Seed database with Rolify roles and tweak config

reefdog · reefdog · commit d27e0a8ec20c · 2022-09-20T10:49:22.000-05:00
This commit addresses some excellent @cguess feedback in PR #349: - Disable the Rolify `config.remove_role_if_empty`, which would purge unused roles automatically once the last resource used them. We don’t want this until we know that we do. - Seeds the database with the actual known/defined roles. - Updates the documentation about our architecture with the roles. Issue #299
diff --git a/config/initializers/rolify.rb b/config/initializers/rolify.rb
@@ -3,8 +3,14 @@
   # config.use_mongoid
 
   # Dynamic shortcuts for User class (user.is_admin? like methods). Default is: false
+  #
+  # Enabled because these are convenient methods, and according to the Rolify documentation they
+  # are generated at boot time (and when `add_role` is run), so shouldn't hurt performance.
   config.use_dynamic_shortcuts
 
   # Configuration to remove roles from database once the last resource is removed. Default is: true
-  # config.remove_role_if_empty = false
+  #
+  # Toggled to false because we have well-defined user roles that we don't want removed, even if
+  # the last user using them is deleted.
+  config.remove_role_if_empty = false
 end
diff --git a/db/seeds.rb b/db/seeds.rb
@@ -8,6 +8,13 @@
 #   movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }])
 #   Character.create(name: 'Luke', movie: movies.first)
 
+Role.create!([
+  { name: "new_user" },
+  { name: "insights_user" },
+  { name: "media_vault_user" },
+  { name: "admin" },
+])
+
 easy_password = "password123"
 
 # Super-admin account; no applicant necessary.
diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md
@@ -21,7 +21,14 @@ Zenodotus allows its users to search its archive using image or text inputs. Sea
 
 ## User model
 
-Zenodotus' `User` model handles authentication for the app via [Devise](https://github.com/heartcombo/devise). Roles are managed with the Rolify gem. Internal users have the `:admin` role and are recognized with the `is_admin?` helper (provided by Rolify automatically).
+Zenodotus' `User` model handles authentication for the app via [Devise](https://github.com/heartcombo/devise). Roles are managed with the Rolify gem, which also generates role-specific helpers (e.g., `is_admin?`) at boot time.
+
+Roles:
+
+- `new_user`: Indicates a user was newly-created and has not yet gone through the setup process (clicked the link in their welcome email and chosen their own password). Applied to every new user created from an applicant, and removed when they have completed their own setup process.
+- `insights_user`: Indicates a user has access to Fact-Check Insights. Applied to every new user created from an applicant.
+- `media_vault_user`: Indicates a user has access to MediaVault. Currently only applied manually.
+- `admin`: Indicates a user is authorized to administrate the site. (I.e., an internal user.)
 
 ## MediaReview
 Coming soon
