Fixes #4035 - Core Workflow: Does show wrong field list if you only have admin permissions and not ticket.agent permissions.

This commit is contained in:
Rolf Schmidt 2022-04-08 12:18:19 +02:00
parent e667b48a1b
commit b85bd1fe79
10 changed files with 121 additions and 14 deletions

View file

@ -94,10 +94,11 @@ class App.UiElement.ApplicationSelector
operator: [__('is in working time'), __('is not in working time')]
else
for row in App[groupMeta.model].configure_attributes
attributesByObject = App.ObjectManagerAttribute.selectorAttributesByObject()
configureAttributes = attributesByObject[groupMeta.model] || []
for config in configureAttributes
# ignore passwords and relations
if row.type isnt 'password' && row.name.substr(row.name.length-4,4) isnt '_ids' && row.searchable isnt false
config = _.clone(row)
if config.type isnt 'password' && config.name.substr(config.name.length-4,4) isnt '_ids' && config.searchable isnt false
if config.tag is 'textarea'
config.expanding = false
if config.type is 'email' || config.type is 'tel'

View file

@ -147,13 +147,14 @@ class App.UiElement.core_workflow_condition extends App.UiElement.ApplicationSel
multiple: true
}
for row in App[groupMeta.model].configure_attributes
continue if !_.contains(['input', 'textarea', 'richtext', 'multiselect', 'select', 'integer', 'boolean', 'active', 'tree_select', 'autocompletion_ajax'], row.tag)
continue if groupKey is 'ticket' && _.contains(['number', 'title'], row.name)
attributesByObject = App.ObjectManagerAttribute.selectorAttributesByObject()
configureAttributes = attributesByObject[groupMeta.model] || []
for config in configureAttributes
continue if !_.contains(['input', 'textarea', 'richtext', 'multiselect', 'select', 'integer', 'boolean', 'active', 'tree_select', 'autocompletion_ajax'], config.tag)
continue if groupKey is 'ticket' && _.contains(['number', 'title'], config.name)
# ignore passwords and relations
if row.type isnt 'password' && row.name.substr(row.name.length-4,4) isnt '_ids' && row.searchable isnt false
config = _.clone(row)
if config.type isnt 'password' && config.name.substr(config.name.length-4,4) isnt '_ids' && config.searchable isnt false
if config.tag is 'textarea'
config.expanding = false
if /^((multi)?select)$/.test(config.tag)

View file

@ -63,14 +63,15 @@ class App.UiElement.core_workflow_perform extends App.UiElement.ApplicationSelec
elements['custom.module'] = { name: 'module', display: __('Module'), tag: 'select', multiple: true, options: options, null: false, operator: ['execute'] }
continue
for row in App[groupMeta.model].configure_attributes
continue if !_.contains(['input', 'textarea', 'select', 'multiselect', 'integer', 'boolean', 'tree_select', 'date', 'datetime'], row.tag)
continue if _.contains(['created_at', 'updated_at'], row.name)
continue if groupKey is 'ticket' && _.contains(['number', 'organization_id', 'title', 'escalation_at', 'first_response_escalation_at', 'update_escalation_at', 'close_escalation_at', 'last_contact_at', 'last_contact_agent_at', 'last_contact_customer_at', 'first_response_at', 'close_at'], row.name)
attributesByObject = App.ObjectManagerAttribute.selectorAttributesByObject()
configureAttributes = attributesByObject[groupMeta.model] || []
for config in configureAttributes
continue if !_.contains(['input', 'textarea', 'select', 'multiselect', 'integer', 'boolean', 'tree_select', 'date', 'datetime'], config.tag)
continue if _.contains(['created_at', 'updated_at'], config.name)
continue if groupKey is 'ticket' && _.contains(['number', 'organization_id', 'title', 'escalation_at', 'first_response_escalation_at', 'update_escalation_at', 'close_escalation_at', 'last_contact_at', 'last_contact_agent_at', 'last_contact_customer_at', 'first_response_at', 'close_at'], config.name)
# ignore passwords and relations
if row.type isnt 'password' && row.name.substr(row.name.length-4,4) isnt '_ids' && row.searchable isnt false
config = _.clone(row)
if config.type isnt 'password' && config.name.substr(config.name.length-4,4) isnt '_ids' && config.searchable isnt false
if config.tag is 'boolean'
config.tag = 'select'
if /^(tree_|multi)?select$/.test(config.tag)

View file

@ -11,3 +11,30 @@ class App.ObjectManagerAttribute extends App.Model
{ name: 'updated_at', display: __('Updated'), tag: 'datetime', readonly: 1 },
{ name: 'position', display: __('Position'), tag: 'integer', type: 'number', limit: 100, null: true },
]
# This function will return all attributes
# based on the frontend model attributes combined
# with object manager attributes which are merged like
# in app/models/object_manager/element/backend.rb.
@selectorAttributesByObject: ->
result = {}
for row in @all()
continue if !row.object
config = _.clone(row)
config.tag = config.data_type
config = Object.assign({}, config, config.data_option) if config.data_option
result[config.object] ||= []
result[config.object].push(config)
for object in Object.keys(result)
continue if !App[object]
continue if !App[object].configure_attributes
names = _.map(result[object], (row) -> row.name)
for row in App[object].configure_attributes
continue if _.contains(names, row.name)
result[object].push(_.clone(row))
result

View file

@ -0,0 +1,14 @@
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
module SessionHelper::CollectionObjectManagerAttribute
module_function
def session(collections, assets, user)
return [collections, assets] if !user.permissions?('admin.*')
collections[ ObjectManager::Attribute.to_app_model ] = ObjectManager::Attribute.list_full
[collections, assets]
end
end

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -23,5 +23,9 @@ FactoryBot.define do
trait :admin do
permissions { Permission.where(name: 'admin') }
end
trait :admin_core_workflow do
permissions { Permission.where(name: 'admin.core_workflow') }
end
end
end

View file

@ -0,0 +1,32 @@
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
require 'rails_helper'
RSpec.describe SessionHelper do
describe 'Core Workflow: Does show wrong field list if you only have admin permissions and not ticket.agent permissions #4035' do
context 'when user has admin.core_workflow permissions' do
let(:core_workflow_role) { create(:role, :admin_core_workflow) }
let(:user) { create(:user, role_ids: [core_workflow_role.id]) }
it 'does provide assets for application selector ui element' do
expect(described_class.json_hash(user)[:collections][ObjectManager::Attribute.to_app_model]).to be_truthy
end
end
context 'when user has ticket.agent permissions' do
let(:user) { create(:agent) }
it 'does provide assets for application selector ui element' do
expect(described_class.json_hash(user)[:collections][ObjectManager::Attribute.to_app_model]).to be_falsey
end
end
context 'when user has customer permissions' do
let(:user) { create(:customer) }
it 'does provide assets for application selector ui element' do
expect(described_class.json_hash(user)[:collections][ObjectManager::Attribute.to_app_model]).to be_falsey
end
end
end
end