From b44acbbaeb2e7f115c2212d39fdcbd522b369eaf Mon Sep 17 00:00:00 2001
From: Brock Wilcox <awwaiid@thelackthereof.org>
Date: Fri, 23 Aug 2024 15:45:59 -0400
Subject: [PATCH] Require a partner for the partner dashboard (#4063)

* Require a partner for the partner dashboard

* Validate that a non-partner user gets redirected

* Centralize partner-user requirement to partner base controller

* Clean out the lint!

* Fix redirect spec
---
 app/controllers/partners/base_controller.rb       | 11 +++++++++++
 spec/requests/partners/dashboard_requests_spec.rb | 10 ++++++++++
 2 files changed, 21 insertions(+)

diff --git a/app/controllers/partners/base_controller.rb b/app/controllers/partners/base_controller.rb
index 0b217375d1..37435df4a6 100644
--- a/app/controllers/partners/base_controller.rb
+++ b/app/controllers/partners/base_controller.rb
@@ -2,12 +2,23 @@ module Partners
   class BaseController < ApplicationController
     layout 'partners/application'
 
+    before_action :require_partner
+
     private
 
     def redirect_to_root
       redirect_to root_path
     end
 
+    def require_partner
+      unless current_partner
+        respond_to do |format|
+          format.html { redirect_to dashboard_path, flash: {error: "Logged in user is not set up as a 'partner'."} }
+          format.json { render body: nil, status: :forbidden }
+        end
+      end
+    end
+
     def verify_partner_is_active
       if current_partner.deactivated?
         flash[:alert] = 'Your account has been disabled, contact the organization via their email to reactivate'
diff --git a/spec/requests/partners/dashboard_requests_spec.rb b/spec/requests/partners/dashboard_requests_spec.rb
index 761f379abb..b800f4f776 100644
--- a/spec/requests/partners/dashboard_requests_spec.rb
+++ b/spec/requests/partners/dashboard_requests_spec.rb
@@ -86,6 +86,16 @@
     end
   end
 
+  context "without a partner role" do
+    it "should redirect to the organization dashboard" do
+      partner_user.add_role(Role::ORG_USER, @organization)
+      partner_user.remove_role(Role::PARTNER, partner)
+      allow(UsersRole).to receive(:current_role_for).and_return(partner_user.roles.find_by(name: "partner"))
+      get partners_dashboard_path
+      expect(response).to redirect_to(dashboard_path)
+    end
+  end
+
   context "BroadcastAnnouncement card" do
     it "displays announcements if there are valid ones" do
       BroadcastAnnouncement.create(message: "test announcement", user_id: user.id, organization_id: organization.id)