chore: Clean up report & knowledge base policies (#11234)

- Removes the portal_members table and all associated records - Updates policies to use custom roles with knowledge_base_manage permission - Updates controllers, models, and views to work without portal membership - Adds tests for the new permission model
2025-04-03 16:00:32 -07:00
parent 196bdf15af
commit 1a78a9243f
36 changed files with 694 additions and 232 deletions
--- a/app/controllers/api/v1/accounts/portals_controller.rb
+++ b/app/controllers/api/v1/accounts/portals_controller.rb
@@ -9,11 +9,6 @@ class Api::V1::Accounts::PortalsController < Api::V1::Accounts::BaseController
    @portals = Current.account.portals
  end

-  def add_members
-    agents = Current.account.agents.where(id: portal_member_params[:member_ids])
-    @portal.members << agents
-  end
-
  def show
    @all_articles = @portal.articles
    @articles = @all_articles.search(locale: params[:locale])
@@ -85,10 +80,6 @@ class Api::V1::Accounts::PortalsController < Api::V1::Accounts::BaseController
    { channel_web_widget_id: inbox.channel.id }
  end

-  def portal_member_params
-    params.require(:portal).permit(:account_id, member_ids: [])
-  end
-
  def set_current_page
    @current_page = params[:page] || 1
  end
--- a/app/controllers/api/v2/accounts/reports_controller.rb
+++ b/app/controllers/api/v2/accounts/reports_controller.rb
@@ -66,9 +66,7 @@ class Api::V2::Accounts::ReportsController < Api::V1::Accounts::BaseController
  end

  def check_authorization
-    return if Current.account_user.administrator?
-
-    raise Pundit::NotAuthorizedError
+    authorize :report, :view?
  end

  def common_params
@@ -137,5 +135,3 @@ class Api::V2::Accounts::ReportsController < Api::V1::Accounts::BaseController
    V2::ReportBuilder.new(Current.account, conversation_params).conversation_metrics
  end
 end
-
-Api::V2::Accounts::ReportsController.prepend_mod_with('Api::V2::Accounts::ReportsController')
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -2,20 +2,19 @@
 #
 # Table name: accounts
 #
-#  id                         :integer          not null, primary key
-#  auto_resolve_duration      :integer
-#  contactable_contacts_count :integer          default(0)
-#  custom_attributes          :jsonb
-#  domain                     :string(100)
-#  feature_flags              :bigint           default(0), not null
-#  internal_attributes        :jsonb            not null
-#  limits                     :jsonb
-#  locale                     :integer          default("en")
-#  name                       :string           not null
-#  status                     :integer          default("active")
-#  support_email              :string(100)
-#  created_at                 :datetime         not null
-#  updated_at                 :datetime         not null
+#  id                    :integer          not null, primary key
+#  auto_resolve_duration :integer
+#  custom_attributes     :jsonb
+#  domain                :string(100)
+#  feature_flags         :bigint           default(0), not null
+#  internal_attributes   :jsonb            not null
+#  limits                :jsonb
+#  locale                :integer          default("en")
+#  name                  :string           not null
+#  status                :integer          default("active")
+#  support_email         :string(100)
+#  created_at            :datetime         not null
+#  updated_at            :datetime         not null
 #
 # Indexes
 #
--- a/app/models/portal.rb
+++ b/app/models/portal.rb
@@ -30,14 +30,6 @@ class Portal < ApplicationRecord
  has_many :categories, dependent: :destroy_async
  has_many :folders,  through: :categories
  has_many :articles, dependent: :destroy_async
-  has_many :portal_members,
-           class_name: :PortalMember,
-           dependent: :destroy_async
-  has_many :members,
-           through: :portal_members,
-           class_name: :User,
-           dependent: :nullify,
-           source: :user
  has_one_attached :logo
  has_many :inboxes, dependent: :nullify
  belongs_to :channel_web_widget, class_name: 'Channel::WebWidget', optional: true
@@ -49,8 +41,6 @@ class Portal < ApplicationRecord
  validates :custom_domain, uniqueness: true, allow_nil: true
  validate :config_json_format

-  accepts_nested_attributes_for :members
-
  scope :active, -> { where(archived: false) }

  CONFIG_JSON_KEYS = %w[allowed_locales default_locale website_token].freeze
--- a/app/models/portal_member.rb
+++ b/app/models/portal_member.rb
@@ -1,20 +0,0 @@
-# == Schema Information
-#
-# Table name: portal_members
-#
-#  id         :bigint           not null, primary key
-#  created_at :datetime         not null
-#  updated_at :datetime         not null
-#  portal_id  :bigint
-#  user_id    :bigint
-#
-# Indexes
-#
-#  index_portal_members_on_portal_id_and_user_id  (portal_id,user_id) UNIQUE
-#  index_portal_members_on_user_id_and_portal_id  (user_id,portal_id) UNIQUE
-#
-class PortalMember < ApplicationRecord
-  belongs_to :portal, class_name: 'Portal'
-  belongs_to :user, class_name: 'User'
-  validates :user_id, uniqueness: { scope: :portal_id }
-end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -95,10 +95,6 @@ class User < ApplicationRecord
  has_many :team_members, dependent: :destroy_async
  has_many :teams, through: :team_members
  has_many :articles, foreign_key: 'author_id', dependent: :nullify, inverse_of: :author
-  has_many :portal_members, class_name: :PortalMember, dependent: :destroy_async
-  has_many :portals, through: :portal_members, source: :portal,
-                     class_name: :Portal,
-                     dependent: :nullify
  # rubocop:disable Rails/HasManyOrHasOneDependent
  # we are handling this in `remove_macros` callback
  has_many :macros, foreign_key: 'created_by_id', inverse_of: :created_by
--- a/app/policies/article_policy.rb
+++ b/app/policies/article_policy.rb
@@ -1,37 +1,31 @@
 class ArticlePolicy < ApplicationPolicy
  def index?
-    @account_user.administrator? || @account.users.include?(@user)
+    @account.users.include?(@user)
  end

  def update?
-    @account_user.administrator? || portal_member?
+    @account_user.administrator?
  end

  def show?
-    @account_user.administrator? || portal_member?
+    @account_user.administrator?
  end

  def edit?
-    @account_user.administrator? || portal_member?
+    @account_user.administrator?
  end

  def create?
-    @account_user.administrator? || portal_member?
+    @account_user.administrator?
  end

  def destroy?
-    @account_user.administrator? || portal_member?
+    @account_user.administrator?
  end

  def reorder?
-    @account_user.administrator? || portal_member?
-  end
-
-  private
-
-  def portal_member?
-    @record.first.portal.members.include?(@user)
+    @account_user.administrator?
  end
 end

-ArticlePolicy.prepend_mod_with('Enterprise::ArticlePolicy')
+ArticlePolicy.prepend_mod_with('ArticlePolicy')
--- a/app/policies/category_policy.rb
+++ b/app/policies/category_policy.rb
@@ -1,33 +1,27 @@
 class CategoryPolicy < ApplicationPolicy
  def index?
-    @account_user.administrator? || @account.users.include?(@user)
+    @account.users.include?(@user)
  end

  def update?
-    @account_user.administrator? || portal_member?
+    @account_user.administrator?
  end

  def show?
-    @account_user.administrator? || portal_member?
+    @account_user.administrator?
  end

  def edit?
-    @account_user.administrator? || portal_member?
+    @account_user.administrator?
  end

  def create?
-    @account_user.administrator? || portal_member?
+    @account_user.administrator?
  end

  def destroy?
-    @account_user.administrator? || portal_member?
-  end
-
-  private
-
-  def portal_member?
-    @record.first.portal.members.include?(@user)
+    @account_user.administrator?
  end
 end

-CategoryPolicy.prepend_mod_with('Enterprise::CategoryPolicy')
+CategoryPolicy.prepend_mod_with('CategoryPolicy')
--- a/app/policies/portal_policy.rb
+++ b/app/policies/portal_policy.rb
@@ -1,6 +1,6 @@
 class PortalPolicy < ApplicationPolicy
  def index?
-    @account_user.administrator? || @account.users.include?(@user)
+    @account.users.include?(@user)
  end

  def update?
@@ -8,7 +8,7 @@ class PortalPolicy < ApplicationPolicy
  end

  def show?
-    @account_user.administrator? || portal_member?
+    @account.users.include?(@user)
  end

  def edit?
@@ -23,19 +23,9 @@ class PortalPolicy < ApplicationPolicy
    @account_user.administrator?
  end

-  def add_members?
-    @account_user.administrator?
-  end
-
  def logo?
    @account_user.administrator?
  end
-
-  private
-
-  def portal_member?
-    @record.first.members.include?(@user)
-  end
 end

-PortalPolicy.prepend_mod_with('Enterprise::PortalPolicy')
+PortalPolicy.prepend_mod_with('PortalPolicy')
--- a/app/policies/report_policy.rb
+++ b/app/policies/report_policy.rb
@@ -4,4 +4,4 @@ class ReportPolicy < ApplicationPolicy
  end
 end

-ReportPolicy.prepend_mod_with('Enterprise::ReportPolicy')
+ReportPolicy.prepend_mod_with('ReportPolicy')
--- a/app/views/api/v1/accounts/portals/_portal.json.jbuilder
+++ b/app/views/api/v1/accounts/portals/_portal.json.jbuilder
@@ -25,14 +25,6 @@ end

 json.logo portal.file_base_data if portal.logo.present?

-json.portal_members do
-  if portal.members.any?
-    json.array! portal.members.each do |member|
-      json.partial! 'api/v1/models/agent', formats: [:json], resource: member
-    end
-  end
-end
-
 json.meta do
  json.all_articles_count articles.try(:size)
  json.archived_articles_count articles.try(:archived).try(:size)