Maintenance: Provide allow_signup column to define the signup permissions for roles and disable new permissions by default as signup permission.
This commit is contained in:
parent
5e94f786fd
commit
f0462d4c20
5 changed files with 116 additions and 44 deletions
|
@ -222,13 +222,12 @@ returns
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_default_at_signup_permissions
|
def check_default_at_signup_permissions
|
||||||
all_permissions = Permission.all.pluck(:id)
|
return true if !default_at_signup
|
||||||
admin_permissions = Permission.where('name LIKE ? OR name = ?', 'admin%', 'ticket.agent').pluck(:id) # admin.*/ticket.agent permissions
|
|
||||||
normal_permissions = (all_permissions - admin_permissions) | (admin_permissions - all_permissions) # all other permissions besides admin.*/ticket.agent
|
|
||||||
return true if default_at_signup != true # means if default_at_signup = false, no need further checks
|
|
||||||
return true if self.permission_ids.all? { |i| normal_permissions.include? i } # allow user to choose only normal permissions
|
|
||||||
|
|
||||||
raise Exceptions::UnprocessableEntity, 'Cannot set default at signup when role has admin or ticket.agent permissions.'
|
forbidden_permissions = permissions.reject(&:allow_signup)
|
||||||
|
return true if forbidden_permissions.blank?
|
||||||
|
|
||||||
|
raise Exceptions::UnprocessableEntity, "Cannot set default at signup when role has #{forbidden_permissions.join(', ')} permissions."
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -132,6 +132,7 @@ class CreateBase < ActiveRecord::Migration[4.2]
|
||||||
t.string :note, limit: 500, null: true
|
t.string :note, limit: 500, null: true
|
||||||
t.string :preferences, limit: 10_000, null: true
|
t.string :preferences, limit: 10_000, null: true
|
||||||
t.boolean :active, null: false, default: true
|
t.boolean :active, null: false, default: true
|
||||||
|
t.boolean :allow_signup, null: false, default: false
|
||||||
t.timestamps limit: 3, null: false
|
t.timestamps limit: 3, null: false
|
||||||
end
|
end
|
||||||
add_index :permissions, [:name], unique: true
|
add_index :permissions, [:name], unique: true
|
||||||
|
|
31
db/migrate/20201005113317_role_signup_column.rb
Normal file
31
db/migrate/20201005113317_role_signup_column.rb
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
class RoleSignupColumn < ActiveRecord::Migration[5.2]
|
||||||
|
def change
|
||||||
|
|
||||||
|
# return if it's a new setup
|
||||||
|
return if !Setting.exists?(name: 'system_init_done')
|
||||||
|
|
||||||
|
add_column :permissions, :allow_signup, :boolean, null: false, default: false
|
||||||
|
|
||||||
|
signup_permissions = [
|
||||||
|
'user_preferences',
|
||||||
|
'user_preferences.password',
|
||||||
|
'user_preferences.notifications',
|
||||||
|
'user_preferences.access_token',
|
||||||
|
'user_preferences.language',
|
||||||
|
'user_preferences.linked_accounts',
|
||||||
|
'user_preferences.device',
|
||||||
|
'user_preferences.avatar',
|
||||||
|
'user_preferences.calendar',
|
||||||
|
'user_preferences.out_of_office',
|
||||||
|
'ticket.customer',
|
||||||
|
]
|
||||||
|
|
||||||
|
Permission.where(name: signup_permissions).update(allow_signup: true)
|
||||||
|
|
||||||
|
Role.where(default_at_signup: true).find_each do |role|
|
||||||
|
role.permissions.where.not(name: signup_permissions).find_each do |permission|
|
||||||
|
role.permission_revoke(permission.name)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -266,6 +266,7 @@ Permission.create_if_not_exists(
|
||||||
name: 'user_preferences',
|
name: 'user_preferences',
|
||||||
note: 'User Preferences',
|
note: 'User Preferences',
|
||||||
preferences: {},
|
preferences: {},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'user_preferences.password',
|
name: 'user_preferences.password',
|
||||||
|
@ -273,6 +274,7 @@ Permission.create_if_not_exists(
|
||||||
preferences: {
|
preferences: {
|
||||||
translations: ['Password']
|
translations: ['Password']
|
||||||
},
|
},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'user_preferences.notifications',
|
name: 'user_preferences.notifications',
|
||||||
|
@ -281,6 +283,7 @@ Permission.create_if_not_exists(
|
||||||
translations: ['Notifications'],
|
translations: ['Notifications'],
|
||||||
required: ['ticket.agent'],
|
required: ['ticket.agent'],
|
||||||
},
|
},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'user_preferences.access_token',
|
name: 'user_preferences.access_token',
|
||||||
|
@ -288,6 +291,7 @@ Permission.create_if_not_exists(
|
||||||
preferences: {
|
preferences: {
|
||||||
translations: ['Token Access']
|
translations: ['Token Access']
|
||||||
},
|
},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'user_preferences.language',
|
name: 'user_preferences.language',
|
||||||
|
@ -295,6 +299,7 @@ Permission.create_if_not_exists(
|
||||||
preferences: {
|
preferences: {
|
||||||
translations: ['Language']
|
translations: ['Language']
|
||||||
},
|
},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'user_preferences.linked_accounts',
|
name: 'user_preferences.linked_accounts',
|
||||||
|
@ -302,6 +307,7 @@ Permission.create_if_not_exists(
|
||||||
preferences: {
|
preferences: {
|
||||||
translations: ['Linked Accounts']
|
translations: ['Linked Accounts']
|
||||||
},
|
},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'user_preferences.device',
|
name: 'user_preferences.device',
|
||||||
|
@ -309,6 +315,7 @@ Permission.create_if_not_exists(
|
||||||
preferences: {
|
preferences: {
|
||||||
translations: ['Devices']
|
translations: ['Devices']
|
||||||
},
|
},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'user_preferences.avatar',
|
name: 'user_preferences.avatar',
|
||||||
|
@ -316,6 +323,7 @@ Permission.create_if_not_exists(
|
||||||
preferences: {
|
preferences: {
|
||||||
translations: ['Avatar']
|
translations: ['Avatar']
|
||||||
},
|
},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'user_preferences.calendar',
|
name: 'user_preferences.calendar',
|
||||||
|
@ -324,6 +332,7 @@ Permission.create_if_not_exists(
|
||||||
translations: ['Calendars'],
|
translations: ['Calendars'],
|
||||||
required: ['ticket.agent'],
|
required: ['ticket.agent'],
|
||||||
},
|
},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'user_preferences.out_of_office',
|
name: 'user_preferences.out_of_office',
|
||||||
|
@ -332,6 +341,7 @@ Permission.create_if_not_exists(
|
||||||
translations: ['Out of Office'],
|
translations: ['Out of Office'],
|
||||||
required: ['ticket.agent'],
|
required: ['ticket.agent'],
|
||||||
},
|
},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
|
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
|
@ -357,6 +367,7 @@ Permission.create_if_not_exists(
|
||||||
name: 'ticket.customer',
|
name: 'ticket.customer',
|
||||||
note: 'Access to Customer Tickets based on current_user and organization',
|
note: 'Access to Customer Tickets based on current_user and organization',
|
||||||
preferences: {},
|
preferences: {},
|
||||||
|
allow_signup: true,
|
||||||
)
|
)
|
||||||
Permission.create_if_not_exists(
|
Permission.create_if_not_exists(
|
||||||
name: 'chat',
|
name: 'chat',
|
||||||
|
|
30
spec/db/migrate/role_signup_column_spec.rb
Normal file
30
spec/db/migrate/role_signup_column_spec.rb
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe RoleSignupColumn, type: :db_migration, db_strategy: :reset do
|
||||||
|
context 'when a role contains signup permissions' do
|
||||||
|
let!(:role) do
|
||||||
|
role = create(:role)
|
||||||
|
role.permission_grant('user_preferences.password')
|
||||||
|
role.permission_grant('ticket.agent')
|
||||||
|
role.update_column(:default_at_signup, true)
|
||||||
|
role
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
without_column(:permissions, column: :allow_signup)
|
||||||
|
migrate
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'has password permission' do
|
||||||
|
expect(role.reload.permissions.map(&:name)).to include('user_preferences.password')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'has no agent permission' do
|
||||||
|
expect(role.reload.permissions.map(&:name)).not_to include('ticket.agent')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'has permission with allow_signup set correctly' do
|
||||||
|
expect(Permission.find_by(name: 'user_preferences.password').allow_signup).to be true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue