Fix bug where org_admins couldn't promote users

app/controllers/organizations_controller.rb

@@ -59,7 +59,7 @@ def demote_to_user
       RemoveRoleService.call(user_id: params[:user_id],
         resource_type: Role::ORG_ADMIN,
         resource_id: current_organization.id)
-      redirect_to user_update_redirect_path, notice: notice
+      redirect_to user_update_redirect_path, notice: "User has been demoted!"
     rescue => e
       redirect_back(fallback_location: organization_path, alert: e.message)
     end

app/models/user.rb

@@ -120,6 +120,10 @@ def kind
     "normal"
   end
 
+  def is_admin?(org)
+    has_role?(Role::ORG_ADMIN, org) || has_role?(Role::SUPER_ADMIN)
+  end
+
   def switchable_roles
     all_roles = roles.to_a.group_by(&:resource_id)
     all_roles.values.each do |role_list|

app/views/users/_organization_user.html.erb

@@ -17,10 +17,11 @@
         <ul class="dropdown-menu">
           <li>
             <%=
-            edit_button_to(
-              edit_admin_user_path(user),
-              {text: 'Edit User'}
-            )
+              edit_button_to(
+                promote_to_org_admin_organization_path(user_id: user.id, organization_name: current_organization.short_name),
+                {text: 'Promote to Admin'},
+                {method: :post, rel: "nofollow", data: {confirm: 'This will promote the user to admin status. Are you sure that you want to submit this?', size: 'xs'}}
+              )
             %>
           </li>
           <li>
@@ -30,8 +31,8 @@
         </ul>
       </div>
     <% end %>
-    <% if current_user.has_role?(Role::ORG_ADMIN, current_organization) && user.has_role?(Role::ORG_ADMIN, current_organization) %>
-      <%= edit_button_to demote_to_user_organization_path(user_id: user.id),
+    <% if current_user.is_admin?(current_organization) && user.has_role?(Role::ORG_ADMIN, current_organization) %>
+      <%= edit_button_to demote_to_user_organization_path(user_id: user.id, organization_name: current_organization.short_name),
                  {text: 'Demote to User'},
                  {method: :post, rel: "nofollow", data: {confirm: 'This will demote the admin to user status. Are you sure that you want to submit this?', size: 'xs'}} unless user.id == current_user.id %>
     <% end %>

spec/requests/organization_requests_spec.rb

@@ -403,5 +403,23 @@
         expect(response.body).to include(organization.display_last_distribution_date)
       end
     end
+
+    describe "POST #promote_to_org_admin" do
+      before { post promote_to_org_admin_organization_path(user_id: user.id, organization_name: organization.short_name) }
+
+      it "promotes the user to org_admin" do
+        expect(user.has_role?(Role::ORG_ADMIN, organization)).to eq(true)
+        expect(response).to redirect_to(admin_organization_path({ id: organization.id }))
+      end
+    end
+
+    describe "POST #demote_to_user" do
+      before { post demote_to_user_organization_path(user_id: admin_user.id, organization_name: organization.short_name) }
+
+      it "demotes the org_admin to user" do
+        expect(admin_user.reload.has_role?(Role::ORG_ADMIN, admin_user.organization)).to be_falsey
+        expect(response).to redirect_to(admin_organization_path({ id: organization.id }))
+      end
+    end
   end
 end

spec/system/admin/organizations_system_spec.rb

@@ -151,5 +151,30 @@
       expect(page).to have_content("Default email text")
       expect(page).to have_content("Users")
     end
+
+    it "can promote a user to org_admin in the organization" do
+      user = create(:user, name: "User to be promoted", organization: foo_org)
+
+      visit admin_organization_path(foo_org.id)
+      accept_confirm do
+        click_button "Actions"
+        click_link "Promote to Admin"
+      end
+
+      expect(page).to have_content("User has been promoted!")
+      expect(user.has_role?(Role::ORG_ADMIN, foo_org)).to be true
+    end
+
+    it "can demote an org_admin to user in the organization" do
+      user = create(:organization_admin, name: "User to be promoted", organization: foo_org)
+
+      visit admin_organization_path(foo_org.id)
+      accept_confirm do
+        click_link "Demote to User"
+      end
+
+      expect(page).to have_content("User has been demoted!")
+      expect(user.has_role?(Role::ORG_ADMIN, foo_org)).to be false
+    end
   end
 end

spec/system/organization_system_spec.rb

@@ -32,5 +32,28 @@
       expect(page).to have_content("User has been removed!")
       expect(user.has_role?(Role::ORG_USER)).to be false
     end
+
+    it "can promote a user to org_admin in the organization" do
+      user = create(:user, name: "User to be promoted", organization: organization)
+      visit organization_path
+      accept_confirm do
+        click_button dom_id(user, "dropdownMenu")
+        click_link "Promote to Admin"
+      end
+
+      expect(page).to have_content("User has been promoted!")
+      expect(user.has_role?(Role::ORG_ADMIN, organization)).to be true
+    end
+
+    it "can demote an org_admin to user in the organization" do
+      user = create(:organization_admin, name: "User to be demoted", organization: organization)
+      visit organization_path
+      accept_confirm do
+        click_link "Demote to User"
+      end
+
+      expect(page).to have_content("User has been demoted!")
+      expect(user.has_role?(Role::ORG_ADMIN, organization)).to be false
+    end
   end
 end