From 72d83bcd44ac37384ed99c5fb9c00b17a3923b41 Mon Sep 17 00:00:00 2001
From: kosiakkatrina <54268893+kosiakkatrina@users.noreply.github.com>
Date: Fri, 25 Oct 2024 13:15:45 +0100
Subject: [PATCH] Fix role updates (#2727)

* Allow some providers to update role on staging

* Refactor
---
 app/controllers/users_controller.rb | 17 ++++++++++-------
 app/models/user.rb                  |  6 +++++-
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index b7c323ca1..f27bfc2b3 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -257,13 +257,7 @@ private
 
   def user_params
     if @user == current_user
-      if current_user.data_coordinator?
-        params.require(:user).permit(:email, :phone, :phone_extension, :name, :password, :password_confirmation, :role, :is_dpo, :is_key_contact, :initial_confirmation_sent)
-      elsif current_user.support?
-        params.require(:user).permit(:email, :phone, :phone_extension, :name, :password, :password_confirmation, :role, :is_dpo, :is_key_contact, :initial_confirmation_sent, :organisation_id)
-      else
-        params.require(:user).permit(:email, :phone, :phone_extension, :name, :password, :password_confirmation, :initial_confirmation_sent)
-      end
+      current_user_params
     elsif current_user.data_coordinator?
       params.require(:user).permit(:email, :phone, :phone_extension, :name, :role, :is_dpo, :is_key_contact, :active, :initial_confirmation_sent)
     elsif current_user.support?
@@ -271,6 +265,15 @@ private
     end
   end
 
+  def current_user_params
+    base_params = %i[email phone phone_extension name password password_confirmation initial_confirmation_sent]
+    return params.require(:user).permit(*(base_params + %i[role is_dpo is_key_contact])) if current_user.data_coordinator?
+    return params.require(:user).permit(*(base_params + %i[role is_dpo is_key_contact organisation_id])) if current_user.support?
+    return params.require(:user).permit(*(base_params + [:role])) if Rails.env.staging? && current_user.in_staging_role_update_email_allowlist?
+
+    params.require(:user).permit(*base_params)
+  end
+
   def user_params_without_org
     user_params.except(:organisation_id)
   end
diff --git a/app/models/user.rb b/app/models/user.rb
index 0d3bc4846..75b5a366b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -212,7 +212,7 @@ class User < ApplicationRecord
   end
 
   def assignable_roles
-    if Rails.env.staging? && Rails.application.credentials[:staging_role_update_email_allowlist].include?(email.split("@").last.downcase)
+    if Rails.env.staging? && in_staging_role_update_email_allowlist?
       return ROLES
     end
 
@@ -222,6 +222,10 @@ class User < ApplicationRecord
     ROLES.except(:support)
   end
 
+  def in_staging_role_update_email_allowlist?
+    Rails.application.credentials[:staging_role_update_email_allowlist].include?(email.split("@").last.downcase)
+  end
+
   def logs_filters(specific_org: false)
     if (support? && !specific_org) || organisation.has_managing_agents? || organisation.has_stock_owners?
       %w[years status needstypes assigned_to user owning_organisation managing_organisation bulk_upload_id user_text_search owning_organisation_text_search managing_organisation_text_search]