Merge b4ae9d8 into b0959f7

app/controllers/decidim/decidim_awesome/admin/admin_actions_controller.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Decidim
+  module DecidimAwesome
+    module Admin
+      class AdminActionsController < DecidimAwesome::Admin::ApplicationController
+        include NeedsAwesomeConfig
+
+        layout "decidim/admin/users"
+        before_action do
+          enforce_permission_to :edit_config, :allow_admin_accountability
+        end
+
+        def index; end
+
+        def export_xls
+          # TODO: export to xls
+        end
+      end
+    end
+  end
+end

app/views/decidim/decidim_awesome/admin/admin_actions/index.html.erb

@@ -0,0 +1,8 @@
+<div class="card">
+  <div class="card-divider">
+    <h2 class="card-title"><%= t("menu.admin_accountability", scope: "decidim.admin", default: "Admin accountability") %></h2>
+  </div>
+  <div class="card-section">
+    <p>List of admin actions</p>
+  </div>
+</div>

config/locales/en.yml

@@ -60,6 +60,7 @@ en:
   decidim:
     admin:
       menu:
+        admin_accountability: Admin accountability
         decidim_awesome: Decidim awesome
     components:
       awesome_iframe:

lib/decidim/decidim_awesome/admin_engine.rb

@@ -22,6 +22,7 @@ class AdminEngine < ::Rails::Engine
         resources :scoped_styles, param: :var, only: [:create, :destroy]
         resources :proposal_custom_fields, param: :var, only: [:create, :destroy]
         resources :scoped_admins, param: :var, only: [:create, :destroy]
+        resources :admin_actions, only: [:index, :export_xls]
         get :users, to: "config#users"
         post :rename_scope_label, to: "config#rename_scope_label"
         get :checks, to: "checks#index"
@@ -47,6 +48,18 @@ class AdminEngine < ::Rails::Engine
         end
       end
 
+      initializer "decidim_awesome.admin_menu" do
+        Decidim.menu :admin_user_menu do |menu|
+          if DecidimAwesome.enabled? :allow_admin_accountability
+            menu.add_item :admin_accountability,
+                          I18n.t("menu.admin_accountability", scope: "decidim.admin", default: "Admin accountability"),
+                          decidim_admin_decidim_awesome.admin_actions_path,
+                          active: is_active_link?(decidim_admin_decidim_awesome.admin_actions_path, :inclusive),
+                          position: 7
+          end
+        end
+      end
+
       def load_seed
         nil
       end

lib/decidim/decidim_awesome/awesome.rb

@@ -221,6 +221,12 @@ module DecidimAwesome
       }
     end
 
+    # If true, enables a new section in "Participants" where to audit all the admin roles that have been enabled/disabled historically in Decidim
+    # Set to :disabled to completly remove this feature
+    config_accessor :allow_admin_accountability do
+      true
+    end
+
     #
     # HELPERS
     #

spec/controllers/admin/admin_actions_controller_spec.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+module Decidim::DecidimAwesome
+  module Admin
+    describe AdminActionsController, type: :controller do
+      routes { Decidim::DecidimAwesome::AdminEngine.routes }
+
+      let(:user) { create(:user, :confirmed, :admin, organization: organization) }
+      let(:organization) { create(:organization) }
+      let(:allow_admin_accountability) { true }
+
+      before do
+        request.env["decidim.current_organization"] = user.organization
+        sign_in user, scope: :user
+
+        allow(Decidim::DecidimAwesome.config).to receive(:allow_admin_accountability).and_return(allow_admin_accountability)
+      end
+
+      describe "GET #index" do
+        context "when admin accountability is enabled" do
+          it "returns http success" do
+            get :index, params: {}
+            expect(response).to have_http_status(:success)
+          end
+        end
+
+        context "when admin accountability is disabled" do
+          let!(:allow_admin_accountability) { :disabled }
+
+          it "returns http success" do
+            get :index, params: {}
+            expect(response).to have_http_status(:found)
+          end
+        end
+      end
+    end
+  end
+end

spec/permissions/admin/permissions_spec.rb

@@ -63,5 +63,22 @@ module Decidim::DecidimAwesome::Admin
 
       it_behaves_like "permission is not set"
     end
+
+    context "when accessing admin_accountability" do
+      let(:feature) { :allow_admin_accountability }
+      let(:status) { true }
+
+      before do
+        allow(Decidim::DecidimAwesome.config).to receive(:allow_admin_accountability).and_return(status)
+      end
+
+      it { is_expected.to eq true }
+
+      context "when admin_accountability is disabled" do
+        let(:status) { :disabled }
+
+        it_behaves_like "permission is not set"
+      end
+    end
   end
 end

spec/system/admin/admin_accountability_spec.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+describe "Admin accountability", type: :system do
+  let(:organization) { create :organization }
+  let!(:user) { create :user, :admin, :confirmed, organization: organization }
+  let(:status) { true }
+
+  before do
+    allow(Decidim::DecidimAwesome.config).to receive(:allow_admin_accountability).and_return(status)
+    switch_to_host(organization.host)
+    login_as user, scope: :user
+
+    visit decidim_admin.root_path
+  end
+
+  context "when admin accountability is enabled" do
+    it "shows the admin accountability link" do
+      click_link "Participants"
+
+      expect(page).to have_content("Admin accountability")
+    end
+  end
+
+  context "when admin accountability is disabled" do
+    let(:status) { :disabled }
+
+    it "does not show the admin accountability link" do
+      click_link "Participants"
+
+      expect(page).not_to have_content("Admin accountability")
+    end
+  end
+end