From 93345553adf2546820adedaebdcf26d496ba5c0d Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Fri, 20 Oct 2017 10:58:02 +0200 Subject: [PATCH] Fixed permission check with ticket.agent lookup. --- app/models/concerns/has_groups.rb | 2 +- test/unit/user_test.rb | 46 +++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/app/models/concerns/has_groups.rb b/app/models/concerns/has_groups.rb index 9896ee3f0..a4f953458 100644 --- a/app/models/concerns/has_groups.rb +++ b/app/models/concerns/has_groups.rb @@ -303,7 +303,7 @@ module HasGroups instances = joins(group_through.name) .where( group_through.table_name => { group_id: group_id, access: access }, active: true ) - if respond_to?(:permissions?) + if method_defined?(:permissions?) permissions = Permission.with_parents('ticket.agent') instances = instances .joins(roles: :permissions) diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index c541aac87..5dc194b27 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -866,4 +866,50 @@ class UserTest < ActiveSupport::TestCase assert_equal(1, admin_count_inital) end + test 'only valid agent in group permission check' do + name = rand(999_999_999) + group = Group.create!( + name: "ValidAgentGroupPermission-#{name}", + active: true, + updated_by_id: 1, + created_by_id: 1, + ) + roles = Role.where(name: 'Agent') + agent1 = User.create_or_update( + login: "agent-default-vaild_agent_group_permission-1#{name}@example.com", + firstname: 'vaild_agent_group_permission-1', + lastname: "Agent#{name}", + email: "agent-default-vaild_agent_group_permission-1#{name}@example.com", + password: 'agentpw', + active: true, + roles: roles, + groups: [group], + updated_by_id: 1, + created_by_id: 1, + ) + agent2 = User.create_or_update( + login: "agent-default-vaild_agent_group_permission-2#{name}@example.com", + firstname: 'vaild_agent_group_permission-2', + lastname: "Agent#{name}", + email: "agent-default-vaild_agent_group_permission-2#{name}@example.com", + password: 'agentpw', + active: true, + roles: roles, + groups: [group], + updated_by_id: 1, + created_by_id: 1, + ) + assert_equal(2, User.group_access(group.id, 'full').count) + agent2.active = false + agent2.save! + assert_equal(1, User.group_access(group.id, 'full').count) + agent2.active = true + agent2.save! + assert_equal(2, User.group_access(group.id, 'full').count) + roles = Role.where(name: 'Customer') + agent2.roles = roles + agent2.save! + assert_equal(1, User.group_access(group.id, 'full').count) + end + end