From db2eb161b17fb94eb4c8e1ad05d3eff3b5f57c2b Mon Sep 17 00:00:00 2001
From: Mantas <mantas@idev.lt>
Date: Tue, 15 May 2018 19:15:38 +0300
Subject: [PATCH] Fixes #2012 granular and full group permissions

---
 .../_ui_element/user_permission.coffee        | 15 +++++
 app/models/user_group.rb                      | 16 +++++
 script/build/test_slice_tests.sh              |  6 ++
 .../admin_drag_drop_to_new_group_test.rb      | 12 ----
 ...admin_permissions_granular_vs_full_test.rb | 58 +++++++++++++++++++
 test/browser_test_helper.rb                   | 14 +++++
 test/unit/user_group_test.rb                  | 44 ++++++++++++++
 7 files changed, 153 insertions(+), 12 deletions(-)
 create mode 100644 test/browser/admin_permissions_granular_vs_full_test.rb
 create mode 100644 test/unit/user_group_test.rb

diff --git a/app/assets/javascripts/app/controllers/_ui_element/user_permission.coffee b/app/assets/javascripts/app/controllers/_ui_element/user_permission.coffee
index 0d2d051e6..988024155 100644
--- a/app/assets/javascripts/app/controllers/_ui_element/user_permission.coffee
+++ b/app/assets/javascripts/app/controllers/_ui_element/user_permission.coffee
@@ -80,6 +80,21 @@ class App.UiElement.user_permission
       groupAccesses: App.Group.accesses()
     ) )
 
+    throttled = _.throttle( (e) ->
+      input = $(@).find('input')
+      upcoming_state = !input.prop('checked')
+      value = input.val()
+      console.log(upcoming_state)
+      console.log(value)
+
+      if value is 'full' and upcoming_state is true
+        $(@).closest('tr').find('input:not([value=full])').prop('checked', false)
+      else if value isnt 'full' and upcoming_state is true
+        $(@).closest('tr').find('input[value=full]').prop('checked', false)
+    , 300, { trailing: false })
+
+    item.on('click', '.checkbox-replacement', throttled)
+
     # if customer, remove admin and agent
     item.find('[name=role_ids]').bind('change', (e) ->
       element = $(e.currentTarget)
diff --git a/app/models/user_group.rb b/app/models/user_group.rb
index 0629ede0c..d7419c2da 100644
--- a/app/models/user_group.rb
+++ b/app/models/user_group.rb
@@ -22,4 +22,20 @@ class UserGroup < ApplicationModel
     user.cache_update(nil)
     super
   end
+
+  private
+
+  def validate_access
+    query = self.class.where(group: group, user: user)
+
+    query = if access == 'full'
+              query.where.not(access: 'full')
+            else
+              query.where(access: 'full')
+            end
+
+    errors.add(:access, 'User can have full or granular access to group') if query.exists?
+  end
+
+  validate :validate_access
 end
diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index 79aed7e63..08c5ff28e 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -20,6 +20,7 @@ if [ "$LEVEL" == '1' ]; then
   rm test/browser/admin_object_manager_test.rb
   rm test/browser/admin_object_manager_tree_select_test.rb
   rm test/browser/admin_overview_test.rb
+  rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   # test/browser/agent_navigation_and_title_test.rb
   # test/browser/agent_organization_profile_test.rb
@@ -91,6 +92,7 @@ elif [ "$LEVEL" == '2' ]; then
   rm test/browser/admin_object_manager_test.rb
   rm test/browser/admin_object_manager_tree_select_test.rb
   rm test/browser/admin_overview_test.rb
+  rm test/browser/admin_permissions_granular_vs_full_test.rb
   #rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
@@ -162,6 +164,7 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/admin_object_manager_test.rb
   rm test/browser/admin_object_manager_tree_select_test.rb
   rm test/browser/admin_overview_test.rb
+  rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
@@ -233,6 +236,7 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/admin_object_manager_test.rb
   rm test/browser/admin_object_manager_tree_select_test.rb
   rm test/browser/admin_overview_test.rb
+  rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
@@ -303,6 +307,7 @@ elif [ "$LEVEL" == '5' ]; then
   # test/browser/admin_object_manager_test.rb
   # test/browser/admin_object_manager_tree_select_test.rb
   # test/browser/admin_overview_test.rb
+  # rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
@@ -376,6 +381,7 @@ elif [ "$LEVEL" == '6' ]; then
   rm test/browser/admin_object_manager_test.rb
   rm test/browser/admin_object_manager_tree_select_test.rb
   rm test/browser/admin_overview_test.rb
+  rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
diff --git a/test/browser/admin_drag_drop_to_new_group_test.rb b/test/browser/admin_drag_drop_to_new_group_test.rb
index 7629b2248..bc6900a50 100644
--- a/test/browser/admin_drag_drop_to_new_group_test.rb
+++ b/test/browser/admin_drag_drop_to_new_group_test.rb
@@ -90,16 +90,4 @@ class AdminDragDropToNewGroupTest < TestCase
     users_in_group = @browser.find_elements(css: '.js-batch-assign-group-inner .batch-overlay-assign-entry[data-action=user_assign]')
     assert_equal(1, users_in_group.count)
   end
-
-  private
-
-  def toggle_checkbox(scope, value)
-    checkbox = scope.find_element(css: "input[value=#{value}]")
-
-    @browser
-      .action
-      .move_to(checkbox, 0, 10)
-      .click
-      .perform
-  end
 end
diff --git a/test/browser/admin_permissions_granular_vs_full_test.rb b/test/browser/admin_permissions_granular_vs_full_test.rb
new file mode 100644
index 000000000..688698edc
--- /dev/null
+++ b/test/browser/admin_permissions_granular_vs_full_test.rb
@@ -0,0 +1,58 @@
+require 'browser_test_helper'
+
+class AdminPermissionsGranularVsFullTest < TestCase
+  def test_permissions_selecting
+    new_group_name = "permissions_test_group#{rand(99_999_999)}"
+    @browser = browser_instance
+    login(
+      username: 'master@example.com',
+      password: 'test',
+      url: browser_url,
+    )
+    tasks_close_all()
+
+    click(css: '.user-menu a[title=Admin')
+    click(css: '.content.active a[href="#manage/groups"]')
+    click(css: '.content.active a[data-type="new"]')
+
+    modal_ready
+
+    element = @browser.find_element(css: '.modal input[name=name]')
+    element.clear
+    element.send_keys(new_group_name)
+    click(css: '.modal button.js-submit')
+
+    sleep(1)
+
+    click(css: '.content.active a[href="#manage/users"]')
+
+    user_css = '.user-list .js-tableBody tr td'
+    watch_for(css: user_css)
+    click(css: user_css)
+
+    modal_ready
+
+    scroll_script = "var el = document.getElementsByClassName('modal')[0];"
+    scroll_script += 'el.scrollTo(0, el.scrollHeight);'
+
+    @browser.execute_script scroll_script
+
+    group = @browser.find_elements(css: '.modal .settings-list tbody tr').find do |el|
+      el.find_element(css: 'td').text == new_group_name
+    end
+
+    toggle_checkbox(group, 'full')
+    sleep(1)
+    assert(checkbox_is_selected(group, 'full'))
+
+    toggle_checkbox(group, 'read')
+    sleep(1)
+    assert(!checkbox_is_selected(group, 'full'))
+    assert(checkbox_is_selected(group, 'read'))
+
+    toggle_checkbox(group, 'full')
+    sleep(1)
+    assert(checkbox_is_selected(group, 'full'))
+    assert(!checkbox_is_selected(group, 'read'))
+  end
+end
diff --git a/test/browser_test_helper.rb b/test/browser_test_helper.rb
index 6d854669a..2141e3020 100644
--- a/test/browser_test_helper.rb
+++ b/test/browser_test_helper.rb
@@ -3871,4 +3871,18 @@ wait untill text in selector disabppears
       container: original_element
     )
   end
+
+  def toggle_checkbox(scope, value)
+    checkbox = scope.find_element(css: "input[value=#{value}]")
+
+    @browser
+      .action
+      .move_to(checkbox)
+      .click
+      .perform
+  end
+
+  def checkbox_is_selected(scope, value)
+    scope.find_element(css: "input[value=#{value}]").property('checked')
+  end
 end
diff --git a/test/unit/user_group_test.rb b/test/unit/user_group_test.rb
new file mode 100644
index 000000000..d7a98fc92
--- /dev/null
+++ b/test/unit/user_group_test.rb
@@ -0,0 +1,44 @@
+require 'test_helper'
+
+class UserGroupTest < ActiveSupport::TestCase
+  test 'user group permissions' do
+    rand = rand(9_999_999_999)
+    agent1 = User.create!(
+      login: "agent-permission-check#{rand}@example.com",
+      firstname: 'vaild_agent_group_permission-1',
+      lastname: 'Agent',
+      email: "agent-permission-check#{rand}@example.com",
+      password: 'agentpw',
+      active: true,
+      roles: Role.where(name: 'Agent'),
+      groups: Group.all,
+      updated_by_id: 1,
+      created_by_id: 1,
+    )
+
+    group1 = Group.create!(
+      name: "GroupPermissionsTest-#{rand(9_999_999_999)}",
+      active: true,
+      updated_by_id: 1,
+      created_by_id: 1,
+    )
+
+    assert_nothing_raised do
+      UserGroup.create!(user: agent1, group: group1, access: 'full')
+    end
+
+    assert_raises do
+      UserGroup.create!(user: agent1, group: group1, access: 'read')
+    end
+
+    UserGroup.where(user: agent1, group: group1).destroy_all
+
+    assert_nothing_raised do
+      UserGroup.create!(user: agent1, group: group1, access: 'read')
+    end
+
+    assert_raises do
+      UserGroup.create!(user: agent1, group: group1, access: 'full')
+    end
+  end
+end