Fixed issue #839 - Dont allow "none" admin user.
This commit is contained in:
parent
7db9f5e3c0
commit
9f1a2e902c
3 changed files with 91 additions and 1 deletions
|
@ -87,6 +87,7 @@ class App.ControllerGenericEdit extends App.ControllerModal
|
|||
ui.close()
|
||||
|
||||
fail: (settings, details) ->
|
||||
App[ ui.genericObject ].fetch(id: @id)
|
||||
ui.log 'errors'
|
||||
ui.formEnable(e)
|
||||
ui.controller.showAlert(details.error_human || details.error || 'Unable to update object!')
|
||||
|
|
|
@ -45,7 +45,7 @@ class User < ApplicationModel
|
|||
after_destroy :avatar_destroy
|
||||
|
||||
has_and_belongs_to_many :groups, after_add: :cache_update, after_remove: :cache_update, class_name: 'Group'
|
||||
has_and_belongs_to_many :roles, after_add: [:cache_update, :check_notifications], after_remove: :cache_update, before_add: :validate_agent_limit, class_name: 'Role'
|
||||
has_and_belongs_to_many :roles, after_add: [:cache_update, :check_notifications], after_remove: :cache_update, before_add: :validate_agent_limit, before_remove: :last_admin_check, class_name: 'Role'
|
||||
has_and_belongs_to_many :organizations, after_add: :cache_update, after_remove: :cache_update, class_name: 'Organization'
|
||||
#has_many :permissions, class_name: 'Permission', through: :roles, class_name: 'Role'
|
||||
has_many :tokens, after_add: :cache_update, after_remove: :cache_update
|
||||
|
@ -860,6 +860,27 @@ returns
|
|||
}
|
||||
end
|
||||
|
||||
=begin
|
||||
|
||||
checks if the current user is the last one
|
||||
with admin permissions.
|
||||
|
||||
Raises
|
||||
|
||||
raise 'Minimum one user need to have admin permissions'
|
||||
|
||||
=end
|
||||
|
||||
def last_admin_check(role)
|
||||
ticket_admin_role_ids = Role.joins(:permissions).where(permissions: { name: ['admin', 'admin.user'] }).pluck(:id)
|
||||
count = User.joins(:roles).where(roles: { id: ticket_admin_role_ids }, users: { active: true }).count
|
||||
if ticket_admin_role_ids.include?(role.id)
|
||||
count -= 1
|
||||
end
|
||||
|
||||
raise Exceptions::UnprocessableEntity, 'Minimum one user needs to have admin permissions.' if count < 1
|
||||
end
|
||||
|
||||
def validate_agent_limit(role)
|
||||
return if !Setting.get('system_agent_limit')
|
||||
|
||||
|
|
|
@ -544,4 +544,72 @@ class UserTest < ActiveSupport::TestCase
|
|||
|
||||
end
|
||||
|
||||
test 'min admin permission check' do
|
||||
User.with_permissions('admin').each(&:destroy)
|
||||
|
||||
# store current admin count
|
||||
admin_count_inital = User.with_permissions('admin').count
|
||||
assert_equal(0, admin_count_inital)
|
||||
|
||||
# create two admin users
|
||||
random = rand(999_999_999)
|
||||
admin1 = User.create_or_update(
|
||||
login: "1admin-role#{random}@example.com",
|
||||
firstname: 'Role',
|
||||
lastname: "Admin#{random}",
|
||||
email: "admin-role#{random}@example.com",
|
||||
password: 'adminpw',
|
||||
active: true,
|
||||
roles: Role.where(name: %w(Admin Agent)),
|
||||
updated_by_id: 1,
|
||||
created_by_id: 1,
|
||||
)
|
||||
|
||||
random = rand(999_999_999)
|
||||
admin2 = User.create_or_update(
|
||||
login: "2admin-role#{random}@example.com",
|
||||
firstname: 'Role',
|
||||
lastname: "Admin#{random}",
|
||||
email: "admin-role#{random}@example.com",
|
||||
password: 'adminpw',
|
||||
active: true,
|
||||
roles: Role.where(name: %w(Admin Agent)),
|
||||
updated_by_id: 1,
|
||||
created_by_id: 1,
|
||||
)
|
||||
|
||||
random = rand(999_999_999)
|
||||
admin3 = User.create_or_update(
|
||||
login: "2admin-role#{random}@example.com",
|
||||
firstname: 'Role',
|
||||
lastname: "Admin#{random}",
|
||||
email: "admin-role#{random}@example.com",
|
||||
password: 'adminpw',
|
||||
active: true,
|
||||
roles: Role.where(name: %w(Admin Agent)),
|
||||
updated_by_id: 1,
|
||||
created_by_id: 1,
|
||||
)
|
||||
|
||||
admin_count_inital = User.with_permissions('admin').count
|
||||
assert_equal(3, admin_count_inital)
|
||||
|
||||
admin1.update_attribute(:roles, Role.where(name: %w(Agent)))
|
||||
|
||||
admin_count_inital = User.with_permissions('admin').count
|
||||
assert_equal(2, admin_count_inital)
|
||||
|
||||
admin2.update_attribute(:roles, Role.where(name: %w(Agent)))
|
||||
|
||||
admin_count_inital = User.with_permissions('admin').count
|
||||
assert_equal(1, admin_count_inital)
|
||||
|
||||
assert_raises(Exceptions::UnprocessableEntity) {
|
||||
admin3.update_attribute(:roles, Role.where(name: %w(Agent)))
|
||||
}
|
||||
|
||||
admin_count_inital = User.with_permissions('admin').count
|
||||
assert_equal(1, admin_count_inital)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue