lino.jorzick/greenlight
1
0
Fork 0
forked from External/greenlight
Code Issues Pull Requests Projects Releases Wiki Activity

GRN2-176: Create a role editor that allows admins to specify what permissions each role has (#709)

Browse Source 
* Add roles editor

* Add colour selection ability to roles

* Add ability to assign roles to users in the UI

* Remove rolify and replace it with our own custom roles implemenation

* - Fix all existing roles functionality
- Fix super admins

* Fix bugs with new customers not have default roles

* Add can't create room setting

* Code improvements

* Fix migration

* Add tests for new methods

* Translate reserved role names

* Pull roles from saml/ldap

* Fix rspec

* Fix scrutinizer issues

* Fix email promoted/demoted tests

* Apply comments

* Redirect directly to the main room

* Add comments
This commit is contained in:
shawn-higgins1
2019-07-31 11:53:32 -04:00
committed by Jesus Federico
parent 02b342b157
commit 4fc1714db8
56 changed files with 1713 additions and 328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

283
spec/controllers/admins_controller_spec.rb
View File

@ -22,6 +22,7 @@ describe AdminsController, type: :controller do
before do
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
controller.instance_variable_set(:@user_domain, "provider1")
@user = create(:user, provider: "provider1")
@admin = create(:user, provider: "provider1")
@admin.add_role :admin
@ -58,53 +59,6 @@ describe AdminsController, type: :controller do
end
end
context "POST #promote" do
it "promotes a user to admin" do
@request.session[:user_id] = @admin.id
expect(@user.has_role?(:admin)).to eq(false)
post :promote, params: { user_uid: @user.uid }
expect(@user.has_role?(:admin)).to eq(true)
expect(flash[:success]).to be_present
expect(response).to redirect_to(admins_path)
end
it "sends an email to the user being promoted" do
@request.session[:user_id] = @admin.id
params = { user_uid: @user.uid }
expect { post :promote, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
end
end
context "POST #demote" do
it "demotes an admin to user" do
@request.session[:user_id] = @admin.id
@user.add_role :admin
expect(@user.has_role?(:admin)).to eq(true)
post :demote, params: { user_uid: @user.uid }
expect(@user.has_role?(:admin)).to eq(false)
expect(flash[:success]).to be_present
expect(response).to redirect_to(admins_path)
end
it "sends an email to the user being demoted" do
@request.session[:user_id] = @admin.id
@user.add_role :admin
params = { user_uid: @user.uid }
expect { post :demote, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
end
end
context "POST #ban" do
it "bans a user from the application" do
@request.session[:user_id] = @admin.id
@ -331,4 +285,239 @@ describe AdminsController, type: :controller do
end
end
end
describe "Roles" do
context "GET #roles" do
it "should render the roles editor with the user role selected" do
@request.session[:user_id] = @admin.id
get :roles
expect(response).to render_template :roles
expect(assigns(:roles).count).to eq(2)
expect(assigns(:selected_role).name).to eq("user")
end
it "should render the roles editor with the request role selected" do
Role.create_default_roles("provider1")
new_role = Role.create(name: "test", provider: "provider1")
@request.session[:user_id] = @admin.id
get :roles, params: { selected_role: new_role.id }
expect(response).to render_template :roles
expect(assigns(:roles).count).to eq(3)
expect(assigns(:selected_role).name).to eq(new_role.name)
end
end
context "POST #new_role" do
before do
Role.create_default_roles("provider1")
end
it "should fail with duplicate role name" do
@request.session[:user_id] = @admin.id
post :new_role, params: { role: { name: "admin" } }
expect(response).to redirect_to admin_roles_path
expect(flash[:alert]).to eq(I18n.t("administrator.roles.duplicate_name"))
end
it "should fail with empty role name" do
@request.session[:user_id] = @admin.id
post :new_role, params: { role: { name: " " } }
expect(response).to redirect_to admin_roles_path
expect(flash[:alert]).to eq(I18n.t("administrator.roles.empty_name"))
end
it "should create new role and increase user role priority" do
@request.session[:user_id] = @admin.id
post :new_role, params: { role: { name: "test" } }
new_role = Role.find_by(name: "test", provider: "provider1")
user_role = Role.find_by(name: "user", provider: "provider1")
expect(new_role.priority).to eq(1)
expect(user_role.priority).to eq(2)
expect(response).to redirect_to admin_roles_path(selected_role: new_role.id)
end
end
context "PATCH #change_role_order" do
before do
Role.create_default_roles("provider1")
end
it "should fail if user attempts to change the order of the admin or user roles" do
@request.session[:user_id] = @admin.id
user_role = Role.find_by(name: "user", provider: "provider1")
admin_role = Role.find_by(name: "admin", provider: "provider1")
patch :change_role_order, params: { role: [user_role.id, admin_role.id] }
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_order"))
expect(response).to redirect_to admin_roles_path
end
it "should fail if a user attempts to edit a role with a higher priority than their own" do
Role.create(name: "test1", priority: 1, provider: "greenlight")
new_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight", can_edit_roles: true)
new_role3 = Role.create(name: "test3", priority: 3, provider: "greenlight")
user_role = Role.find_by(name: "user", provider: "greenlight")
user_role.priority = 4
user_role.save!
@user.roles << new_role2
@user.save!
@request.session[:user_id] = @user.id
patch :change_role_order, params: { role: [new_role3.id, new_role2.id] }
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_update"))
expect(response).to redirect_to admin_roles_path
end
it "should fail if a user attempts to edit a role with a higher priority than their own" do
Role.create(name: "test1", priority: 1, provider: "greenlight")
new_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight", can_edit_roles: true)
new_role3 = Role.create(name: "test3", priority: 3, provider: "greenlight")
user_role = Role.find_by(name: "user", provider: "greenlight")
user_role.priority = 4
user_role.save!
@user.roles << new_role2
@user.save!
@request.session[:user_id] = @user.id
patch :change_role_order, params: { role: [new_role3.id, new_role2.id] }
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_update"))
expect(response).to redirect_to admin_roles_path
end
it "should update the role order" do
new_role1 = Role.create(name: "test1", priority: 1, provider: "provider1")
new_role2 = Role.create(name: "test2", priority: 2, provider: "provider1")
new_role3 = Role.create(name: "test3", priority: 3, provider: "provider1")
user_role = Role.find_by(name: "user", provider: "provider1")
@request.session[:user_id] = @admin.id
patch :change_role_order, params: { role: [new_role3.id, new_role2.id, new_role1.id] }
new_role1.reload
new_role2.reload
new_role3.reload
user_role.reload
expect(new_role3.priority).to eq(1)
expect(new_role2.priority).to eq(2)
expect(new_role1.priority).to eq(3)
expect(user_role.priority).to eq(4)
end
end
context 'POST #update_role' do
before do
Role.create_default_roles("provider1")
end
it "should fail to update a role with a lower priority than the user" do
new_role1 = Role.create(name: "test1", priority: 1, provider: "provider1")
new_role2 = Role.create(name: "test2", priority: 2, provider: "provider1", can_edit_roles: true)
user_role = Role.find_by(name: "user", provider: "greenlight")
user_role.priority = 3
user_role.save!
@user.roles << new_role2
@user.save!
@request.session[:user_id] = @user.id
patch :update_role, params: { role_id: new_role1.id }
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_update"))
expect(response).to redirect_to admin_roles_path(selected_role: new_role1.id)
end
it "should fail to update if there is a duplicate name" do
new_role = Role.create(name: "test2", priority: 1, provider: "provider1", can_edit_roles: true)
@request.session[:user_id] = @admin.id
patch :update_role, params: { role_id: new_role.id, role: { name: "admin" } }
expect(flash[:alert]).to eq(I18n.t("administrator.roles.duplicate_name"))
expect(response).to redirect_to admin_roles_path(selected_role: new_role.id)
end
it "should update role permisions" do
new_role = Role.create(name: "test2", priority: 1, provider: "provider1", can_edit_roles: true)
@request.session[:user_id] = @admin.id
patch :update_role, params: { role_id: new_role.id, role: { name: "test", can_edit_roles: false,
colour: "#45434", can_manage_users: true } }
new_role.reload
expect(new_role.name).to eq("test")
expect(new_role.can_edit_roles).to eq(false)
expect(new_role.colour).to eq("#45434")
expect(new_role.can_manage_users).to eq(true)
expect(new_role.send_promoted_email).to eq(false)
expect(response).to redirect_to admin_roles_path(selected_role: new_role.id)
end
end
context "DELETE delete_role" do
before do
Role.create_default_roles("provider1")
end
it "should fail to delete the role if it has users assigned to it" do
admin_role = Role.find_by(name: "admin", provider: "greenlight")
@request.session[:user_id] = @admin.id
delete :delete_role, params: { role_id: admin_role.id }
expect(flash[:alert]).to eq(I18n.t("administrator.roles.role_has_users", user_count: 1))
expect(response).to redirect_to admin_roles_path(selected_role: admin_role.id)
end
it "should fail to delete the role if it is a default role" do
pending_role = Role.find_by(name: "pending", provider: "provider1")
@request.session[:user_id] = @admin.id
delete :delete_role, params: { role_id: pending_role.id }
expect(response).to redirect_to admin_roles_path(selected_role: pending_role.id)
end
it "should successfully delete the role" do
new_role = Role.create(name: "test2", priority: 1, provider: "provider1", can_edit_roles: true)
@request.session[:user_id] = @admin.id
delete :delete_role, params: { role_id: new_role.id }
expect(Role.where(name: "test2", provider: "provider1").count).to eq(0)
expect(response).to redirect_to admin_roles_path
end
end
end
end