Fixes issue #2608 - missing default permission ("admin.trigger")

Zammad's permission model supports fine-grained permissions so that, e.g, a user may be allowed to modify triggers but not channels. Permissions are assigned to roles, which are then assigned to users. A set of default permissions is provided in `db/seeds/permissions.rb`; these are the permissions that appear in the admin interface when creating a new role and selecting which permissions it grants. Somehow, we forgot to include the "admin.trigger" permission in this default set, and no one noticed until earlier this year. Zammad Community: https://community.zammad.org/t/2584
2019-10-29 18:41:12 +08:00 · 2019-10-29 18:41:12 +08:00 · 54d590491e
parent f204b89fe3
commit 54d590491e
4 changed files with 44 additions and 0 deletions
--- a/.rubocop_todo.rspec.yml
+++ b/.rubocop_todo.rspec.yml
@ -85,6 +85,7 @@ RSpec/FilePath:
    - 'spec/db/migrate/issue_2345_es_attachment_max_size_in_mb_setting_lower_default_spec.rb'
    - 'spec/db/migrate/issue_2368_add_indices_to_histories_and_tickets_spec.rb'
    - 'spec/db/migrate/issue_2541_fix_notification_email_without_body_spec.rb'
+    - 'spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb'
    - 'spec/lib/import/base_factory_spec.rb'

 # Offense count: 60
--- a/db/migrate/20191029101733_issue_2608_missing_trigger_permission.rb
+++ b/db/migrate/20191029101733_issue_2608_missing_trigger_permission.rb
@ -0,0 +1,13 @@
+class Issue2608MissingTriggerPermission < ActiveRecord::Migration[5.2]
+  def up
+    return if !Setting.find_by(name: 'system_init_done')
+
+    Permission.create_if_not_exists(
+      name:        'admin.trigger',
+      note:        'Manage %s',
+      preferences: {
+        translations: ['Triggers']
+      },
+    )
+  end
+end
--- a/db/seeds/permissions.rb
+++ b/db/seeds/permissions.rb
@ -80,6 +80,13 @@ Permission.create_if_not_exists(
    translations: ['SLA']
  },
 )
+Permission.create_if_not_exists(
+  name:        'admin.trigger',
+  note:        'Manage %s',
+  preferences: {
+    translations: ['Triggers']
+  },
+)
 Permission.create_if_not_exists(
  name:        'admin.scheduler',
  note:        'Manage %s',
--- a/spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb
+++ b/spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb
@ -0,0 +1,23 @@
+require 'rails_helper'
+
+RSpec.describe Issue2608MissingTriggerPermission, type: :db_migration do
+  let(:name) { 'admin.trigger' }
+
+  context 'when "admin.trigger" permission already exists' do
+    before { Permission.find_or_create_by(name: name) }
+
+    it 'does nothing' do
+      expect { migrate }.not_to change(Permission, :count)
+    end
+  end
+
+  context 'when "admin.trigger" permission does not exist' do
+    before { Permission.find_by(name: name)&.destroy }
+
+    it 'creates it' do
+      expect { migrate }
+        .to change(Permission, :count).by(1)
+        .and change { Permission.exists?(name: name) }.to(true)
+    end
+  end
+end