From 18711a28bd45993a0323eefa265519d37bc9082d Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Mon, 3 Apr 2017 23:38:55 +0200 Subject: [PATCH] Fixed issue #920 - Unable to create users with admin.user permission. --- .../object_manager_attribute.coffee | 18 +- .../javascripts/app/controllers/logout.coffee | 2 +- app/controllers/sessions_controller.rb | 2 +- app/models/object_manager/attribute.rb | 21 +- ...3000001_fixed_admin_user_permission_920.rb | 767 ++++++++++++++++++ db/seeds.rb | 68 +- 6 files changed, 830 insertions(+), 48 deletions(-) create mode 100644 db/migrate/20170403000001_fixed_admin_user_permission_920.rb diff --git a/app/assets/javascripts/app/controllers/_ui_element/object_manager_attribute.coffee b/app/assets/javascripts/app/controllers/_ui_element/object_manager_attribute.coffee index 41b280202..c960fc2a9 100644 --- a/app/assets/javascripts/app/controllers/_ui_element/object_manager_attribute.coffee +++ b/app/assets/javascripts/app/controllers/_ui_element/object_manager_attribute.coffee @@ -47,14 +47,14 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi object = params.object objects = Ticket: - Customer: + 'ticket.customer': create_middle: shown: true required: false edit: shown: true required: false - Agent: + 'ticket.agent': create_middle: shown: true required: false @@ -62,7 +62,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi shown: true required: false User: - Customer: + 'ticket.customer': create: shown: true required: false @@ -71,7 +71,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi signup: shown: false required: false - Agent: + 'ticket.agent': create: shown: true required: false @@ -83,7 +83,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi invite_customer: show: false required: false - Admin: + 'admin.group': create: shown: true required: false @@ -99,10 +99,10 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi show: false required: false Organization: - Customer: + 'ticket.customer': view: shown: true - Agent: + 'ticket.agent': create: shown: true required: false @@ -111,7 +111,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi required: false view: shown: true - Admin: + 'admin.group': create: shown: true required: false @@ -121,7 +121,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi view: shown: true Group: - Admin: + 'admin.group': create: shown: true required: false diff --git a/app/assets/javascripts/app/controllers/logout.coffee b/app/assets/javascripts/app/controllers/logout.coffee index 73b9fd04e..7fb2b1bd1 100644 --- a/app/assets/javascripts/app/controllers/logout.coffee +++ b/app/assets/javascripts/app/controllers/logout.coffee @@ -5,4 +5,4 @@ class Index extends App.ControllerContent App.Auth.logout() App.Config.set('logout', Index, 'Routes') -App.Config.set('Logout', { prio: 1800, parent: '#current_user', name: 'Sign out', translate: true, target: '#logout', divider: true, iconClass: 'signout', role: [ 'Agent', 'Customer' ] }, 'NavBarRight') +App.Config.set('Logout', { prio: 1800, parent: '#current_user', name: 'Sign out', translate: true, target: '#logout', divider: true, iconClass: 'signout' }, 'NavBarRight') diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a7c918d5a..81b1244c1 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -196,7 +196,7 @@ class SessionsController < ApplicationController # "switch" to user def switch_to_user - permission_check('admin.session') + permission_check(['admin.session', 'admin.user']) # check user if !params[:id] diff --git a/app/models/object_manager/attribute.rb b/app/models/object_manager/attribute.rb index 243d18465..dc3ed490c 100644 --- a/app/models/object_manager/attribute.rb +++ b/app/models/object_manager/attribute.rb @@ -61,7 +61,7 @@ add a new attribute entry for an object }, }, edit: { - Agent : { + 'ticket.agent' => { required: true, }, }, @@ -384,14 +384,25 @@ returns: tag: item.data_type, #:null => item.null, } + if item.data_option[:permission] && item.data_option[:permission].any? + next if !user + hint = false + item.data_option[:permission].each { |permission| + next if !user.permissions?(permission) + hint = true + break + } + next if !hint + end + if item.screens data[:screen] = {} - item.screens.each { |screen, roles_options| + item.screens.each { |screen, permission_options| data[:screen][screen] = {} - roles_options.each { |role, options| - if role == '-all-' + permission_options.each { |permission, options| + if permission == '-all-' data[:screen][screen] = options - elsif user && user.role?(role) + elsif user && user.permissions?(permission) data[:screen][screen] = options end } diff --git a/db/migrate/20170403000001_fixed_admin_user_permission_920.rb b/db/migrate/20170403000001_fixed_admin_user_permission_920.rb new file mode 100644 index 000000000..61187f01c --- /dev/null +++ b/db/migrate/20170403000001_fixed_admin_user_permission_920.rb @@ -0,0 +1,767 @@ +class FixedAdminUserPermission920 < ActiveRecord::Migration + def up + + # return if it's a new setup + return if !Setting.find_by(name: 'system_init_done') + + ObjectManager::Attribute.add( + force: true, + object: 'Ticket', + name: 'customer_id', + display: 'Customer', + data_type: 'user_autocompletion', + data_option: { + relation: 'User', + autocapitalize: false, + multiple: false, + guess: true, + null: false, + limit: 200, + placeholder: 'Enter Person or Organization/Company', + minLengt: 2, + translate: false, + permission: ['ticket.agent'], + }, + editable: false, + active: true, + screens: { + create_top: { + '-all-' => { + null: false, + }, + }, + edit: {}, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 10, + ) + ObjectManager::Attribute.add( + force: true, + object: 'Ticket', + name: 'type', + display: 'Type', + data_type: 'select', + data_option: { + default: '', + options: { + 'Incident' => 'Incident', + 'Problem' => 'Problem', + 'Request for Change' => 'Request for Change', + }, + nulloption: true, + multiple: false, + null: true, + translate: true, + }, + editable: true, + active: false, + screens: { + create_middle: { + '-all-' => { + null: false, + item_class: 'column', + }, + }, + edit: { + 'ticket.agent' => { + null: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 20, + ) + ObjectManager::Attribute.add( + force: true, + object: 'Ticket', + name: 'group_id', + display: 'Group', + data_type: 'select', + data_option: { + default: '', + relation: 'Group', + relation_condition: { access: 'rw' }, + nulloption: true, + multiple: false, + null: false, + translate: false, + only_shown_if_selectable: true, + permission: ['ticket.agent', 'ticket.customer'], + }, + editable: false, + active: true, + screens: { + create_middle: { + '-all-' => { + null: false, + item_class: 'column', + }, + }, + edit: { + 'ticket.agent' => { + null: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 25, + ) + ObjectManager::Attribute.add( + force: true, + object: 'Ticket', + name: 'owner_id', + display: 'Owner', + data_type: 'select', + data_option: { + default: '', + relation: 'User', + relation_condition: { roles: 'Agent' }, + nulloption: true, + multiple: false, + null: true, + translate: false, + permission: ['ticket.agent'], + }, + editable: false, + active: true, + screens: { + create_middle: { + '-all-' => { + null: true, + item_class: 'column', + }, + }, + edit: { + '-all-' => { + null: true, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 30, + ) + ObjectManager::Attribute.add( + force: true, + object: 'Ticket', + name: 'state_id', + display: 'State', + data_type: 'select', + data_option: { + relation: 'TicketState', + nulloption: true, + multiple: false, + null: false, + default: Ticket::State.find_by(name: 'open').id, + translate: true, + filter: Ticket::State.by_category(:viewable).pluck(:id), + }, + editable: false, + active: true, + screens: { + create_middle: { + 'ticket.agent' => { + null: false, + item_class: 'column', + filter: Ticket::State.by_category(:viewable_agent_new).pluck(:id), + }, + 'ticket.customer' => { + item_class: 'column', + nulloption: false, + null: true, + filter: Ticket::State.by_category(:viewable_customer_new).pluck(:id), + default: Ticket::State.find_by(name: 'new').id, + }, + }, + edit: { + 'ticket.agent' => { + nulloption: false, + null: false, + filter: Ticket::State.by_category(:viewable_agent_edit).pluck(:id), + }, + 'ticket.customer' => { + nulloption: false, + null: true, + filter: Ticket::State.by_category(:viewable_customer_edit).pluck(:id), + default: Ticket::State.find_by(name: 'open').id, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 40, + ) + ObjectManager::Attribute.add( + force: true, + object: 'Ticket', + name: 'pending_time', + display: 'Pending till', + data_type: 'datetime', + data_option: { + future: true, + past: false, + diff: 24, + null: true, + translate: true, + required_if: { + state_id: Ticket::State.by_category(:pending).pluck(:id), + }, + shown_if: { + state_id: Ticket::State.by_category(:pending).pluck(:id), + }, + }, + editable: false, + active: true, + screens: { + create_middle: { + '-all-' => { + null: false, + item_class: 'column', + }, + }, + edit: { + '-all-' => { + null: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 41, + ) + ObjectManager::Attribute.add( + force: true, + object: 'Ticket', + name: 'priority_id', + display: 'Priority', + data_type: 'select', + data_option: { + relation: 'TicketPriority', + nulloption: false, + multiple: false, + null: false, + default: Ticket::Priority.find_by(name: '2 normal').id, + translate: true, + }, + editable: false, + active: true, + screens: { + create_middle: { + 'ticket.agent' => { + null: false, + item_class: 'column', + }, + }, + edit: { + 'ticket.agent' => { + null: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 80, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'Ticket', + name: 'tags', + display: 'Tags', + data_type: 'tag', + data_option: { + type: 'text', + null: true, + translate: false, + }, + editable: false, + active: true, + screens: { + create_bottom: { + 'ticket.agent' => { + null: true, + }, + }, + edit: {}, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 900, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'TicketArticle', + name: 'type_id', + display: 'Type', + data_type: 'select', + data_option: { + relation: 'TicketArticleType', + nulloption: false, + multiple: false, + null: false, + default: Ticket::Article::Type.lookup(name: 'note').id, + translate: true, + }, + editable: false, + active: true, + screens: { + create_middle: {}, + edit: { + 'ticket.agent' => { + null: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 100, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'TicketArticle', + name: 'internal', + display: 'Visibility', + data_type: 'select', + data_option: { + options: { true: 'internal', false: 'public' }, + nulloption: false, + multiple: false, + null: true, + default: false, + translate: true, + }, + editable: false, + active: true, + screens: { + create_middle: {}, + edit: { + 'ticket.agent' => { + null: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 200, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'TicketArticle', + name: 'to', + display: 'To', + data_type: 'input', + data_option: { + type: 'text', + maxlength: 1000, + null: true, + }, + editable: false, + active: true, + screens: { + create_middle: {}, + edit: { + 'ticket.agent' => { + null: true, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 300, + ) + ObjectManager::Attribute.add( + force: true, + object: 'TicketArticle', + name: 'cc', + display: 'Cc', + data_type: 'input', + data_option: { + type: 'text', + maxlength: 1000, + null: true, + }, + editable: false, + active: true, + screens: { + create_top: {}, + create_middle: {}, + edit: { + 'ticket.agent' => { + null: true, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 400, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'TicketArticle', + name: 'body', + display: 'Text', + data_type: 'richtext', + data_option: { + type: 'richtext', + maxlength: 20_000, + upload: true, + rows: 8, + null: true, + }, + editable: false, + active: true, + screens: { + create_top: { + '-all-' => { + null: false, + }, + }, + edit: { + '-all-' => { + null: true, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 600, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'User', + name: 'password', + display: 'Password', + data_type: 'input', + data_option: { + type: 'password', + maxlength: 100, + null: true, + autocomplete: 'off', + item_class: 'formGroup--halfSize', + }, + editable: false, + active: true, + screens: { + signup: { + '-all-' => { + null: false, + }, + }, + invite_agent: {}, + invite_customer: {}, + edit: { + 'admin.user' => { + null: true, + }, + }, + view: {} + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 1400, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'User', + name: 'vip', + display: 'VIP', + data_type: 'boolean', + data_option: { + null: true, + default: false, + item_class: 'formGroup--halfSize', + options: { + false: 'no', + true: 'yes', + }, + translate: true, + permission: ['admin.user', 'ticket.agent'], + }, + editable: false, + active: true, + screens: { + edit: { + '-all-' => { + null: true, + }, + }, + view: { + '-all-' => { + shown: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 1490, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'User', + name: 'role_ids', + display: 'Permissions', + data_type: 'user_permission', + data_option: { + null: false, + item_class: 'checkbox', + permission: ['admin.user'], + }, + editable: false, + active: true, + screens: { + signup: {}, + invite_agent: { + '-all-' => { + null: false, + default: [Role.lookup(name: 'Agent').id], + }, + }, + invite_customer: {}, + edit: { + '-all-' => { + null: true, + }, + }, + view: { + '-all-' => { + shown: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 1600, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'User', + name: 'active', + display: 'Active', + data_type: 'active', + data_option: { + null: true, + default: true, + permission: ['admin.user', 'ticket.agent'], + }, + editable: false, + active: true, + screens: { + signup: {}, + invite_agent: {}, + invite_customer: {}, + edit: { + '-all-' => { + null: false, + }, + }, + view: { + '-all-' => { + shown: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 1800, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'Organization', + name: 'shared', + display: 'Shared organization', + data_type: 'boolean', + data_option: { + null: true, + default: true, + note: 'Customers in the organization can view each other items.', + item_class: 'formGroup--halfSize', + options: { + true: 'yes', + false: 'no', + }, + translate: true, + permission: ['admin.organization'], + }, + editable: false, + active: true, + screens: { + edit: { + '-all-' => { + null: false, + }, + }, + view: { + '-all-' => { + shown: true, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 1400, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'Organization', + name: 'domain_assignment', + display: 'Domain based assignment', + data_type: 'boolean', + data_option: { + null: true, + default: false, + note: 'Assign Users based on users domain.', + item_class: 'formGroup--halfSize', + options: { + true: 'yes', + false: 'no', + }, + translate: true, + permission: ['admin.organization'], + }, + editable: false, + active: true, + screens: { + edit: { + '-all-' => { + null: false, + }, + }, + view: { + '-all-' => { + shown: true, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 1410, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'Organization', + name: 'active', + display: 'Active', + data_type: 'active', + data_option: { + null: true, + default: true, + permission: ['admin.organization'], + }, + editable: false, + active: true, + screens: { + edit: { + '-all-' => { + null: false, + }, + }, + view: { + '-all-' => { + shown: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 1800, + ) + + ObjectManager::Attribute.add( + force: true, + object: 'Group', + name: 'active', + display: 'Active', + data_type: 'active', + data_option: { + null: true, + default: true, + permission: ['admin.group'], + }, + editable: false, + active: true, + screens: { + create: { + '-all-' => { + null: true, + }, + }, + edit: { + '-all-': { + null: false, + }, + }, + view: { + '-all-' => { + shown: false, + }, + }, + }, + to_create: false, + to_migrate: false, + to_delete: false, + position: 1800, + ) + + map = { + Admin: 'admin', + Agent: 'ticket.agent', + Customer: 'ticket.customer', + } + ObjectManager::Attribute.all.each { |attribute| + next if attribute.screens.blank? + screens = {} + attribute.screens.each { |screen, role_value| + if role_value.blank? + screens[screen] = role_value + else + screens[screen] = {} + role_value.each { |role, value| + if map[role.to_sym] + screens[screen][map[role.to_sym]] = value + else + screens[screen][role] = value + end + } + end + } + attribute.screens = screens + attribute.save! + } + + end + +end diff --git a/db/seeds.rb b/db/seeds.rb index ccaced4bc..80fa749e5 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -3708,12 +3708,13 @@ ObjectManager::Attribute.add( placeholder: 'Enter Person or Organization/Company', minLengt: 2, translate: false, + permission: ['ticket.agent'], }, editable: false, active: true, screens: { create_top: { - Agent: { + '-all-' => { null: false, }, }, @@ -3752,7 +3753,7 @@ ObjectManager::Attribute.add( }, }, edit: { - Agent: { + 'ticket.agent' => { null: false, }, }, @@ -3777,6 +3778,7 @@ ObjectManager::Attribute.add( null: false, translate: false, only_shown_if_selectable: true, + permission: ['ticket.agent', 'ticket.customer'], }, editable: false, active: true, @@ -3788,7 +3790,7 @@ ObjectManager::Attribute.add( }, }, edit: { - Agent: { + 'ticket.agent' => { null: false, }, }, @@ -3812,18 +3814,19 @@ ObjectManager::Attribute.add( multiple: false, null: true, translate: false, + permission: ['ticket.agent'], }, editable: false, active: true, screens: { create_middle: { - Agent: { + '-all-' => { null: true, item_class: 'column', }, }, edit: { - Agent: { + '-all-' => { null: true, }, }, @@ -3852,12 +3855,12 @@ ObjectManager::Attribute.add( active: true, screens: { create_middle: { - Agent: { + 'ticket.agent' => { null: false, item_class: 'column', filter: Ticket::State.by_category(:viewable_agent_new).pluck(:id), }, - Customer: { + 'ticket.customer' => { item_class: 'column', nulloption: false, null: true, @@ -3866,12 +3869,12 @@ ObjectManager::Attribute.add( }, }, edit: { - Agent: { + 'ticket.agent' => { nulloption: false, null: false, filter: Ticket::State.by_category(:viewable_agent_edit).pluck(:id), }, - Customer: { + 'ticket.customer' => { nulloption: false, null: true, filter: Ticket::State.by_category(:viewable_customer_edit).pluck(:id), @@ -3913,7 +3916,7 @@ ObjectManager::Attribute.add( }, }, edit: { - Agent: { + '-all-' => { null: false, }, }, @@ -3941,13 +3944,13 @@ ObjectManager::Attribute.add( active: true, screens: { create_middle: { - Agent: { + 'ticket.agent' => { null: false, item_class: 'column', }, }, edit: { - Agent: { + 'ticket.agent' => { null: false, }, }, @@ -3973,7 +3976,7 @@ ObjectManager::Attribute.add( active: true, screens: { create_bottom: { - Agent: { + 'ticket.agent' => { null: true, }, }, @@ -4004,7 +4007,7 @@ ObjectManager::Attribute.add( screens: { create_middle: {}, edit: { - Agent: { + 'ticket.agent' => { null: false, }, }, @@ -4034,7 +4037,7 @@ ObjectManager::Attribute.add( screens: { create_middle: {}, edit: { - Agent: { + 'ticket.agent' => { null: false, }, }, @@ -4061,7 +4064,7 @@ ObjectManager::Attribute.add( screens: { create_middle: {}, edit: { - Agent: { + 'ticket.agent' => { null: true, }, }, @@ -4088,7 +4091,7 @@ ObjectManager::Attribute.add( create_top: {}, create_middle: {}, edit: { - Agent: { + 'ticket.agent' => { null: true, }, }, @@ -4121,12 +4124,9 @@ ObjectManager::Attribute.add( }, }, edit: { - Agent: { + '-all-' => { null: true, }, - Customer: { - null: false, - }, }, }, to_create: false, @@ -4686,7 +4686,7 @@ ObjectManager::Attribute.add( invite_agent: {}, invite_customer: {}, edit: { - Admin: { + 'admin.user' => { null: true, }, }, @@ -4713,15 +4713,13 @@ ObjectManager::Attribute.add( true: 'yes', }, translate: true, + permission: ['admin.user', 'ticket.agent'], }, editable: false, active: true, screens: { edit: { - Admin: { - null: true, - }, - Agent: { + '-all-' => { null: true, }, }, @@ -4785,6 +4783,7 @@ ObjectManager::Attribute.add( data_option: { null: false, item_class: 'checkbox', + permission: ['admin.user'], }, editable: false, active: true, @@ -4798,7 +4797,7 @@ ObjectManager::Attribute.add( }, invite_customer: {}, edit: { - Admin: { + '-all-' => { null: true, }, }, @@ -4823,6 +4822,7 @@ ObjectManager::Attribute.add( data_option: { null: true, default: true, + permission: ['admin.user', 'ticket.agent'], }, editable: false, active: true, @@ -4831,7 +4831,7 @@ ObjectManager::Attribute.add( invite_agent: {}, invite_customer: {}, edit: { - Admin: { + '-all-' => { null: false, }, }, @@ -4895,12 +4895,13 @@ ObjectManager::Attribute.add( false: 'no', }, translate: true, + permission: ['admin.organization'], }, editable: false, active: true, screens: { edit: { - Admin: { + '-all-' => { null: false, }, }, @@ -4932,12 +4933,13 @@ ObjectManager::Attribute.add( false: 'no', }, translate: true, + permission: ['admin.organization'], }, editable: false, active: true, screens: { edit: { - Admin: { + '-all-' => { null: false, }, }, @@ -5026,12 +5028,13 @@ ObjectManager::Attribute.add( data_option: { null: true, default: true, + permission: ['admin.organization'], }, editable: false, active: true, screens: { edit: { - Admin: { + '-all-' => { null: false, }, }, @@ -5302,6 +5305,7 @@ ObjectManager::Attribute.add( data_option: { null: true, default: true, + permission: ['admin.group'], }, editable: false, active: true, @@ -5312,7 +5316,7 @@ ObjectManager::Attribute.add( }, }, edit: { - Admin: { + '-all-': { null: false, }, },