From 4e06cce8767a14d574e0e3c310a7671cbd9e1243 Mon Sep 17 00:00:00 2001
From: zhouyu <zhouyu@berkeley.edu>
Date: Tue, 24 Feb 2026 14:04:40 -0800
Subject: [PATCH 1/4] Add authenticate before checking user role

---
 app/controllers/stack_pass_forms_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/stack_pass_forms_controller.rb b/app/controllers/stack_pass_forms_controller.rb
index 64c32aee..2bc34e73 100644
--- a/app/controllers/stack_pass_forms_controller.rb
+++ b/app/controllers/stack_pass_forms_controller.rb
@@ -86,6 +86,7 @@ def validate_recaptcha!
   end
 
   def require_admin!
+    authenticate!
     @user_is_admin = current_user.role?(Role.stackpass_admin)
     raise Error::ForbiddenError unless @user_is_admin
   end

From c3f5a82808a8757fef54c0624c68dbbe65df8c31 Mon Sep 17 00:00:00 2001
From: zhouyu <zhouyu@berkeley.edu>
Date: Wed, 25 Feb 2026 11:25:38 -0800
Subject: [PATCH 2/4] Add authanticate before checking role in referece-card;
 and some robocop auto correction

---
 app/controllers/reference_card_forms_controller.rb | 1 +
 spec/jobs/location/hathi_trust_job_spec.rb         | 2 --
 spec/jobs/location/world_cat_job_spec.rb           | 2 --
 spec/jobs_helper.rb                                | 2 +-
 spec/lib/tind_marc/mmsid_tind_task_spec.rb         | 2 +-
 spec/lib/tind_marc/tind_batch_task_spec.rb         | 2 +-
 spec/lib/tind_spread/tind_batch_spec.rb            | 2 --
 7 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/app/controllers/reference_card_forms_controller.rb b/app/controllers/reference_card_forms_controller.rb
index b55084b2..ed2b4611 100644
--- a/app/controllers/reference_card_forms_controller.rb
+++ b/app/controllers/reference_card_forms_controller.rb
@@ -84,6 +84,7 @@ def validate_recaptcha!
   end
 
   def require_admin!
+    authenticate!
     @user_is_admin = current_user.role?(Role.stackpass_admin)
     raise Error::ForbiddenError unless @user_is_admin
   end
diff --git a/spec/jobs/location/hathi_trust_job_spec.rb b/spec/jobs/location/hathi_trust_job_spec.rb
index 285b0f4e..b281faa3 100644
--- a/spec/jobs/location/hathi_trust_job_spec.rb
+++ b/spec/jobs/location/hathi_trust_job_spec.rb
@@ -33,7 +33,6 @@ module Location
           end
         end
 
-        # rubocop:disable RSpec/ExampleLength
         it 'completes partially-completed jobs' do
           request_records = req.location_records
 
@@ -146,7 +145,6 @@ module Location
             end
           end
         end
-        # rubocop:enable RSpec/ExampleLength
       end
     end
   end
diff --git a/spec/jobs/location/world_cat_job_spec.rb b/spec/jobs/location/world_cat_job_spec.rb
index ef716be0..aec85fe3 100644
--- a/spec/jobs/location/world_cat_job_spec.rb
+++ b/spec/jobs/location/world_cat_job_spec.rb
@@ -65,7 +65,6 @@ module Location
         end
       end
 
-      # rubocop:disable RSpec/ExampleLength
       it 'handles network errors' do
         request_records = req.location_records
 
@@ -137,7 +136,6 @@ module Location
 
         request_records.find_each(&method(:verify_wc_symbols))
       end
-      # rubocop:enable RSpec/ExampleLength
     end
   end
 end
diff --git a/spec/jobs_helper.rb b/spec/jobs_helper.rb
index 1d2706e1..49b8c2e7 100644
--- a/spec/jobs_helper.rb
+++ b/spec/jobs_helper.rb
@@ -65,7 +65,7 @@
     let(:today) { Time.now.utc.strftime('%Y%m%d') }
     let(:expected_note) { "#{today} #{note_text} [litscript]" }
 
-    it 'adds the expected note' do # rubocop:disable RSpec/NoExpectationExample
+    it 'adds the expected note' do
       stub_patron_save(patron_id, expected_note)
       job.perform_now(patron.id)
     end
diff --git a/spec/lib/tind_marc/mmsid_tind_task_spec.rb b/spec/lib/tind_marc/mmsid_tind_task_spec.rb
index 6839051c..af6e5f44 100644
--- a/spec/lib/tind_marc/mmsid_tind_task_spec.rb
+++ b/spec/lib/tind_marc/mmsid_tind_task_spec.rb
@@ -5,7 +5,7 @@ module TindMarc
 
     shared_examples 'run_and_send_email' do |type_sym|
       let(:directory) { Rails.root.join('spec/data/tind_marc/data/da/directory_collection/ucb/incoming') }
-      let(:subject) do # rubocop:disable RSpec/SubjectDeclaration
+      let(:subject) do
         { completed: "Completed to obtain TIND and MMSID information for the batch at: #{directory}",
           failed: "Critical error, cann not obtain TIND and MMSID CSV file Directory: #{directory}" }
       end
diff --git a/spec/lib/tind_marc/tind_batch_task_spec.rb b/spec/lib/tind_marc/tind_batch_task_spec.rb
index 02c082a3..c778e394 100644
--- a/spec/lib/tind_marc/tind_batch_task_spec.rb
+++ b/spec/lib/tind_marc/tind_batch_task_spec.rb
@@ -5,7 +5,7 @@ module TindMarc
     let(:tind_batch_task) { described_class.new(args, email) }
 
     shared_examples 'run_and_send_email' do |type_sym|
-      let(:subject) do # rubocop:disable RSpec/SubjectDeclaration
+      let(:subject) do
         { completed: 'Completed: Tind batch file(s) created for Air Photos - directory_collection/ucb/incoming',
           failed: 'Cannot create Tind batch, please check with support team. Directory: directory_collection/ucb/incoming' }
       end
diff --git a/spec/lib/tind_spread/tind_batch_spec.rb b/spec/lib/tind_spread/tind_batch_spec.rb
index f7d2c419..94858898 100644
--- a/spec/lib/tind_spread/tind_batch_spec.rb
+++ b/spec/lib/tind_spread/tind_batch_spec.rb
@@ -24,9 +24,7 @@
     allow(TindSpread::MakeBatch).to receive(:make_header).with(any_args).and_return("Header1,Header2\n")
     allow(TindSpread::MakeBatch).to receive(:add_row).with(any_args).and_return("Data1,Data2\n")
     allow(TindSpread::TindValidation).to receive(:validate_row).with(any_args).and_return([])
-    # rubocop:disable RSpec/MessageChain
     allow(RequestMailer).to receive_message_chain(:tind_spread_email, :deliver_now)
-    # rubocop:enable RSpec/MessageChain
   end
 
   describe '#initialize' do

From d233410e6ff52611f9b154fd8bc66aa020ea4e9f Mon Sep 17 00:00:00 2001
From: zhouyu <zhouyu@berkeley.edu>
Date: Wed, 25 Feb 2026 12:53:09 -0800
Subject: [PATCH 3/4] Revert some spec files that were automatically updated by
 rubocop -a

---
 app/controllers/reference_card_forms_controller.rb | 1 -
 spec/jobs/location/hathi_trust_job_spec.rb         | 2 ++
 spec/jobs/location/world_cat_job_spec.rb           | 2 ++
 spec/jobs_helper.rb                                | 2 +-
 spec/lib/tind_marc/mmsid_tind_task_spec.rb         | 2 +-
 spec/lib/tind_marc/tind_batch_task_spec.rb         | 2 +-
 spec/lib/tind_spread/tind_batch_spec.rb            | 2 ++
 7 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/controllers/reference_card_forms_controller.rb b/app/controllers/reference_card_forms_controller.rb
index ed2b4611..b55084b2 100644
--- a/app/controllers/reference_card_forms_controller.rb
+++ b/app/controllers/reference_card_forms_controller.rb
@@ -84,7 +84,6 @@ def validate_recaptcha!
   end
 
   def require_admin!
-    authenticate!
     @user_is_admin = current_user.role?(Role.stackpass_admin)
     raise Error::ForbiddenError unless @user_is_admin
   end
diff --git a/spec/jobs/location/hathi_trust_job_spec.rb b/spec/jobs/location/hathi_trust_job_spec.rb
index b281faa3..285b0f4e 100644
--- a/spec/jobs/location/hathi_trust_job_spec.rb
+++ b/spec/jobs/location/hathi_trust_job_spec.rb
@@ -33,6 +33,7 @@ module Location
           end
         end
 
+        # rubocop:disable RSpec/ExampleLength
         it 'completes partially-completed jobs' do
           request_records = req.location_records
 
@@ -145,6 +146,7 @@ module Location
             end
           end
         end
+        # rubocop:enable RSpec/ExampleLength
       end
     end
   end
diff --git a/spec/jobs/location/world_cat_job_spec.rb b/spec/jobs/location/world_cat_job_spec.rb
index aec85fe3..ef716be0 100644
--- a/spec/jobs/location/world_cat_job_spec.rb
+++ b/spec/jobs/location/world_cat_job_spec.rb
@@ -65,6 +65,7 @@ module Location
         end
       end
 
+      # rubocop:disable RSpec/ExampleLength
       it 'handles network errors' do
         request_records = req.location_records
 
@@ -136,6 +137,7 @@ module Location
 
         request_records.find_each(&method(:verify_wc_symbols))
       end
+      # rubocop:enable RSpec/ExampleLength
     end
   end
 end
diff --git a/spec/jobs_helper.rb b/spec/jobs_helper.rb
index 49b8c2e7..1d2706e1 100644
--- a/spec/jobs_helper.rb
+++ b/spec/jobs_helper.rb
@@ -65,7 +65,7 @@
     let(:today) { Time.now.utc.strftime('%Y%m%d') }
     let(:expected_note) { "#{today} #{note_text} [litscript]" }
 
-    it 'adds the expected note' do
+    it 'adds the expected note' do # rubocop:disable RSpec/NoExpectationExample
       stub_patron_save(patron_id, expected_note)
       job.perform_now(patron.id)
     end
diff --git a/spec/lib/tind_marc/mmsid_tind_task_spec.rb b/spec/lib/tind_marc/mmsid_tind_task_spec.rb
index af6e5f44..6839051c 100644
--- a/spec/lib/tind_marc/mmsid_tind_task_spec.rb
+++ b/spec/lib/tind_marc/mmsid_tind_task_spec.rb
@@ -5,7 +5,7 @@ module TindMarc
 
     shared_examples 'run_and_send_email' do |type_sym|
       let(:directory) { Rails.root.join('spec/data/tind_marc/data/da/directory_collection/ucb/incoming') }
-      let(:subject) do
+      let(:subject) do # rubocop:disable RSpec/SubjectDeclaration
         { completed: "Completed to obtain TIND and MMSID information for the batch at: #{directory}",
           failed: "Critical error, cann not obtain TIND and MMSID CSV file Directory: #{directory}" }
       end
diff --git a/spec/lib/tind_marc/tind_batch_task_spec.rb b/spec/lib/tind_marc/tind_batch_task_spec.rb
index c778e394..02c082a3 100644
--- a/spec/lib/tind_marc/tind_batch_task_spec.rb
+++ b/spec/lib/tind_marc/tind_batch_task_spec.rb
@@ -5,7 +5,7 @@ module TindMarc
     let(:tind_batch_task) { described_class.new(args, email) }
 
     shared_examples 'run_and_send_email' do |type_sym|
-      let(:subject) do
+      let(:subject) do # rubocop:disable RSpec/SubjectDeclaration
         { completed: 'Completed: Tind batch file(s) created for Air Photos - directory_collection/ucb/incoming',
           failed: 'Cannot create Tind batch, please check with support team. Directory: directory_collection/ucb/incoming' }
       end
diff --git a/spec/lib/tind_spread/tind_batch_spec.rb b/spec/lib/tind_spread/tind_batch_spec.rb
index 94858898..f7d2c419 100644
--- a/spec/lib/tind_spread/tind_batch_spec.rb
+++ b/spec/lib/tind_spread/tind_batch_spec.rb
@@ -24,7 +24,9 @@
     allow(TindSpread::MakeBatch).to receive(:make_header).with(any_args).and_return("Header1,Header2\n")
     allow(TindSpread::MakeBatch).to receive(:add_row).with(any_args).and_return("Data1,Data2\n")
     allow(TindSpread::TindValidation).to receive(:validate_row).with(any_args).and_return([])
+    # rubocop:disable RSpec/MessageChain
     allow(RequestMailer).to receive_message_chain(:tind_spread_email, :deliver_now)
+    # rubocop:enable RSpec/MessageChain
   end
 
   describe '#initialize' do

From 37c833f8de10544d5e6e166f45566af7e3fffc49 Mon Sep 17 00:00:00 2001
From: zhouyu <zhouyu@berkeley.edu>
Date: Wed, 25 Feb 2026 13:03:30 -0800
Subject: [PATCH 4/4] Add authanticate before checking role in referece-card
 form

---
 app/controllers/reference_card_forms_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/reference_card_forms_controller.rb b/app/controllers/reference_card_forms_controller.rb
index b55084b2..ed2b4611 100644
--- a/app/controllers/reference_card_forms_controller.rb
+++ b/app/controllers/reference_card_forms_controller.rb
@@ -84,6 +84,7 @@ def validate_recaptcha!
   end
 
   def require_admin!
+    authenticate!
     @user_is_admin = current_user.role?(Role.stackpass_admin)
     raise Error::ForbiddenError unless @user_is_admin
   end