Added preferences permission check.

2016-02-16 20:34:37 +01:00 · 2016-02-16 20:34:37 +01:00 · 2d88c25b36
commit 2d88c25b36
parent a20c6e438a
2 changed files with 83 additions and 10 deletions
--- a/app/assets/javascripts/app/controllers/_application_controller_generic.coffee
+++ b/app/assets/javascripts/app/controllers/_application_controller_generic.coffee
@ -353,12 +353,22 @@ class App.ControllerNavSidbar extends App.ControllerContent
    @params = params
-    # get groups
+    # get accessable groups
    roles = App.Session.get('roles')
    groups = App.Config.get(@configKey)
    groupsUnsorted = []
-    for key, value of groups
+    for key, item of groups
-      if !value.controller
+      if !item.controller
-        groupsUnsorted.push value
+        if !item.role
          groupsUnsorted.push item
        else
          match = _.include(item.role, 'Anybody')
          if !match
            for role in roles
              if !match
                match = _.include(item.role, role.name)
          if match
            groupsUnsorted.push item
    @groupsSorted = _.sortBy(groupsUnsorted, (item) -> return item.prio)
@ -366,10 +376,19 @@ class App.ControllerNavSidbar extends App.ControllerContent
    for group in @groupsSorted
      items = App.Config.get(@configKey)
      itemsUnsorted = []
-      for key, value of items
+      for key, item of items
-        if value.controller
+        if item.parent is group.target
-          if value.parent is group.target
+          if item.controller
-            itemsUnsorted.push value
+            if !item.role
              itemsUnsorted.push item
            else
              match = _.include(item.role, 'Anybody')
              if !match
                for role in roles
                  if !match
                    match = _.include(item.role, role.name)
              if match
                itemsUnsorted.push item
      group.items = _.sortBy(itemsUnsorted, (item) -> return item.prio)
--- a/test/browser/prefereces_test.rb
+++ b/test/browser/prefereces_test.rb
@ -2,6 +2,60 @@
 require 'browser_test_helper'
 class PreferencesTest < TestCase
  def test_permission_agent
    @browser = browser_instance
    login(
      username: 'master@example.com',
      password: 'test',
      url: browser_url,
    )
    click( css: 'a[href="#current_user"]' )
    click( css: 'a[href="#profile"]' )
    match(
      css: '.content .NavBarProfile',
      value: 'Password',
    )
    match(
      css: '.content .NavBarProfile',
      value: 'Language',
    )
    match(
      css: '.content .NavBarProfile',
      value: 'Notifications',
    )
    match(
      css: '.content .NavBarProfile',
      value: 'Calendar',
    )
  end
  def test_permission_customer
    @browser = browser_instance
    login(
      username: 'nicole.braun@zammad.org',
      password: 'test',
      url: browser_url,
    )
    click( css: 'a[href="#current_user"]' )
    click( css: 'a[href="#profile"]' )
    match(
      css: '.content .NavBarProfile',
      value: 'Password',
    )
    match(
      css: '.content .NavBarProfile',
      value: 'Language',
    )
    match_not(
      css: '.content .NavBarProfile',
      value: 'Notifications',
    )
    match_not(
      css: '.content .NavBarProfile',
      value: 'Calendar',
    )
  end
  def test_preferences
    @browser = browser_instance
    login(