From ca41cdcf52fd41a91c2d1b827dc9f4c20781fadd Mon Sep 17 00:00:00 2001
From: Caio Almeida <117518+caiosba@users.noreply.github.com>
Date: Thu, 7 Nov 2024 16:03:54 -0300
Subject: [PATCH] Feature flag for data dashboard (#2123)

Feature flag for data dashboard: Make sure that only super-admins can access the `statistics` field.

Reference: CV2-5401.
---
 app/graph/types/team_type.rb                  |  1 +
 .../controllers/graphql_controller_11_test.rb | 26 +++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/app/graph/types/team_type.rb b/app/graph/types/team_type.rb
index 25a2d1547..80ad198b0 100644
--- a/app/graph/types/team_type.rb
+++ b/app/graph/types/team_type.rb
@@ -397,6 +397,7 @@ def api_keys
   end
 
   def statistics(period:, language: nil, platform: nil)
+    return nil unless User.current&.is_admin
     TeamStatistics.new(object, period, language, platform)
   end
 end
diff --git a/test/controllers/graphql_controller_11_test.rb b/test/controllers/graphql_controller_11_test.rb
index 08eb5ded8..5e5c544f6 100644
--- a/test/controllers/graphql_controller_11_test.rb
+++ b/test/controllers/graphql_controller_11_test.rb
@@ -201,8 +201,8 @@ def teardown
     end
   end
 
-  test "should get team statistics" do
-    user = create_user
+  test "should get team statistics if super admin" do
+    user = create_user is_admin: true
     team = create_team
     create_team_user user: user, team: team, role: 'admin'
 
@@ -244,6 +244,28 @@ def teardown
 
     post :create, params: { query: query }
     assert_response :success
+    assert_not_nil JSON.parse(@response.body).dig('data', 'team', 'statistics')
+  end
+
+  test "should not get team statistics if not super admin" do
+    user = create_user is_admin: false
+    team = create_team
+    create_team_user user: user, team: team, role: 'admin'
+
+    authenticate_with_user(user)
+    query = <<~GRAPHQL
+      query {
+        team(slug: "#{team.slug}") {
+          statistics(period: "past_week", platform: "whatsapp", language: "en") {
+            number_of_articles_created_by_date
+          }
+        }
+      }
+    GRAPHQL
+
+    post :create, params: { query: query }
+    assert_response :success
+    assert_nil JSON.parse(@response.body).dig('data', 'team', 'statistics')
   end
 
   test "should not get requests if interval is more than one month" do