Merge pull request #4456 from nhsuk/seed-user-roles

thomasleese · web-flow · commit 00cf83412bd1 · 2025-09-01T11:35:28.000+01:00
Fix user roles in seeds
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
@@ -8,8 +8,4 @@ class Users::SessionsController < Devise::SessionsController
   before_action :store_redirect_uri!, only: :new
 
   layout "one_half"
-
-  def create
-    super { |user| user.update!(show_in_suppliers: user.is_nurse?) }
-  end
 end
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -407,11 +407,12 @@
       user&.update!(session_token: nil, reporting_api_session_token: nil)
     end
   else
-    Warden::Manager.after_authentication do |user, _auth, _opts|
+    Warden::Manager.after_authentication do |user, _warden, _opts|
       user&.reporting_api_session_token = SecureRandom.hex(32)
+      user&.show_in_suppliers = user&.is_nurse?
     end
 
-    Warden::Manager.before_logout do |user, _auth, _opts|
+    Warden::Manager.before_logout do |user, _warden, _opts|
       # we use this syntax to stop CodeQL complaining about bypassing validations
       # (which we have to do to support local development when password auth is enabled
       # and you're using the example user created in db/seeds)
diff --git a/db/seeds.rb b/db/seeds.rb
@@ -32,30 +32,28 @@ def create_team(ods_code:)
     )
 end
 
-def create_user(team:, email: nil, uid: nil, fallback_role: :nurse)
+def create_user(role, team:, email: nil, uid: nil)
   if uid
     User.find_by(uid:) ||
       FactoryBot.create(
-        :user,
+        role,
         uid:,
         family_name: "Flo",
         given_name: "Nurse",
         email: "nurse.flo@example.nhs.uk",
         provider: "cis2",
-        team:,
-        fallback_role:
+        team:
         # password: Do not set this as they should not log in via password
       )
   elsif email
     User.find_by(email:) ||
       FactoryBot.create(
-        :user,
+        role,
         family_name: email.split("@").first.split(".").last.capitalize,
         given_name: email.split("@").first.split(".").first.capitalize,
         email:,
         password: email,
-        team:,
-        fallback_role:
+        team:
       )
   else
     raise "No email or UID provided"
@@ -259,14 +257,10 @@ def create_team_sessions(user, team)
   # Don't create Nurse Joy's team on a CIS2 env, because password authentication
   # is not available and password= fails to run.
   team = create_team(ods_code: "R1L")
-  user = create_user(team:, email: "nurse.joy@example.com")
-  create_user(team:, email: "admin.hope@example.com", fallback_role: "admin")
-  create_user(team:, email: "superuser@example.com", fallback_role: "superuser")
-  create_user(
-    team:,
-    email: "hca@example.com",
-    fallback_role: "healthcare_assistant"
-  )
+  user = create_user(:nurse, team:, email: "nurse.joy@example.com")
+  create_user(:admin, team:, email: "admin.hope@example.com")
+  create_user(:superuser, team:, email: "superuser@example.com")
+  create_user(:healthcare_assistant, team:, email: "hca@example.com")
 
   attach_sample_of_schools_to(team)
 
@@ -285,7 +279,7 @@ def create_team_sessions(user, team)
 
 # CIS2 team - the ODS code and user UID need to match the values in the CIS2 env
 team = create_team(ods_code: "A9A5A")
-user = create_user(team:, uid: "555057896106")
+user = create_user(:nurse, team:, uid: "555057896106")
 
 attach_sample_of_schools_to(team)
 
