Message opt-in: use policy for available participants; add policy spec; add request spec for participant list

Author: rsmithlal

app/controllers/better_together/conversations_controller.rb

@@ -147,14 +147,8 @@ def leave_conversation # rubocop:todo Metrics/MethodLength, Metrics/AbcSize
     private
 
     def available_participants
-      participants = Person.all
-
-      unless helpers.current_person.permitted_to?('manage_platform')
-        # only allow messaging platform mangers unless you are a platform_manager
-        participants = participants.where(id: platform_manager_ids)
-      end
-
-      participants
+      # Delegate to policy to centralize participant permission logic
+      ConversationPolicy.new(helpers.current_user, Conversation.new).permitted_participants
     end
 
     def conversation_params
@@ -178,9 +172,6 @@ def set_conversations
                                                                      ]).order(updated_at: :desc).distinct(:id)
     end
 
-    def platform_manager_ids
-      role = BetterTogether::Role.find_by(identifier: 'platform_manager')
-      BetterTogether::PersonPlatformMembership.where(role_id: role.id).pluck(:member_id)
-    end
+    # platform_manager_ids now inferred by policy; kept here only if needed elsewhere
   end
 end

spec/policies/better_together/conversation_policy_spec.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe BetterTogether::ConversationPolicy, type: :policy do
+  include RequestSpecHelper
+
+  let!(:host_platform) { configure_host_platform }
+
+  let!(:manager_user) { create(:user, :confirmed, :platform_manager, password: 'password12345') }
+  let!(:manager_person) { manager_user.person }
+
+  let!(:opted_in_person) do
+    create(:better_together_person, preferences: { receive_messages_from_members: true })
+  end
+
+  let!(:non_opted_person) { create(:better_together_person) }
+
+  describe '#permitted_participants' do
+    context 'when agent is a platform manager' do
+      it 'includes all people' do
+        policy = described_class.new(manager_user, BetterTogether::Conversation.new)
+        ids = policy.permitted_participants.pluck(:id)
+        expect(ids).to include(manager_person.id, opted_in_person.id, non_opted_person.id)
+      end
+    end
+
+    context 'when agent is a regular member' do
+      let!(:regular_user) { create(:user, :confirmed, password: 'password12345') }
+
+      it 'includes platform managers and opted-in members, but not non-opted members' do
+        policy = described_class.new(regular_user, BetterTogether::Conversation.new)
+        people = policy.permitted_participants
+        expect(people).to include(manager_person, opted_in_person)
+        expect(people).not_to include(non_opted_person)
+      end
+    end
+  end
+end

spec/requests/better_together/conversations_request_spec.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'BetterTogether::Conversations' do
+  include RequestSpecHelper
+
+  before do
+    configure_host_platform
+  end
+
+  let!(:manager_user) do
+    create(:user, :confirmed, :platform_manager, email: '[email protected]', password: 'password12345')
+  end
+  let!(:opted_in_person) do
+    create(:better_together_person, preferences: { receive_messages_from_members: true }, name: 'Opted In User')
+  end
+  let!(:non_opted_person) { create(:better_together_person, name: 'Non Opted User') }
+
+  describe 'GET /conversations/new' do
+    context 'as a regular member' do
+      let!(:regular_user) { create(:user, :confirmed, email: '[email protected]', password: 'password12345') }
+
+      before do
+        login(regular_user.email, 'password12345')
+      end
+
+      it 'lists platform managers and opted-in members, but excludes non-opted members' do
+        get better_together.new_conversation_path(locale: I18n.default_locale)
+        expect(response).to have_http_status(:ok)
+        # Includes manager and opted-in person in the select options
+        expect(response.body).to include(manager_user.person.name)
+        expect(response.body).to include('Opted In User')
+        # Excludes non-opted person
+        expect(response.body).not_to include('Non Opted User')
+      end
+    end
+
+    context 'as a platform manager' do
+      before do
+        login(manager_user.email, 'password12345')
+      end
+
+      it 'lists all people as available participants' do
+        get better_together.new_conversation_path(locale: I18n.default_locale)
+        expect(response).to have_http_status(:ok)
+        expect(response.body).to include(manager_user.person.name)
+        expect(response.body).to include('Opted In User')
+        expect(response.body).to include('Non Opted User')
+      end
+    end
+  end
+end