From 54d590491e75743f3e745b578bb1dd9300a662df Mon Sep 17 00:00:00 2001 From: Ryan Lue Date: Tue, 29 Oct 2019 18:41:12 +0800 Subject: [PATCH] Fixes issue #2608 - missing default permission ("admin.trigger") Zammad's permission model supports fine-grained permissions so that, e.g, a user may be allowed to modify triggers but not channels. Permissions are assigned to roles, which are then assigned to users. A set of default permissions is provided in `db/seeds/permissions.rb`; these are the permissions that appear in the admin interface when creating a new role and selecting which permissions it grants. Somehow, we forgot to include the "admin.trigger" permission in this default set, and no one noticed until earlier this year. Zammad Community: https://community.zammad.org/t/2584 --- .rubocop_todo.rspec.yml | 1 + ...3_issue_2608_missing_trigger_permission.rb | 13 +++++++++++ db/seeds/permissions.rb | 7 ++++++ ...ue_2608_missing_trigger_permission_spec.rb | 23 +++++++++++++++++++ 4 files changed, 44 insertions(+) create mode 100644 db/migrate/20191029101733_issue_2608_missing_trigger_permission.rb create mode 100644 spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb diff --git a/.rubocop_todo.rspec.yml b/.rubocop_todo.rspec.yml index 16389d667..f472b0eb5 100644 --- a/.rubocop_todo.rspec.yml +++ b/.rubocop_todo.rspec.yml @@ -85,6 +85,7 @@ RSpec/FilePath: - 'spec/db/migrate/issue_2345_es_attachment_max_size_in_mb_setting_lower_default_spec.rb' - 'spec/db/migrate/issue_2368_add_indices_to_histories_and_tickets_spec.rb' - 'spec/db/migrate/issue_2541_fix_notification_email_without_body_spec.rb' + - 'spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb' - 'spec/lib/import/base_factory_spec.rb' # Offense count: 60 diff --git a/db/migrate/20191029101733_issue_2608_missing_trigger_permission.rb b/db/migrate/20191029101733_issue_2608_missing_trigger_permission.rb new file mode 100644 index 000000000..d29aeb663 --- /dev/null +++ b/db/migrate/20191029101733_issue_2608_missing_trigger_permission.rb @@ -0,0 +1,13 @@ +class Issue2608MissingTriggerPermission < ActiveRecord::Migration[5.2] + def up + return if !Setting.find_by(name: 'system_init_done') + + Permission.create_if_not_exists( + name: 'admin.trigger', + note: 'Manage %s', + preferences: { + translations: ['Triggers'] + }, + ) + end +end diff --git a/db/seeds/permissions.rb b/db/seeds/permissions.rb index 70560dda7..0114af9d8 100644 --- a/db/seeds/permissions.rb +++ b/db/seeds/permissions.rb @@ -80,6 +80,13 @@ Permission.create_if_not_exists( translations: ['SLA'] }, ) +Permission.create_if_not_exists( + name: 'admin.trigger', + note: 'Manage %s', + preferences: { + translations: ['Triggers'] + }, +) Permission.create_if_not_exists( name: 'admin.scheduler', note: 'Manage %s', diff --git a/spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb b/spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb new file mode 100644 index 000000000..d088013ec --- /dev/null +++ b/spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb @@ -0,0 +1,23 @@ +require 'rails_helper' + +RSpec.describe Issue2608MissingTriggerPermission, type: :db_migration do + let(:name) { 'admin.trigger' } + + context 'when "admin.trigger" permission already exists' do + before { Permission.find_or_create_by(name: name) } + + it 'does nothing' do + expect { migrate }.not_to change(Permission, :count) + end + end + + context 'when "admin.trigger" permission does not exist' do + before { Permission.find_by(name: name)&.destroy } + + it 'creates it' do + expect { migrate } + .to change(Permission, :count).by(1) + .and change { Permission.exists?(name: name) }.to(true) + end + end +end