26b0560c-7626-477e-897f-b1bc76098c00

Committed 28 Aug 2025 06:13PM UTC coverage: 59.514% (-12.6%) from 72.086%

Build # 26b0560c-7626-477e-897f-b1bc76098c00

Build Type

push

circleci

Committed by

web-flow

Commit Message

LIBSCHOLAR-25 Run Brakeman on PRs (#1186)

* Add brakeman workflow and ruby installation action

* Add Brakeman CI workflow with high-confidence fail and report uploads

* Only warn if brakeman isn't updated

* Update brakeman to 5.4.1 in Gemfile.lock

* Update brakeman.ignore file

* Re-add ignore for EOL Rails

Run Details

2252 of 3784 relevant lines covered (59.51%)

53.64 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

68.18

/app/controllers/display_users_controller.rb

# frozen_string_literal: true

class DisplayUsersController < Hyrax::UsersController
  def index
    all_users = search(params[:uq])
    filtered_users = exclude_admins_and_non_owners(all_users)
    @users = get_current_page(filtered_users)
  end

  def search(query)
    clause = query.blank? ? nil : "%" + query.downcase.strip + "%"
    base = ::User.where(*base_query)
    if clause.present?
      base = base.where("#{Devise.authentication_keys.first} like lower(?)
                           OR display_name like lower(?)
                           OR first_name like lower(?)
                           OR last_name like lower(?)", clause, clause, clause, clause)
    end
    base.where("#{Devise.authentication_keys.first} not in (?)", [::User.batch_user_key, ::User.audit_user_key])
        .where(guest: false)
        .references(:trophies)
        .order(sort_value)
  end

  protected

  def sort_value
    sort = params[:sort].presence || "name"
    case sort
    when 'name'
      'last_name'
    when 'name desc'
      'last_name DESC'
    end
  end

  def exclude_admins_and_non_owners(users)
    users.to_a.delete_if do |user|
      !(current_user && current_user&.admin?) && (user_work_count(user)&.zero? || user&.admin?)
    end
  end

  def get_current_page(users)
    ::User.where(id: users.map(&:id)).order(sort_value).page(params[:page]).per(10)
  end
end

1	# frozen_string_literal: true
2
3	class DisplayUsersController < Hyrax::UsersController	1✔
4	def index	1✔
5	all_users = search(params[:uq])	×
6	filtered_users = exclude_admins_and_non_owners(all_users)	×
7	@users = get_current_page(filtered_users)	×
8	end
9
10	def search(query)	1✔
11	clause = query.blank? ? nil : "%" + query.downcase.strip + "%"	1✔
12	base = ::User.where(*base_query)	1✔
13	if clause.present?	1✔
14	base = base.where("#{Devise.authentication_keys.first} like lower(?)	1✔
15	OR display_name like lower(?)
16	OR first_name like lower(?)
17	OR last_name like lower(?)", clause, clause, clause, clause)
18	end
19	base.where("#{Devise.authentication_keys.first} not in (?)", [::User.batch_user_key, ::User.audit_user_key])	1✔
20	.where(guest: false)
21	.references(:trophies)
22	.order(sort_value)
23	end
24
25	protected	1✔
26
27	def sort_value	1✔
28	sort = params[:sort].presence \|\| "name"	1✔
29	case sort	1✔
30	when 'name'
31	'last_name'	1✔
32	when 'name desc'
33	'last_name DESC'	×
34	end
35	end
36
37	def exclude_admins_and_non_owners(users)	1✔
38	users.to_a.delete_if do \|user\|	×
39	!(current_user && current_user&.admin?) && (user_work_count(user)&.zero? \|\| user&.admin?)	×
40	end
41	end
42
43	def get_current_page(users)	1✔
44	::User.where(id: users.map(&:id)).order(sort_value).page(params[:page]).per(10)	×
45	end
46	end

uclibs / ucrate / 26b0560c-7626-477e-897f-b1bc76098c00

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous