Fixed issue #839 - Dont allow "none" admin user.
This commit is contained in:
Rolf Schmidt
parent
7db9f5e3c0
commit
9f1a2e902c
3 changed files with 91 additions and 1 deletions
|
|
@ -87,6 +87,7 @@ class App.ControllerGenericEdit extends App.ControllerModal
|
||||||
ui.close()
|
ui.close()
|
||||||
|
|
||||||
fail: (settings, details) ->
|
fail: (settings, details) ->
|
||||||
|
App[ ui.genericObject ].fetch(id: @id)
|
||||||
ui.log 'errors'
|
ui.log 'errors'
|
||||||
ui.formEnable(e)
|
ui.formEnable(e)
|
||||||
ui.controller.showAlert(details.error_human || details.error || 'Unable to update object!')
|
ui.controller.showAlert(details.error_human || details.error || 'Unable to update object!')
|
||||||
|
|
|
||||||
|
|
@ -45,7 +45,7 @@ class User < ApplicationModel
|
||||||
after_destroy :avatar_destroy
|
after_destroy :avatar_destroy
|
||||||
|
|
||||||
has_and_belongs_to_many :groups, after_add: :cache_update, after_remove: :cache_update, class_name: 'Group'
|
has_and_belongs_to_many :groups, after_add: :cache_update, after_remove: :cache_update, class_name: 'Group'
|
||||||
has_and_belongs_to_many :roles, after_add: [:cache_update, :check_notifications], after_remove: :cache_update, before_add: :validate_agent_limit, class_name: 'Role'
|
has_and_belongs_to_many :roles, after_add: [:cache_update, :check_notifications], after_remove: :cache_update, before_add: :validate_agent_limit, before_remove: :last_admin_check, class_name: 'Role'
|
||||||
has_and_belongs_to_many :organizations, after_add: :cache_update, after_remove: :cache_update, class_name: 'Organization'
|
has_and_belongs_to_many :organizations, after_add: :cache_update, after_remove: :cache_update, class_name: 'Organization'
|
||||||
#has_many :permissions, class_name: 'Permission', through: :roles, class_name: 'Role'
|
#has_many :permissions, class_name: 'Permission', through: :roles, class_name: 'Role'
|
||||||
has_many :tokens, after_add: :cache_update, after_remove: :cache_update
|
has_many :tokens, after_add: :cache_update, after_remove: :cache_update
|
||||||
|
|
@ -860,6 +860,27 @@ returns
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
=begin
|
||||||
|
|
||||||
|
checks if the current user is the last one
|
||||||
|
with admin permissions.
|
||||||
|
|
||||||
|
Raises
|
||||||
|
|
||||||
|
raise 'Minimum one user need to have admin permissions'
|
||||||
|
|
||||||
|
=end
|
||||||
|
|
||||||
|
def last_admin_check(role)
|
||||||
|
ticket_admin_role_ids = Role.joins(:permissions).where(permissions: { name: ['admin', 'admin.user'] }).pluck(:id)
|
||||||
|
count = User.joins(:roles).where(roles: { id: ticket_admin_role_ids }, users: { active: true }).count
|
||||||
|
if ticket_admin_role_ids.include?(role.id)
|
||||||
|
count -= 1
|
||||||
|
end
|
||||||
|
|
||||||
|
raise Exceptions::UnprocessableEntity, 'Minimum one user needs to have admin permissions.' if count < 1
|
||||||
|
end
|
||||||
|
|
||||||
def validate_agent_limit(role)
|
def validate_agent_limit(role)
|
||||||
return if !Setting.get('system_agent_limit')
|
return if !Setting.get('system_agent_limit')
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -544,4 +544,72 @@ class UserTest < ActiveSupport::TestCase
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'min admin permission check' do
|
||||||
|
User.with_permissions('admin').each(&:destroy)
|
||||||
|
|
||||||
|
# store current admin count
|
||||||
|
admin_count_inital = User.with_permissions('admin').count
|
||||||
|
assert_equal(0, admin_count_inital)
|
||||||
|
|
||||||
|
# create two admin users
|
||||||
|
random = rand(999_999_999)
|
||||||
|
admin1 = User.create_or_update(
|
||||||
|
login: "1admin-role#{random}@example.com",
|
||||||
|
firstname: 'Role',
|
||||||
|
lastname: "Admin#{random}",
|
||||||
|
email: "admin-role#{random}@example.com",
|
||||||
|
password: 'adminpw',
|
||||||
|
active: true,
|
||||||
|
roles: Role.where(name: %w(Admin Agent)),
|
||||||
|
updated_by_id: 1,
|
||||||
|
created_by_id: 1,
|
||||||
|
)
|
||||||
|
|
||||||
|
random = rand(999_999_999)
|
||||||
|
admin2 = User.create_or_update(
|
||||||
|
login: "2admin-role#{random}@example.com",
|
||||||
|
firstname: 'Role',
|
||||||
|
lastname: "Admin#{random}",
|
||||||
|
email: "admin-role#{random}@example.com",
|
||||||
|
password: 'adminpw',
|
||||||
|
active: true,
|
||||||
|
roles: Role.where(name: %w(Admin Agent)),
|
||||||
|
updated_by_id: 1,
|
||||||
|
created_by_id: 1,
|
||||||
|
)
|
||||||
|
|
||||||
|
random = rand(999_999_999)
|
||||||
|
admin3 = User.create_or_update(
|
||||||
|
login: "2admin-role#{random}@example.com",
|
||||||
|
firstname: 'Role',
|
||||||
|
lastname: "Admin#{random}",
|
||||||
|
email: "admin-role#{random}@example.com",
|
||||||
|
password: 'adminpw',
|
||||||
|
active: true,
|
||||||
|
roles: Role.where(name: %w(Admin Agent)),
|
||||||
|
updated_by_id: 1,
|
||||||
|
created_by_id: 1,
|
||||||
|
)
|
||||||
|
|
||||||
|
admin_count_inital = User.with_permissions('admin').count
|
||||||
|
assert_equal(3, admin_count_inital)
|
||||||
|
|
||||||
|
admin1.update_attribute(:roles, Role.where(name: %w(Agent)))
|
||||||
|
|
||||||
|
admin_count_inital = User.with_permissions('admin').count
|
||||||
|
assert_equal(2, admin_count_inital)
|
||||||
|
|
||||||
|
admin2.update_attribute(:roles, Role.where(name: %w(Agent)))
|
||||||
|
|
||||||
|
admin_count_inital = User.with_permissions('admin').count
|
||||||
|
assert_equal(1, admin_count_inital)
|
||||||
|
|
||||||
|
assert_raises(Exceptions::UnprocessableEntity) {
|
||||||
|
admin3.update_attribute(:roles, Role.where(name: %w(Agent)))
|
||||||
|
}
|
||||||
|
|
||||||
|
admin_count_inital = User.with_permissions('admin').count
|
||||||
|
assert_equal(1, admin_count_inital)
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue