From 729dc9d658e445bbea267610981f34b5f5674cd4 Mon Sep 17 00:00:00 2001 From: David Cook Date: Mon, 31 Mar 2025 15:58:49 +1100 Subject: [PATCH] Move mask logic to separate module And cross-reference similar files so we don't miss it next time\! --- app/services/orders/mask_data_service.rb | 3 ++ lib/reporting/queries/mask_data.rb | 36 ++++++++++++++++++++++++ lib/reporting/queries/query_builder.rb | 23 +-------------- 3 files changed, 40 insertions(+), 22 deletions(-) create mode 100644 lib/reporting/queries/mask_data.rb diff --git a/app/services/orders/mask_data_service.rb b/app/services/orders/mask_data_service.rb index 78761d3087..9ec6962dca 100644 --- a/app/services/orders/mask_data_service.rb +++ b/app/services/orders/mask_data_service.rb @@ -1,5 +1,8 @@ # frozen_string_literal: true +# Mask user data from suppliers, unless explicitly allowed +# See also: lib/reporting/queries/mask_data.rb +# module Orders class MaskDataService def initialize(order) diff --git a/lib/reporting/queries/mask_data.rb b/lib/reporting/queries/mask_data.rb new file mode 100644 index 0000000000..5ef7ccf1cb --- /dev/null +++ b/lib/reporting/queries/mask_data.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +# Mask user data from suppliers, unless explicitly allowed +# See also: app/services/orders/mask_data_service.rb +# +module Reporting + module Queries + module MaskData + include Tables + + def mask_customer_name(field) + masked(field, managed_order_mask_rule(:show_customer_names_to_suppliers)) + end + + def mask_contact_data(field) + masked(field, managed_order_mask_rule(:show_customer_contacts_to_suppliers)) + end + + def masked(field, mask_rule = nil) + Arel::Nodes::Case.new. + when(mask_rule). + then(field). + else(quoted(I18n.t("hidden_field", scope: i18n_scope))) + end + + private + + # Show unmasked data if order is managed by user, or if distributor allows suppliers + def managed_order_mask_rule(condition_name) + id = raw("#{managed_orders_alias.name}.id") # rubocop:disable Rails/OutputSafety + line_item_table[:order_id].in(id). + or(distributor_alias[condition_name].eq(true)) + end + end + end +end diff --git a/lib/reporting/queries/query_builder.rb b/lib/reporting/queries/query_builder.rb index 4e580cbb2c..c659bcecc7 100644 --- a/lib/reporting/queries/query_builder.rb +++ b/lib/reporting/queries/query_builder.rb @@ -5,6 +5,7 @@ module Reporting class QueryBuilder < QueryInterface include Joins include Tables + include MaskData attr_reader :grouping_fields @@ -49,21 +50,6 @@ module Reporting reflect query.order(*instance_exec(&ordering_fields)) end - def mask_customer_name(field) - masked(field, managed_order_mask_rule(:show_customer_names_to_suppliers)) - end - - def mask_contact_data(field) - masked(field, managed_order_mask_rule(:show_customer_contacts_to_suppliers)) - end - - def masked(field, mask_rule = nil) - Case.new. - when(mask_rule). - then(field). - else(quoted(I18n.t("hidden_field", scope: i18n_scope))) - end - def distinct_results(fields = nil) return reflect query.distinct if fields.blank? @@ -88,13 +74,6 @@ module Reporting private - # Show unmasked data if order is managed by user, or if distributor allows suppliers - def managed_order_mask_rule(condition_name) - id = raw("#{managed_orders_alias.name}.id") # rubocop:disable Rails/OutputSafety - line_item_table[:order_id].in(id). - or(distributor_alias[condition_name].eq(true)) - end - def summary_row_title I18n.t("total", scope: i18n_scope) end