Extract Role check to a background job

When using SSO, the Discourse sends a list of the user groups.
We take the opportunity to update Agency information for the user.
This is performed as a background job, as it involves networked
requests to the Discourse, e.g., to verify group ownership...

2 files changed, 57 insertions, 9 deletions

diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb
index ae24138..0ca7af4 100644
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -53,16 +53,10 @@ class WelcomeController < ApplicationController
                         raise
                       end
       # Update user agents
-      # TODO: do it as a background job, it has nothing to do here.
-      @sso.user_info[:groups].split(',').each do |g|
-        a = Agent.find_by_name(g)
-        if a
-          # TODO: call Discourse and make :leader if group owner
-          # TODO: do not create the record if it exists
-          a.agencies.create(user: u, roles: 2) # make new user an editor
-          Rails.logger.info('User has Agent %s' % g)
-        end
+      if @current_user.present?
+        AgencyWatcherJob.perform_later(@current_user, @sso.user_info[:groups].split(','))
       end
+      # Save User ID in session
       session[:current_user] = @current_user[:external_id]
     end
 
diff --git a/app/jobs/agency_watcher_job.rb b/app/jobs/agency_watcher_job.rb
new file mode 100644
index 0000000..5cc0256
--- /dev/null
+++ b/app/jobs/agency_watcher_job.rb
@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+# = AgencyWatcherJob
+#
+# This job performs checks on existing records for the given user and group
+# names and updates Agencies accordingly.
+#
+# @param user (User) currently logged in user
+# @param groups (Array) a list of group names
+#
+class AgencyWatcherJob < ApplicationJob
+  queue_as :default
+
+  def perform(user, groups)
+    # Check groups against user agents
+    existing_agents = Agent.where(name: groups)
+    existing_agent_names = existing_agents.map(&:name)
+
+    groups.each do |g|
+      # Only work with existing agents
+      next unless existing_agent_names.include?(g)
+
+      a = existing_agents.select { |a| a.name = g }.first
+
+      Rails.logger.debug("AgencyWatcher checking roles for %s in %s" % [user.username, g])
+      # Check if user is a group owner
+      r = a.agencies.find_or_create_by(user: user)
+      if !r.leader? && is_group_owner?(g, user.username)
+        Rails.logger.debug("AgencyWatcher: grant leader to %s in %s" % [user.username, g])
+        # Grant leader
+        r.grant(:leader)
+      elsif r.roles == 0
+        # No role: grant editor
+        Rails.logger.debug("AgencyWatcher: grant editor to %s in %s" % [user.username, g])
+        r.grant(:observer)
+      else
+        # No change
+        Rails.logger.debug("AgencyWatcher: %s's roles in %s are %s" % [user.username, g, r.bitfield_values(:roles)])
+      end
+    end
+  end
+
+  private
+
+  # Connect to Discourse and check whether current user is a group owner
+  def is_group_owner?(group, username)
+    c = ::DiscourseApi::Client.new('https://talk.incommon.cc')
+    c.api_key = Rails.application.credentials.talk_api_key
+    c.api_username = username
+
+    group = c.group(group)
+    group['group']['is_group_owner'] == true
+  end
+end