Fix event rating favoriting (my_rating always null for JWT users)#11621
Merged
Conversation
…scope handling The RateEvent mutation was saving ratings correctly, but the mutation response always returned my_rating: null for SPA users because EventRatingPolicy#read? was blocking all OAuth/bearer token requests (the SPA uses JWT bearer tokens). Apollo would then write my_rating: null into its normalized cache, leaving the star unselected. - EventRatingPolicy#read? now gates on oauth_scope?(:read_signups) instead of blanket-blocking all doorkeeper tokens; manage? gates on manage_signups - The Scope class follows the same pattern for read_signups - EventRating dataloader source now queries EventRating.where(user_con_profile:) directly rather than through the AR association proxy - Updated scope descriptions in en.json to mention favorites and queues - Added mutation tests and updated policy tests with proper FakeToken helpers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
MockLink is a class, not a namespace; MockedResponse must be imported directly from @apollo/client/testing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The comma was in the wrong place — wait: 30 was being passed as the assert failure message rather than as a Capybara timeout option, so the navbar check was timing out at the default ~2s. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
prettyprint and other vendored gems emit "literal string will be frozen in the future" warnings on Ruby 4.0. Warning[:performance] = false silences them before any requires run. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…frozen string warnings Warning[:performance] = false does not suppress the prettyprint "literal string will be frozen" warning in practice — the warning isn't routed through that category. Overriding Warning#warn directly is reliable regardless of Ruby version or warning category. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The prettyprint 0.2.0 gem on RubyGems was published without frozen_string_literal: true, but the v0.2.0 tag on GitHub has it. Pointing Bundler at the git tag uses the correct version and eliminates the Ruby 4.0 warnings without needing to intercept Warning#warn globally. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Browser console messages were empty on the page weight flake because Chrome timed out before any JS ran. Logging the URL and page source should reveal whether the issue is a Rails error, blank page, etc. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… test Ferrum's default timeout is 5s. The root path "/" triggers a CMS root_page DB lookup that doesn't happen for /events/... paths; on a slow CI runner (after multiple truncations) this can silently time out, leaving Chrome at about:blank. Two fixes: - Raise Ferrum timeout to 30s so navigation errors surface properly - Retry visit "/" once if Chrome is still at about:blank after the first attempt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
Code Coverage Report: Only Changed Files listed
Minimum allowed coverage is |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
EventRatingPolicy#read?was delegating tomanage?, which had a blanketreturn false if doorkeeper_tokencheck. Since the SPA authenticates via JWT bearer tokens (which Doorkeeper treats as OAuth tokens),my_ratingalways returnednilfor logged-in users. The rating was being saved correctly, but the mutation response containedmy_rating: null, which Apollo wrote into its normalized cache — leaving the star unselected and the rating invisible until a hard reload (which still showed null for the same reason).read?to gate onoauth_scope?(:read_signups)andmanage?to gate onoauth_scope?(:manage_signups), consistent with how other personal-data policies in the codebase work. The SPA already requests both scopes at login, so no forced re-auth is needed.EventRatingdataloader source to queryEventRating.where(user_con_profile:, ...)directly rather than through the AR association proxy, which is a cleaner pattern for dataloader sources.read_signupsandmanage_signupsscope descriptions inen.jsonto mention favorites and queues.Test plan
bundle exec ruby -Itest test/policies/event_rating_policy_test.rb test/graphql/mutations/rate_event_test.rbpassesFixes #11614
🤖 Generated with Claude Code