Fixes #3168 - Don't provide option to create API-Token if authentication via API token is disabled.
This commit is contained in:
parent
179b87ffe0
commit
28636727cc
6 changed files with 70 additions and 8 deletions
|
@ -64,10 +64,15 @@ class App.ControllerNavSidbar extends App.Controller
|
||||||
groupsUnsorted.push item
|
groupsUnsorted.push item
|
||||||
else
|
else
|
||||||
match = false
|
match = false
|
||||||
for permissionName in item.permission
|
if typeof item.permission is 'function'
|
||||||
if !match && @permissionCheck(permissionName)
|
match = item.permission(@)
|
||||||
match = true
|
if match
|
||||||
groupsUnsorted.push item
|
groupsUnsorted.push item
|
||||||
|
else
|
||||||
|
for permissionName in item.permission
|
||||||
|
if !match && @permissionCheck(permissionName)
|
||||||
|
match = true
|
||||||
|
groupsUnsorted.push item
|
||||||
_.sortBy(groupsUnsorted, (item) -> return item.prio)
|
_.sortBy(groupsUnsorted, (item) -> return item.prio)
|
||||||
|
|
||||||
selectedItem: (groups) =>
|
selectedItem: (groups) =>
|
||||||
|
@ -83,10 +88,15 @@ class App.ControllerNavSidbar extends App.Controller
|
||||||
itemsUnsorted.push item
|
itemsUnsorted.push item
|
||||||
else
|
else
|
||||||
match = false
|
match = false
|
||||||
for permissionName in item.permission
|
if typeof item.permission is 'function'
|
||||||
if !match && @permissionCheck(permissionName)
|
match = item.permission(@)
|
||||||
match = true
|
if match
|
||||||
itemsUnsorted.push item
|
itemsUnsorted.push item
|
||||||
|
else
|
||||||
|
for permissionName in item.permission
|
||||||
|
if !match && @permissionCheck(permissionName)
|
||||||
|
match = true
|
||||||
|
itemsUnsorted.push item
|
||||||
|
|
||||||
group.items = _.sortBy(itemsUnsorted, (item) -> return item.prio)
|
group.items = _.sortBy(itemsUnsorted, (item) -> return item.prio)
|
||||||
|
|
||||||
|
|
|
@ -144,4 +144,13 @@ class Create extends App.ControllerModal
|
||||||
msg: App.i18n.translateContent(data.message || data.error)
|
msg: App.i18n.translateContent(data.message || data.error)
|
||||||
)
|
)
|
||||||
|
|
||||||
App.Config.set('Token Access', { prio: 3200, name: 'Token Access', parent: '#profile', target: '#profile/token_access', controller: ProfileTokenAccess, permission: ['user_preferences.access_token'] }, 'NavBarProfile')
|
App.Config.set('Token Access', {
|
||||||
|
prio: 3200,
|
||||||
|
name: 'Token Access',
|
||||||
|
parent: '#profile',
|
||||||
|
target: '#profile/token_access',
|
||||||
|
controller: ProfileTokenAccess,
|
||||||
|
permission: (controller) ->
|
||||||
|
return false if !App.Config.get('api_token_access')
|
||||||
|
return controller.permissionCheck('user_preferences.access_token')
|
||||||
|
}, 'NavBarProfile')
|
||||||
|
|
|
@ -2,6 +2,15 @@ class App.Profile extends App.ControllerNavSidbar
|
||||||
authenticateRequired: true
|
authenticateRequired: true
|
||||||
configKey: 'NavBarProfile'
|
configKey: 'NavBarProfile'
|
||||||
|
|
||||||
|
constructor: (params) ->
|
||||||
|
super
|
||||||
|
|
||||||
|
@controllerBind('config_update', (data) =>
|
||||||
|
return if data.name isnt 'api_token_access'
|
||||||
|
@render(true)
|
||||||
|
@updateNavigation(true, params)
|
||||||
|
)
|
||||||
|
|
||||||
class ProfileRouter extends App.ControllerPermanent
|
class ProfileRouter extends App.ControllerPermanent
|
||||||
requiredPermission: ['user_preferences.*']
|
requiredPermission: ['user_preferences.*']
|
||||||
|
|
||||||
|
|
10
db/migrate/20210909093800_issue_3168_token_setting.rb
Normal file
10
db/migrate/20210909093800_issue_3168_token_setting.rb
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
|
class Issue3168TokenSetting < ActiveRecord::Migration[6.0]
|
||||||
|
def change
|
||||||
|
# return if it's a new setup
|
||||||
|
return if !Setting.exists?(name: 'system_init_done')
|
||||||
|
|
||||||
|
Setting.find_by(name: 'api_token_access').update(frontend: true)
|
||||||
|
end
|
||||||
|
end
|
|
@ -2864,7 +2864,7 @@ Setting.create_if_not_exists(
|
||||||
preferences: {
|
preferences: {
|
||||||
permission: ['admin.api'],
|
permission: ['admin.api'],
|
||||||
},
|
},
|
||||||
frontend: false
|
frontend: true
|
||||||
)
|
)
|
||||||
Setting.create_if_not_exists(
|
Setting.create_if_not_exists(
|
||||||
title: 'API Password Access',
|
title: 'API Password Access',
|
||||||
|
|
|
@ -22,4 +22,28 @@ RSpec.describe 'Profile', type: :system do
|
||||||
expect(page).to have_no_css('.dropdown-menu > li > a[href="#profile"]')
|
expect(page).to have_no_css('.dropdown-menu > li > a[href="#profile"]')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "Don't provide option to create API-Token if authentication via API token is disabled #3168" do
|
||||||
|
before do
|
||||||
|
visit 'profile'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does show the navbar link Token Access based on the Setting api_token_access' do
|
||||||
|
expect(page).to have_text('Token Access')
|
||||||
|
|
||||||
|
# disable token access
|
||||||
|
visit 'system/api'
|
||||||
|
click 'label[for=api_token_access]'
|
||||||
|
|
||||||
|
visit 'profile'
|
||||||
|
expect(page).to have_no_text('Token Access')
|
||||||
|
|
||||||
|
# enable token access
|
||||||
|
visit 'system/api'
|
||||||
|
click 'label[for=api_token_access]'
|
||||||
|
|
||||||
|
visit 'profile'
|
||||||
|
expect(page).to have_text('Token Access')
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue