Fixes issue #2608 - missing default permission ("admin.trigger")

Zammad's permission model supports fine-grained permissions
so that, e.g, a user may be allowed to modify triggers but not channels.
Permissions are assigned to roles, which are then assigned to users.

A set of default permissions is provided in `db/seeds/permissions.rb`;
these are the permissions that appear in the admin interface
when creating a new role and selecting which permissions it grants.

Somehow, we forgot to include the "admin.trigger" permission in this
default set, and no one noticed until earlier this year.

Zammad Community: https://community.zammad.org/t/2584
This commit is contained in:
Ryan Lue 2019-10-29 18:41:12 +08:00 committed by Thorsten Eckel
parent f204b89fe3
commit 54d590491e
4 changed files with 44 additions and 0 deletions

View file

@ -85,6 +85,7 @@ RSpec/FilePath:
- 'spec/db/migrate/issue_2345_es_attachment_max_size_in_mb_setting_lower_default_spec.rb'
- 'spec/db/migrate/issue_2368_add_indices_to_histories_and_tickets_spec.rb'
- 'spec/db/migrate/issue_2541_fix_notification_email_without_body_spec.rb'
- 'spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb'
- 'spec/lib/import/base_factory_spec.rb'
# Offense count: 60

View file

@ -0,0 +1,13 @@
class Issue2608MissingTriggerPermission < ActiveRecord::Migration[5.2]
def up
return if !Setting.find_by(name: 'system_init_done')
Permission.create_if_not_exists(
name: 'admin.trigger',
note: 'Manage %s',
preferences: {
translations: ['Triggers']
},
)
end
end

View file

@ -80,6 +80,13 @@ Permission.create_if_not_exists(
translations: ['SLA']
},
)
Permission.create_if_not_exists(
name: 'admin.trigger',
note: 'Manage %s',
preferences: {
translations: ['Triggers']
},
)
Permission.create_if_not_exists(
name: 'admin.scheduler',
note: 'Manage %s',

View file

@ -0,0 +1,23 @@
require 'rails_helper'
RSpec.describe Issue2608MissingTriggerPermission, type: :db_migration do
let(:name) { 'admin.trigger' }
context 'when "admin.trigger" permission already exists' do
before { Permission.find_or_create_by(name: name) }
it 'does nothing' do
expect { migrate }.not_to change(Permission, :count)
end
end
context 'when "admin.trigger" permission does not exist' do
before { Permission.find_by(name: name)&.destroy }
it 'creates it' do
expect { migrate }
.to change(Permission, :count).by(1)
.and change { Permission.exists?(name: name) }.to(true)
end
end
end