Fixes #4035 - Core Workflow: Does show wrong field list if you only have admin permissions and not ticket.agent permissions.
This commit is contained in:
parent
e667b48a1b
commit
b85bd1fe79
10 changed files with 121 additions and 14 deletions
|
@ -94,10 +94,11 @@ class App.UiElement.ApplicationSelector
|
|||
operator: [__('is in working time'), __('is not in working time')]
|
||||
|
||||
else
|
||||
for row in App[groupMeta.model].configure_attributes
|
||||
attributesByObject = App.ObjectManagerAttribute.selectorAttributesByObject()
|
||||
configureAttributes = attributesByObject[groupMeta.model] || []
|
||||
for config in configureAttributes
|
||||
# ignore passwords and relations
|
||||
if row.type isnt 'password' && row.name.substr(row.name.length-4,4) isnt '_ids' && row.searchable isnt false
|
||||
config = _.clone(row)
|
||||
if config.type isnt 'password' && config.name.substr(config.name.length-4,4) isnt '_ids' && config.searchable isnt false
|
||||
if config.tag is 'textarea'
|
||||
config.expanding = false
|
||||
if config.type is 'email' || config.type is 'tel'
|
||||
|
|
|
@ -147,13 +147,14 @@ class App.UiElement.core_workflow_condition extends App.UiElement.ApplicationSel
|
|||
multiple: true
|
||||
}
|
||||
|
||||
for row in App[groupMeta.model].configure_attributes
|
||||
continue if !_.contains(['input', 'textarea', 'richtext', 'multiselect', 'select', 'integer', 'boolean', 'active', 'tree_select', 'autocompletion_ajax'], row.tag)
|
||||
continue if groupKey is 'ticket' && _.contains(['number', 'title'], row.name)
|
||||
attributesByObject = App.ObjectManagerAttribute.selectorAttributesByObject()
|
||||
configureAttributes = attributesByObject[groupMeta.model] || []
|
||||
for config in configureAttributes
|
||||
continue if !_.contains(['input', 'textarea', 'richtext', 'multiselect', 'select', 'integer', 'boolean', 'active', 'tree_select', 'autocompletion_ajax'], config.tag)
|
||||
continue if groupKey is 'ticket' && _.contains(['number', 'title'], config.name)
|
||||
|
||||
# ignore passwords and relations
|
||||
if row.type isnt 'password' && row.name.substr(row.name.length-4,4) isnt '_ids' && row.searchable isnt false
|
||||
config = _.clone(row)
|
||||
if config.type isnt 'password' && config.name.substr(config.name.length-4,4) isnt '_ids' && config.searchable isnt false
|
||||
if config.tag is 'textarea'
|
||||
config.expanding = false
|
||||
if /^((multi)?select)$/.test(config.tag)
|
||||
|
|
|
@ -63,14 +63,15 @@ class App.UiElement.core_workflow_perform extends App.UiElement.ApplicationSelec
|
|||
elements['custom.module'] = { name: 'module', display: __('Module'), tag: 'select', multiple: true, options: options, null: false, operator: ['execute'] }
|
||||
continue
|
||||
|
||||
for row in App[groupMeta.model].configure_attributes
|
||||
continue if !_.contains(['input', 'textarea', 'select', 'multiselect', 'integer', 'boolean', 'tree_select', 'date', 'datetime'], row.tag)
|
||||
continue if _.contains(['created_at', 'updated_at'], row.name)
|
||||
continue if groupKey is 'ticket' && _.contains(['number', 'organization_id', 'title', 'escalation_at', 'first_response_escalation_at', 'update_escalation_at', 'close_escalation_at', 'last_contact_at', 'last_contact_agent_at', 'last_contact_customer_at', 'first_response_at', 'close_at'], row.name)
|
||||
attributesByObject = App.ObjectManagerAttribute.selectorAttributesByObject()
|
||||
configureAttributes = attributesByObject[groupMeta.model] || []
|
||||
for config in configureAttributes
|
||||
continue if !_.contains(['input', 'textarea', 'select', 'multiselect', 'integer', 'boolean', 'tree_select', 'date', 'datetime'], config.tag)
|
||||
continue if _.contains(['created_at', 'updated_at'], config.name)
|
||||
continue if groupKey is 'ticket' && _.contains(['number', 'organization_id', 'title', 'escalation_at', 'first_response_escalation_at', 'update_escalation_at', 'close_escalation_at', 'last_contact_at', 'last_contact_agent_at', 'last_contact_customer_at', 'first_response_at', 'close_at'], config.name)
|
||||
|
||||
# ignore passwords and relations
|
||||
if row.type isnt 'password' && row.name.substr(row.name.length-4,4) isnt '_ids' && row.searchable isnt false
|
||||
config = _.clone(row)
|
||||
if config.type isnt 'password' && config.name.substr(config.name.length-4,4) isnt '_ids' && config.searchable isnt false
|
||||
if config.tag is 'boolean'
|
||||
config.tag = 'select'
|
||||
if /^(tree_|multi)?select$/.test(config.tag)
|
||||
|
|
|
@ -11,3 +11,30 @@ class App.ObjectManagerAttribute extends App.Model
|
|||
{ name: 'updated_at', display: __('Updated'), tag: 'datetime', readonly: 1 },
|
||||
{ name: 'position', display: __('Position'), tag: 'integer', type: 'number', limit: 100, null: true },
|
||||
]
|
||||
|
||||
# This function will return all attributes
|
||||
# based on the frontend model attributes combined
|
||||
# with object manager attributes which are merged like
|
||||
# in app/models/object_manager/element/backend.rb.
|
||||
@selectorAttributesByObject: ->
|
||||
result = {}
|
||||
for row in @all()
|
||||
continue if !row.object
|
||||
|
||||
config = _.clone(row)
|
||||
config.tag = config.data_type
|
||||
config = Object.assign({}, config, config.data_option) if config.data_option
|
||||
|
||||
result[config.object] ||= []
|
||||
result[config.object].push(config)
|
||||
|
||||
for object in Object.keys(result)
|
||||
continue if !App[object]
|
||||
continue if !App[object].configure_attributes
|
||||
|
||||
names = _.map(result[object], (row) -> row.name)
|
||||
for row in App[object].configure_attributes
|
||||
continue if _.contains(names, row.name)
|
||||
result[object].push(_.clone(row))
|
||||
|
||||
result
|
||||
|
|
14
lib/session_helper/collection_object_manager_attribute.rb
Normal file
14
lib/session_helper/collection_object_manager_attribute.rb
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
||||
|
||||
module SessionHelper::CollectionObjectManagerAttribute
|
||||
|
||||
module_function
|
||||
|
||||
def session(collections, assets, user)
|
||||
return [collections, assets] if !user.permissions?('admin.*')
|
||||
|
||||
collections[ ObjectManager::Attribute.to_app_model ] = ObjectManager::Attribute.list_full
|
||||
|
||||
[collections, assets]
|
||||
end
|
||||
end
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -23,5 +23,9 @@ FactoryBot.define do
|
|||
trait :admin do
|
||||
permissions { Permission.where(name: 'admin') }
|
||||
end
|
||||
|
||||
trait :admin_core_workflow do
|
||||
permissions { Permission.where(name: 'admin.core_workflow') }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
32
spec/lib/session_helper_spec.rb
Normal file
32
spec/lib/session_helper_spec.rb
Normal file
|
@ -0,0 +1,32 @@
|
|||
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe SessionHelper do
|
||||
describe 'Core Workflow: Does show wrong field list if you only have admin permissions and not ticket.agent permissions #4035' do
|
||||
context 'when user has admin.core_workflow permissions' do
|
||||
let(:core_workflow_role) { create(:role, :admin_core_workflow) }
|
||||
let(:user) { create(:user, role_ids: [core_workflow_role.id]) }
|
||||
|
||||
it 'does provide assets for application selector ui element' do
|
||||
expect(described_class.json_hash(user)[:collections][ObjectManager::Attribute.to_app_model]).to be_truthy
|
||||
end
|
||||
end
|
||||
|
||||
context 'when user has ticket.agent permissions' do
|
||||
let(:user) { create(:agent) }
|
||||
|
||||
it 'does provide assets for application selector ui element' do
|
||||
expect(described_class.json_hash(user)[:collections][ObjectManager::Attribute.to_app_model]).to be_falsey
|
||||
end
|
||||
end
|
||||
|
||||
context 'when user has customer permissions' do
|
||||
let(:user) { create(:customer) }
|
||||
|
||||
it 'does provide assets for application selector ui element' do
|
||||
expect(described_class.json_hash(user)[:collections][ObjectManager::Attribute.to_app_model]).to be_falsey
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue