Refactor

app/contracts/concerns/requires_admin_guard.rb

@@ -35,6 +35,9 @@ module RequiresAdminGuard
 
   module_function
 
+  # Adds an error if user is archived or not an admin.
+  #
+  # Can be used from outside like +RequiresAdminGuard.validate_admin_only(user, errors)+
   def validate_admin_only(user, errors)
     unless user.admin? && user.active?
       errors.add :base, :error_unauthorized

app/models/project.rb

@@ -403,9 +403,9 @@ class Project < ApplicationRecord
   end
 
   def allowed_actions
-    @actions_allowed ||= allowed_permissions
-                           .map { |permission| OpenProject::AccessControl.allowed_actions(permission) }
-                           .flatten
+    @allowed_actions ||= allowed_permissions.flat_map do |permission|
+      OpenProject::AccessControl.allowed_actions(permission)
+    end
   end
 
   def remove_white_spaces_from_project_name

app/models/role.rb

@@ -183,9 +183,9 @@ class Role < ApplicationRecord
   end
 
   def allowed_actions
-    @actions_allowed ||= allowed_permissions.map do |permission|
+    @allowed_actions ||= allowed_permissions.flat_map do |permission|
       OpenProject::AccessControl.allowed_actions(permission)
-    end.flatten
+    end
   end
 
   def check_deletable

config/initializers/permissions.rb

@@ -37,9 +37,9 @@ Rails.application.reloader.to_prepare do
 
       map.permission :create_backup,
                      {
-                     admin: %i[index],
-                     'admin/backups': %i[delete_token perform_token_reset reset_token show]
-                   },
+                       admin: %i[index],
+                       'admin/backups': %i[delete_token perform_token_reset reset_token show]
+                     },
                      require: :loggedin,
                      global: true,
                      enabled: -> { OpenProject::Configuration.backup_enabled? }

spec/factories/member_factory.rb

@@ -32,11 +32,7 @@
 #   user    = create(:user)
 #   role    = create(:role, permissions: [:view_wiki_pages, :edit_wiki_pages])
 #
-#   member = create(:member, user: user, project: project)
-#   member.role_ids = [role.id]
-#   member.save!
-#
-# It looks like you cannot create member_role models directly.
+#   member = create(:member, user: user, project: project, roles: [role])
 
 FactoryBot.define do
   factory :member do
@@ -46,12 +42,12 @@ FactoryBot.define do
       user { nil }
     end
 
-    callback(:after_build) do |member, options|
-      member.principal ||= options.user || build(:user)
+    after(:build) do |member, evaluator|
+      member.principal ||= evaluator.user || build(:user)
     end
 
-    callback(:after_stub) do |member, options|
-      member.principal ||= options.user || build_stubbed(:user)
+    after(:stub) do |member, evaluator|
+      member.principal ||= evaluator.user || build_stubbed(:user)
     end
   end
 

spec/factories/role_factory.rb

@@ -51,10 +51,10 @@ FactoryBot.define do
 
       initialize_with do
         role =
-          if Role.where(name:).exists?
+          if Role.exists?(name:)
             Role.find_by(name:)
           else
-            Role.create name: name
+            Role.create(name:)
           end
 
         role.add_permission!(*permissions.reject { |p| role.permissions.include?(p) })