user_id, :current_resource_state_id
       ).distinct
 
       add_fields
@@ -117,7 +117,7 @@ def setup_paging
     # rubocop:disable Style/MultilineIfModifier
     def setup_limits
       session[:admin_search_role] = params[:user_role] if params[:user_role].present?
-      @user_role = current_user.roles.find_by(id: session[:admin_search_role]) || current_user.roles.first
+      @user_role = current_user.roles.admin_roles.find_by(id: session[:admin_search_role]) || current_user.roles.admin_roles.first
       @role_object = @user_role.role_object
       @tenant_limit = @role_object.is_a?(StashEngine::Tenant) ? policy_scope(StashEngine::Tenant) : StashEngine::Tenant.enabled
       if @role_object.is_a?(StashEngine::JournalOrganization)
@@ -187,12 +187,8 @@ def view_field
     end
 
     def curator_field
-      @datasets = @datasets.joins("left outer join (
-          select stash_engine_users.* from stash_engine_users
-          inner join stash_engine_roles on stash_engine_users.id = stash_engine_roles.user_id
-            and role in ('curator', 'superuser')
-        ) curator on curator.id = stash_engine_resources.current_editor_id")
-        .select("CONCAT_WS(' ', curator.first_name, curator.last_name) as curator_name")
+      @datasets = @datasets.left_outer_joins(:curator)
+        .select("CONCAT_WS(' ', stash_engine_users.first_name, stash_engine_users.last_name) as curator_name")
     end
 
     def author_field
@@ -229,7 +225,7 @@ def add_filters
         :affiliation, :value
       ).present?
       @datasets = @datasets.where(
-        'curator.id': Integer(@filters[:curator], exception: false) ? @filters[:curator] : nil
+        'stash_engine_users.id': Integer(@filters[:curator], exception: false) ? @filters[:curator] : nil
       ) if @filters[:curator].present? && current_user.min_app_admin?
       unless @search_string.blank?
         search_string = %r{^10.[\S]+/[\S]+$}.match(@search_string) ? "\"#{@search_string}\"" : @search_string
@@ -332,7 +328,7 @@ def add_subqueries
       @datasets = @datasets.preload(:authors) if @fields.include?('authors')
       @datasets = @datasets.preload(:tenant).preload(authors: :affiliations) if @fields.include?('affiliations')
       @datasets = @datasets.preload(tenant: :ror_orgs).preload(authors: { affiliations: :ror_org }) if @fields.include?('countries')
-      @datasets = @datasets.preload(:user) if @fields.include?('submitter')
+      @datasets = @datasets.preload(:roles) if @fields.include?('submitter')
       @datasets = @datasets.preload(identifier: :counter_stat) if @fields.include?('metrics')
       if @fields.include?('journal') || @fields.include?('sponsor') || @fields.include?('identifiers')
         @datasets = @datasets.preload(:resource_publication)
@@ -357,7 +353,7 @@ def curation_activity_change
 
       decipher_curation_activity
       @note = params.dig(:curation_activity, :note)
-      @resource.current_editor_id = current_user.id
+      @resource.user_id = current_user.id
       @resource.publication_date = @pub_date
       @resource.hold_for_peer_review = true if @status == 'peer_review'
       @resource.peer_review_end_date = (Time.now.utc + 6.months) if @status == 'peer_review'
@@ -418,11 +414,11 @@ def state_error
     def current_editor_change
       editor_id = params.dig(:current_editor, :id)
       if editor_id&.to_i == 0
-        @resource.update(current_editor_id: nil)
+        @resource.update(user_id: nil)
         @status = 'submitted' if @resource.current_curation_status == 'curation'
         @curator_name = ''
       else
-        @resource.update(current_editor_id: editor_id)
+        @resource.update(user_id: editor_id)
         @curator_name = StashEngine::User.find(editor_id)&.name
       end
       @note = "Changing current editor to #{@curator_name.presence || 'unassigned'}. " + params.dig(:curation_activity, :note)

diff --git a/app/controllers/stash_engine/admin_datasets_controller/stats.rb b/app/controllers/stash_engine/admin_datasets_controller/stats.rb
@@ -60,7 +60,7 @@ def datasets_with_resource_state_count(state:)
 
       def datasets_with_curation_status_count(status:, only_unclaimed: false)
         query = "#{STATUS_QUERY_BASE} WHERE ser.updated_at < '#{@untouched_since}' AND ser.created_at > '#{@since}' AND seca.status = '#{status}'"
-        query += ' AND (ser.current_editor_id is NULL or ser.current_editor_id = ser.user_id)' if only_unclaimed
+        query += ' AND (ser.user_id is NULL)' if only_unclaimed
         ApplicationRecord.connection.execute(query)&.first&.first
       end
 

diff --git a/app/controllers/stash_engine/application_controller.rb b/app/controllers/stash_engine/application_controller.rb
@@ -33,7 +33,7 @@ def user_not_authorized
     end
 
     def display_authorization_failure
-      Rails.logger.warn("Resource #{resource ? resource.id : 'nil'}: user ID is #{resource.user_id || 'nil'} but " \
+      Rails.logger.warn("Resource #{resource ? resource.id : 'nil'}: user IDs are #{resource.users&.map(&:id)&.join(', ')} but " \
                         "current user is #{current_user.id || 'nil'}")
       flash[:alert] = 'You do not have permission to modify this dataset.'
       redirect_back(fallback_location: choose_dashboard_path)

diff --git a/app/controllers/stash_engine/dashboard_controller.rb b/app/controllers/stash_engine/dashboard_controller.rb
@@ -29,8 +29,18 @@ def user_datasets
       @page_size = params[:page_size] || '10'
       respond_to do |format|
         format.js do
-          @datasets = policy_scope(Identifier, policy_scope_class: IdentifierPolicy::DashboardScope).page(@page).per(@page_size)
-          @datasets = @datasets.preload(latest_resource: %i[last_curation_activity stash_version current_resource_state])
+          @datasets = current_user.resources.latest_per_dataset.distinct
+            .joins(:last_curation_activity)
+            .select("stash_engine_resources.*,
+            CASE
+              WHEN status in ('in_progress', 'action_required') THEN 0
+              WHEN status='peer_review' THEN 1
+              WHEN status in ('submitted', 'curation', 'processing') THEN 2
+              WHEN status='withdrawn' THEN 4
+              ELSE 3
+            END as sort_order")
+            .order('sort_order asc, stash_engine_resources.updated_at desc').page(@page).per(@page_size)
+          @datasets = @datasets.preload(%i[last_curation_activity stash_version current_resource_state])
         end
       end
     end

diff --git a/app/controllers/stash_engine/metadata_entry_pages_controller.rb b/app/controllers/stash_engine/metadata_entry_pages_controller.rb
@@ -51,9 +51,9 @@ def edit_by_doi
             note: "Transferring ownership to #{current_user.name} (#{current_user.id}) using an edit code"
           )
           @resource.curation_activities << ca
-          @resource.user_id = current_user.id
-          @resource.current_editor_id = current_user.id
-          @resource.save
+          @resource.submitter = current_user.id
+          @resource.update(current_editor_id: current_user.id)
+          @resource.reload
         else
           # The user will need to login (possibly creating an
           # account), and then they will be redirected back to this
@@ -68,7 +68,7 @@ def edit_by_doi
       # that they have access to edit this dataset. But if they were not logged in,
       # log them in as the dataset owner, and ensure the tenant_id is set correctly.
       unless current_user
-        session[:user_id] = resource.user_id
+        session[:user_id] = resource.submitter.id
         if current_user.tenant_id.blank?
           session[:target_page] = stash_url_helpers.metadata_entry_pages_find_or_create_path(resource_id: resource.id)
           redirect_to stash_url_helpers.choose_sso_path and return
@@ -136,7 +136,7 @@ def accept_agreement
     private
 
     def ownership_transfer_needed?
-      valid_edit_code? && (resource.user_id == 0)
+      (valid_edit_code? && resource.submitter.id == 0) || resource.submitter.blank?
     end
 
     def resource_exist

diff --git a/app/controllers/stash_engine/pages_controller.rb b/app/controllers/stash_engine/pages_controller.rb
@@ -25,37 +25,5 @@ def sitemap
     def app_404
       render status: :not_found
     end
-
-    private
-
-    # TODO: need to change query so it's not tenant-specific
-    def find_identifiers(my_tenant)
-      join_conditions = <<-SQL
-          INNER JOIN stash_engine_resources
-                  ON stash_engine_identifiers.id = stash_engine_resources.identifier_id
-          INNER JOIN stash_engine_users
-                  ON stash_engine_resources.user_id = stash_engine_users.id
-      SQL
-
-      Identifier.select(:id, :identifier, :identifier_type, :updated_at).distinct
-        .joins(join_conditions)
-        .where('stash_engine_users.tenant_id = ?', my_tenant.id)
-    end
-
-    def gen_xml_from_identifiers(ar_identifiers)
-      builder = Nokogiri::XML::Builder.new do |xml|
-        xml.urlset(xmlns: 'http://www.sitemaps.org/schemas/sitemap/0.9') do
-          ar_identifiers.each { |iden| add_url(xml, iden) }
-        end
-      end
-      builder.to_xml
-    end
-
-    def add_url(xml, identifier)
-      xml.url do
-        xml.loc "https://#{Rails.application.default_url_options[:host]}#{APP_CONFIG.stash_mount}/dataset/#{identifier}"
-        xml.lastmod identifier.updated_at.strftime('%Y-%m-%d')
-      end
-    end
   end
 end
diff --git a/app/controllers/stash_engine/resources_controller.rb b/app/controllers/stash_engine/resources_controller.rb
@@ -53,12 +53,15 @@ def edit; end
     # POST /resources
     # POST /resources.json
     def create
-      resource = authorize Resource.new(user_id: current_user.id, current_editor_id: current_user.id, tenant_id: current_user.tenant_id)
+      resource = authorize Resource.new(current_editor_id: current_user.id, tenant_id: current_user.tenant_id)
       my_id = Stash::Doi::DataciteGen.mint_id(resource: resource)
       id_type, id_text = my_id.split(':', 2)
       db_id_obj = Identifier.create(identifier: id_text, identifier_type: id_type.upcase, import_info: 'manuscript')
       resource.identifier_id = db_id_obj.id
       resource.save
+      resource.creator = current_user.id
+      resource.submitter = current_user.id
+      resource.reload
       resource.fill_blank_author!
       import_manuscript_using_params(resource) if params['journalID']
       session[:resource_type] = current_user.min_app_admin? && params.key?(:collection) ? 'collection' : 'dataset'
@@ -115,7 +118,7 @@ def destroy
 
     # Review responds as a get request to review the resource before saving
     def review
-      resource.update(tenant_id: resource.user.tenant_id) unless resource.tenant_id == resource.user.tenant_id
+      resource.update(tenant_id: resource.submitter.tenant_id) unless resource.tenant_id == resource.submitter.tenant_id
     end
 
     # Submission of the resource to the repository

diff --git a/app/controllers/stash_engine/shared_security_controller.rb b/app/controllers/stash_engine/shared_security_controller.rb
@@ -115,7 +115,7 @@ def ajax_require_modifiable
 
     # these owner/admin need to be in controller since they address the current_user from session, not easily available from model
     def owner?(resource:)
-      current_user.present? && resource&.user_id == current_user.id
+      current_user.present? && resource&.users&.include?(current_user)
     end
 
     def admin?(resource:)

diff --git a/app/controllers/stash_engine/user_admin_controller.rb b/app/controllers/stash_engine/user_admin_controller.rb
@@ -6,7 +6,7 @@ class UserAdminController < ApplicationController
     before_action :require_user_login
     before_action :load, only: %i[popup edit set_role user_profile]
     before_action :setup_roles, only: %i[set_role user_profile]
-    before_action :setup_paging, only: :index
+    before_action :setup_paging, only: %i[index user_profile]
 
     def index
       setup_facets
@@ -98,12 +98,13 @@ def set_role
     # profile for a user showing stats and datasets
     def user_profile
       @user = User.find(params[:id])
-      @progress_count = Resource.in_progress.where(user_id: @user.id).count
+      @progress_count = @user.resources.in_progress.distinct.count
       # some of these columns are calculated values for display that aren't stored (publication date)
-      @resources = Resource.where(user_id: @user.id).latest_per_dataset
-      @presenters = @resources.map { |res| StashDatacite::ResourcesController::DatasetPresenter.new(res) }
-      setup_ds_status_facets
-      sort_and_paginate_datasets
+      @resources = @user.resources.latest_per_dataset.distinct.joins(:last_curation_activity)
+        .select('stash_engine_resources.*, stash_engine_curation_activities.status')
+      ord = helpers.sortable_table_order(whitelist: %w[title status publication_date total_file_size updated_at current_editor_id])
+      add_profile_filters
+      @resources = @resources.order(ord).page(@page).per(@page_size)
     end
 
     private
@@ -123,7 +124,7 @@ def load
     end
 
     def setup_roles
-      @system_role = @user.roles.where(role_object_type: nil)&.first
+      @system_role = @user.roles.system_roles&.first
       @tenant_role = @user.roles.tenant_roles&.first
       @journal_role = @user.roles.journal_roles&.first
       @publisher_role = @user.roles.journal_org_roles&.first
@@ -147,17 +148,6 @@ def check_tenant_role
       setup_roles
     end
 
-    def setup_ds_status_facets
-      @status_facets = @presenters.map(&:embargo_status).uniq.sort
-      return unless params[:status]
-
-      @presenters.keep_if { |i| i.embargo_status == params[:status] }
-    end
-
-    def sort_and_paginate_datasets
-      @page_presenters = Kaminari.paginate_array(@presenters).page(@page).per(@page_size)
-    end
-
     def setup_facets
       @tenant_facets = StashEngine::Tenant.enabled.sort_by(&:short_name)
     end
@@ -175,12 +165,23 @@ def add_filters
       @users = @users.where(tenant_id: params[:tenant_id]) if params[:tenant_id].present?
     end
 
+    def add_profile_filters
+      @status_facets = @resources.map(&:status).uniq.sort
+      return unless profile_params[:status]
+
+      @resources = @resources.where('stash_engine_curation_activities.status': profile_params[:status])
+    end
+
     def edit_params
       params.permit(:id, :field, :email, :tenant_id)
     end
 
     def role_params
       params.permit(:role, :tenant_role, :publisher, :publisher_role, :funder, :funder_role, :journal_role, journal: %i[value label])
     end
+
+    def profile_params
+      params.permit(:status)
+    end
   end
 end
diff --git a/app/helpers/stash_engine/admin_dashboard_helper.rb b/app/helpers/stash_engine/admin_dashboard_helper.rb
@@ -60,7 +60,9 @@ def csv_report_row(dataset)
                 end].flatten.concat(affs).uniq.reject(&:blank?).first(6).join('; ')
       end
       if @fields.include?('submitter')
-        row << "#{dataset.user.first_name} #{dataset.user.last_name}#{dataset.user.orcid ? " ORCID: #{dataset.user.orcid}" : ''}"
+        row << "#{dataset.submitter&.first_name} #{dataset.submitter&.last_name}#{
+          dataset.submitter.orcid.present? ? " ORCID: #{dataset.submitter.orcid}" : ''
+        }"
       end
       row << StashEngine::CurationActivity.readable_status(dataset.last_curation_activity.status) if @fields.include?('status')
       row << filesize(dataset.total_file_size) if @fields.include?('size')

diff --git a/app/mailers/application_mailer.rb b/app/mailers/application_mailer.rb
@@ -18,7 +18,7 @@ def user_name(user)
 
   def assign_variables(resource)
     @resource = resource
-    @user = resource.owner_author || resource.user
+    @user = resource.owner_author || resource.submitter
     @user_name = user_name(@user)
     @helpdesk_email = APP_CONFIG['helpdesk_email'] || 'help@datadryad.org'
     @bcc_emails = APP_CONFIG['submission_bc_emails'] || [@helpdesk_email]

diff --git a/app/mailers/stash_engine/resource_mailer.rb b/app/mailers/stash_engine/resource_mailer.rb
@@ -90,7 +90,7 @@ def user_name(user)
 
     def assign_variables(resource)
       @resource = resource
-      @user = resource.owner_author || resource.user
+      @user = resource.owner_author || resource.submitter
       @user_name = user_name(@user)
       @helpdesk_email = APP_CONFIG['helpdesk_email'] || 'help@datadryad.org'
       @bcc_emails = APP_CONFIG['submission_bc_emails'] || [@helpdesk_email]