Fixed issue #2893 - Granted field access gets redacted by a later (alphabetically) permission.
This commit is contained in:
parent
f9a26d7254
commit
9472af70f1
2 changed files with 61 additions and 4 deletions
|
@ -508,11 +508,24 @@ returns:
|
||||||
data[:screen] = {}
|
data[:screen] = {}
|
||||||
item.screens.each do |screen, permission_options|
|
item.screens.each do |screen, permission_options|
|
||||||
data[:screen][screen] = {}
|
data[:screen][screen] = {}
|
||||||
|
|
||||||
|
if permission_options['-all-']
|
||||||
|
data[:screen][screen] = permission_options['-all-']
|
||||||
|
next
|
||||||
|
end
|
||||||
|
|
||||||
permission_options.each do |permission, options|
|
permission_options.each do |permission, options|
|
||||||
if permission == '-all-'
|
next if !user&.permissions?(permission)
|
||||||
data[:screen][screen] = options
|
|
||||||
elsif user&.permissions?(permission)
|
options.each do |key, value|
|
||||||
data[:screen][screen] = options
|
if [true, false].include?(data[:screen][screen][key])
|
||||||
|
data[:screen][screen][key] = data[:screen][screen][key].nil? ? false : data[:screen][screen][key]
|
||||||
|
if options[key]
|
||||||
|
data[:screen][screen][key] = true
|
||||||
|
end
|
||||||
|
else
|
||||||
|
data[:screen][screen][key] = value
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,6 +1,18 @@
|
||||||
require 'rails_helper'
|
require 'rails_helper'
|
||||||
|
|
||||||
RSpec.describe ObjectManager::Attribute, type: :model do
|
RSpec.describe ObjectManager::Attribute, type: :model do
|
||||||
|
|
||||||
|
let(:user_attribute_permissions) do
|
||||||
|
create(:user, roles: [role_attribute_permissions])
|
||||||
|
end
|
||||||
|
|
||||||
|
let(:role_attribute_permissions) do
|
||||||
|
create(:role).tap do |role|
|
||||||
|
role.permission_grant('admin.organization')
|
||||||
|
role.permission_grant('ticket.agent')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'callbacks' do
|
describe 'callbacks' do
|
||||||
context 'for setting default values on local data options' do
|
context 'for setting default values on local data options' do
|
||||||
let(:subject) { described_class.new }
|
let(:subject) { described_class.new }
|
||||||
|
@ -106,4 +118,36 @@ RSpec.describe ObjectManager::Attribute, type: :model do
|
||||||
end.not_to raise_error
|
end.not_to raise_error
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'attribute permissions', db_strategy: :reset do
|
||||||
|
it 'merges attribute permissions' do
|
||||||
|
create(:object_manager_attribute_text, screens: { create: { 'admin.organization': { shown: true }, 'ticket.agent': { shown: false } } }, name: 'test_permissions')
|
||||||
|
|
||||||
|
migration = described_class.migration_execute
|
||||||
|
expect(migration).to be true
|
||||||
|
|
||||||
|
attribute = described_class.by_object('Ticket', user_attribute_permissions).detect { |attr| attr[:name] == 'test_permissions' }
|
||||||
|
expect(attribute[:screen]['create']['shown']).to be true
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'overwrites permissions if all get set' do
|
||||||
|
create(:object_manager_attribute_text, screens: { create: { '-all-': { shown: true }, 'admin.organization': { shown: false }, 'ticket.agent': { shown: false } } }, name: 'test_permissions_all')
|
||||||
|
|
||||||
|
migration = described_class.migration_execute
|
||||||
|
expect(migration).to be true
|
||||||
|
|
||||||
|
attribute = described_class.by_object('Ticket', user_attribute_permissions).detect { |attr| attr[:name] == 'test_permissions_all' }
|
||||||
|
expect(attribute[:screen]['create']['shown']).to be true
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is able to handle other values than true or false' do
|
||||||
|
create(:object_manager_attribute_text, screens: { create: { '-all-': { shown: true, item_class: 'column' }, 'admin.organization': { shown: false }, 'ticket.agent': { shown: false } } }, name: 'test_permissions_item')
|
||||||
|
|
||||||
|
migration = described_class.migration_execute
|
||||||
|
expect(migration).to be true
|
||||||
|
|
||||||
|
attribute = described_class.by_object('Ticket', user_attribute_permissions).detect { |attr| attr[:name] == 'test_permissions_item' }
|
||||||
|
expect(attribute[:screen]['create']['item_class']).to eq('column')
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue