lino.jorzick/greenlight
1
0
Fork 0
forked from External/greenlight
Code Issues Pull Requests Projects Releases Wiki Activity

Change permissions from columns to table entries (#762)

Browse Source
This commit is contained in:
shawn-higgins1
2019-08-27 11:30:25 -04:00
committed by farhatahmad
parent 01b8dbbd0e
commit 666231db6c
17 changed files with 163 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/concerns/emailer.rb
View File

@@ -128,7 +128,7 @@ module Emailer
end
def admin_emails
admins = User.all_users_with_roles.where(roles: { can_manage_users: true })
admins = User.all_users_with_roles.where(roles: { role_permissions: { name: "can_manage_users", value: "true" } })
if Rails.configuration.loadbalanced_configuration
admins = admins.without_role(:super_admin)

19
app/controllers/concerns/rolify.rb
View File

@@ -48,7 +48,7 @@ module Rolify
# Updates a user's roles
def update_roles(roles)
# Check that the user can manage users
return true unless current_user.highest_priority_role.can_manage_users
return true unless current_user.highest_priority_role.get_permission("can_manage_users")
new_roles = roles.split(' ').map(&:to_i)
old_roles = @user.roles.pluck(:id)
@@ -89,8 +89,8 @@ module Rolify
end
# Send promoted/demoted emails
added_roles.each { |role| send_user_promoted_email(@user, role) if role.send_promoted_email }
removed_roles.each { |role| send_user_demoted_email(@user, role) if role.send_demoted_email }
added_roles.each { |role| send_user_promoted_email(@user, role) if role.get_permission("send_promoted_email") }
removed_roles.each { |role| send_user_demoted_email(@user, role) if role.get_permission("send_demoted_email") }
# Update the roles
@user.roles.delete(removed_roles)
@@ -143,6 +143,16 @@ module Rolify
permission_params = params.require(:role).permit(:can_create_rooms, :send_promoted_email,
:send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users, :colour)
permission_params.transform_values! do |v|
if v == "0"
"false"
elsif v == "1"
"true"
else
v
end
end
# Role is a default role so users can't change the name
role_params[:name] = role.name if Role::RESERVED_ROLE_NAMES.include?(role.name)
@@ -154,7 +164,8 @@ module Rolify
return false
end
role.update(permission_params)
role.update(colour: permission_params[:colour])
role.update_all_role_permissions(permission_params)
role.save!
end

2
app/controllers/recordings_controller.rb
View File

@@ -58,7 +58,7 @@ class RecordingsController < ApplicationController
# Ensure the user is logged into the room they are accessing.
def verify_room_ownership
if !current_user || (!@room.owned_by?(current_user) &&
!current_user.highest_priority_role.can_edit_site_settings &&
!current_user.highest_priority_role.get_permission("can_edit_site_settings") &&
!current_user.has_role?(:super_admin))
redirect_to root_path
end

2
app/controllers/rooms_controller.rb
View File

@@ -63,7 +63,7 @@ class RoomsController < ApplicationController
# If its the current user's room
if current_user && @room.owned_by?(current_user)
if current_user.highest_priority_role.can_create_rooms
if current_user.highest_priority_role.get_permission("can_create_rooms")
# User is allowed to have rooms
@search, @order_column, @order_direction, recs =
recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)

9
app/models/ability.rb
View File

@@ -26,20 +26,21 @@ class Ability
can :manage, :all
else
highest_role = user.highest_priority_role
if highest_role.can_edit_site_settings
if highest_role.get_permission("can_edit_site_settings")
can [:index, :site_settings, :server_recordings, :update_settings, :coloring, :registration_method], :admin
end
if highest_role.can_edit_roles
if highest_role.get_permission("can_edit_roles")
can [:index, :roles, :new_role, :change_role_order, :update_role, :delete_role], :admin
end
if highest_role.can_manage_users
if highest_role.get_permission("can_manage_users")
can [:index, :roles, :edit_user, :promote, :demote, :ban_user, :unban_user,
:approve, :invite, :reset], :admin
end
if !highest_role.can_edit_site_settings && !highest_role.can_edit_roles && !highest_role.can_manage_users
if !highest_role.get_permission("can_edit_site_settings") && !highest_role.get_permission("can_edit_roles") &&
!highest_role.get_permission("can_manage_users")
cannot :manage, AdminsController
end
end

51
app/models/role.rb
View File

@@ -18,6 +18,7 @@
class Role < ApplicationRecord
has_and_belongs_to_many :users, join_table: :users_roles
has_many :role_permissions
default_scope { order(:priority) }
scope :by_priority, -> { order(:priority) }
@@ -30,15 +31,18 @@ class Role < ApplicationRecord
end
def self.create_default_roles(provider)
Role.create(name: "user", provider: provider, priority: 1, can_create_rooms: true, colour: "#868e96")
Role.create(name: "admin", provider: provider, priority: 0, can_create_rooms: true, send_promoted_email: true,
Role.create(name: "user", provider: provider, priority: 1, colour: "#868e96")
.update_all_role_permissions(can_create_rooms: true)
Role.create(name: "admin", provider: provider, priority: 0, colour: "#f1c40f")
.update_all_role_permissions(can_create_rooms: true, send_promoted_email: true,
send_demoted_email: true, can_edit_site_settings: true,
can_edit_roles: true, can_manage_users: true, colour: "#f1c40f")
Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8")
Role.create(name: "denied", provider: provider, priority: -1, colour: "#343a40")
Role.create(name: "super_admin", provider: provider, priority: -2, can_create_rooms: true,
can_edit_roles: true, can_manage_users: true)
Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8").update_all_role_permissions
Role.create(name: "denied", provider: provider, priority: -1, colour: "#343a40").update_all_role_permissions
Role.create(name: "super_admin", provider: provider, priority: -2, colour: "#cd201f")
.update_all_role_permissions(can_create_rooms: true,
send_promoted_email: true, send_demoted_email: true, can_edit_site_settings: true,
can_edit_roles: true, can_manage_users: true, colour: "#cd201f")
can_edit_roles: true, can_manage_users: true)
end
def self.create_new_role(role_name, provider)
@@ -56,4 +60,37 @@ class Role < ApplicationRecord
role
end
def update_all_role_permissions(permissions = {})
update_permission("can_create_rooms", permissions[:can_create_rooms].to_s)
update_permission("send_promoted_email", permissions[:send_promoted_email].to_s)
update_permission("send_demoted_email", permissions[:send_demoted_email].to_s)
update_permission("can_edit_site_settings", permissions[:can_edit_site_settings].to_s)
update_permission("can_edit_roles", permissions[:can_edit_roles].to_s)
update_permission("can_manage_users", permissions[:can_manage_users].to_s)
end
# Updates the value of the permission and enables it
def update_permission(name, value)
permission = role_permissions.find_or_create_by!(name: name)
permission.update_attributes(value: value, enabled: true)
end
# Returns the value if enabled or the default if not enabled
def get_permission(name, return_boolean = true)
permission = role_permissions.find_or_create_by!(name: name)
value = if permission[:enabled]
permission[:value]
else
"false"
end
if return_boolean
value == "true"
else
value
end
end
end

5
app/models/role_permission.rb Normal file
View File

@@ -0,0 +1,5 @@
# frozen_string_literal: true
class RolePermission < ApplicationRecord
belongs_to :role
end

8
app/models/user.rb
View File

@@ -29,7 +29,7 @@ class User < ApplicationRecord
has_many :rooms
belongs_to :main_room, class_name: 'Room', foreign_key: :room_id, required: false
has_and_belongs_to_many :roles, join_table: :users_roles
has_and_belongs_to_many :roles, -> { includes :role_permissions }, join_table: :users_roles
validates :name, length: { maximum: 256 }, presence: true
validates :provider, presence: true
@@ -163,11 +163,11 @@ class User < ApplicationRecord
if has_role? :super_admin
id != user.id
else
highest_priority_role.can_manage_users && (id != user.id) && (provider == user.provider) &&
highest_priority_role.get_permission("can_manage_users") && (id != user.id) && (provider == user.provider) &&
(!user.has_role? :super_admin)
end
else
(highest_priority_role.can_manage_users || (has_role? :super_admin)) && (id != user.id)
(highest_priority_role.get_permission("can_manage_users") || (has_role? :super_admin)) && (id != user.id)
end
end
@@ -230,7 +230,7 @@ class User < ApplicationRecord
def self.all_users_with_roles
User.joins("INNER JOIN users_roles ON users_roles.user_id = users.id INNER JOIN roles " \
"ON roles.id = users_roles.role_id")
"ON roles.id = users_roles.role_id INNER JOIN role_permissions ON roles.id = role_permissions.role_id").distinct
end
private

6
app/views/admins/components/_menu_buttons.html.erb
View File

@@ -16,12 +16,12 @@
<div class="list-group list-group-transparent mb-0">
<% highest_role = current_user.highest_priority_role %>
<% highest_role.name %>
<% if highest_role.can_manage_users || highest_role.name == "super_admin" %>
<% if highest_role.get_permission("can_manage_users") || highest_role.name == "super_admin" %>
<%= link_to admins_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "index"}" do %>
<span class="icon mr-3"><i class="fas fa-users"></i></span><%= t("administrator.users.title") %>
<% end %>
<% end %>
<% if highest_role.can_edit_site_settings || highest_role.name == "super_admin" %>
<% if highest_role.get_permission("can_edit_site_settings") || highest_role.name == "super_admin" %>
<%= link_to admin_recordings_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "server_recordings"}" do %>
<span class="icon mr-4"><i class="fas fa-video"></i></i></span><%= t("administrator.recordings.title") %>
<% end %>
@@ -29,7 +29,7 @@
<span class="icon mr-4"><i class="fas fa-cogs"></i></span><%= t("administrator.site_settings.title") %>
<% end %>
<% end %>
<% if highest_role.can_edit_roles || highest_role.name == "super_admin" %>
<% if highest_role.get_permission("can_edit_roles") || highest_role.name == "super_admin" %>
<%= link_to admin_roles_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "roles"}" do %>
<span class="icon mr-4"><i class="fas fa-user-tag"></i></i></span><%= t("administrator.roles.title") %>
<% end %>

26
app/views/admins/components/_roles.html.erb
View File

@@ -33,7 +33,7 @@
</div>
</div>
<div class="col-lg-9 <%="form-disable" if edit_disabled %>">
<%= form_for(@selected_role, url: admin_update_role_path(@selected_role.id), method: :post) do |f| %>
<%= form_with model: @selected_role, url: admin_update_role_path(@selected_role.id), method: :post do |f| %>
<%= f.label t('administrator.roles.name'), class: "form-label" %>
<%= f.text_field :name, class: 'form-control mb-3', value: translated_role_name(@selected_role), readonly: edit_disabled || @selected_role.name == "user" || @selected_role.name == "admin", required: true %>
@@ -48,34 +48,34 @@
</div>
</div>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.can_create_rooms %>">
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_create_rooms") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.can_create_rooms")%></span>
<%= f.check_box :can_create_rooms, class: "custom-switch-input", disabled: edit_disabled || !current_role.can_create_rooms %>
<%= f.check_box :can_create_rooms, checked: @selected_role.get_permission("can_create_rooms"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_create_rooms") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.send_promoted_email %>">
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("send_promoted_email") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.promote_email")%></span>
<%= f.check_box :send_promoted_email, class: "custom-switch-input", disabled: edit_disabled || !current_role.send_promoted_email %>
<%= f.check_box :send_promoted_email, checked: @selected_role.get_permission("send_promoted_email"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("send_promoted_email") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.send_demoted_email %>">
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("send_demoted_email") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.demote_email")%></span>
<%= f.check_box :send_demoted_email, class: "custom-switch-input", disabled: edit_disabled || !current_role.send_demoted_email %>
<%= f.check_box :send_demoted_email, checked: @selected_role.get_permission("send_demoted_email"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("send_demoted_email") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.can_edit_site_settings %>">
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_edit_site_settings") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.edit_site_settings")%></span>
<%= f.check_box :can_edit_site_settings, class: "custom-switch-input", disabled: edit_disabled || !current_role.can_edit_site_settings %>
<%= f.check_box :can_edit_site_settings, checked: @selected_role.get_permission("can_edit_site_settings"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_edit_site_settings") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.can_edit_roles %>">
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_edit_roles") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.edit_roles")%></span>
<%= f.check_box :can_edit_roles, class: "custom-switch-input", disabled: edit_disabled || !current_role.can_edit_roles %>
<%= f.check_box :can_edit_roles, checked: @selected_role.get_permission("can_edit_roles"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_edit_roles") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.can_manage_users %>">
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_manage_users") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.manage_users")%></span>
<%= f.check_box :can_manage_users, class: "custom-switch-input", disabled: edit_disabled || !current_role.can_manage_users %>
<%= f.check_box :can_manage_users, checked: @selected_role.get_permission("can_manage_users"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_manage_users") %>
<span class="custom-switch-indicator float-right"></span>
</label>

8
app/views/shared/_header.html.erb
View File

@@ -34,7 +34,7 @@
<i class="fas fa-home pr-1 "></i> <%= t("header.dropdown.home") %>
<% end %>
<% if current_user.highest_priority_role.can_create_rooms %>
<% if current_user.highest_priority_role.get_permission("can_create_rooms") %>
<% all_rec_page = params[:controller] == "users" && params[:action] == "recordings" ? "active" : "" %>
<%= link_to get_user_recordings_path(current_user), class: "px-3 mx-1 mt-1 header-nav #{all_rec_page}" do %>
<i class="fas fa-video pr-1"></i> <%= t("header.all_recordings") %>
@@ -59,15 +59,15 @@
<i class="dropdown-icon fas fa-id-card mr-3"></i><%= t("header.dropdown.settings") %>
<% end %>
<% highest_role = current_user.highest_priority_role %>
<% if highest_role.can_manage_users || highest_role.name == "super_admin" %>
<% if highest_role.get_permission("can_manage_users") || highest_role.name == "super_admin" %>
<%= link_to admins_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
<% end %>
<% elsif highest_role.can_edit_site_settings %>
<% elsif highest_role.get_permission("can_edit_site_settings") %>
<%= link_to admin_site_settings_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
<% end %>
<% elsif highest_role.can_edit_roles%>
<% elsif highest_role.get_permission("can_edit_roles")%>
<%= link_to admin_roles_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
<% end %>

6
app/views/users/components/_account.html.erb
View File

@@ -46,7 +46,7 @@
<% @user.roles.by_priority.each do |role| %>
<span id="<%= "user-role-tag_#{role.id}" %>" style="<%= "background-color: #{role_colour(role)};border-color: #{role_colour(role)};" %>" class="tag user-role-tag">
<%= translated_role_name(role) %>
<% if (current_user_role.can_manage_users || current_user_role.name == "super_admin") && (role.priority > current_user_role.priority || current_user_role.name == "admin") %>
<% if (current_user_role.get_permission("can_manage_users") || current_user_role.name == "super_admin") && (role.priority > current_user_role.priority || current_user_role.name == "admin") %>
<a data-role-id="<%= role.id %>" class="tag-addon clear-role">
<i data-role-id="<%= role.id %>" class="fas fa-times"></i>
</a>
@@ -54,11 +54,11 @@
</span>
<% end %>
</div>
<% if current_user_role.can_manage_users || current_user_role.name == "super_admin" %>
<% if current_user_role.get_permission("can_manage_users") || current_user_role.name == "super_admin" %>
<% provider = Rails.configuration.loadbalanced_configuration ? current_user.provider : "greenlight" %>
<%= f.select :roles, Role.editable_roles(@user_domain).map{|role| [translated_role_name(role), role.id, {'data-colour' => role_colour(role)}]}.unshift(["", nil, {'data-colour' => nil}]), {disabled: disabled_roles(@user)}, { class: "form-control custom-select", id: "role-select-dropdown" } %>
<% end %>
<%= f.hidden_field :role_ids, id: "user_role_ids", value: @user.roles.by_priority.pluck(:id) %>
<%= f.hidden_field :role_ids, id: "user_role_ids", value: @user.roles.by_priority.pluck(:id).uniq %>
<%= f.label t("settings.account.image"), class: "form-label mt-5" %>
<div class="row">

31
db/migrate/20190822134205_create_role_permissions.rb Normal file
View File

@@ -0,0 +1,31 @@
# frozen_string_literal: true
class CreateRolePermissions < ActiveRecord::Migration[5.2]
def change
create_table :role_permissions do |t|
t.string :name
t.string :value, default: ""
t.boolean :enabled, default: false
t.references :role, foreign_key: true
t.timestamps
end
Role.all.each do |role|
role.role_permissions.create(name: "can_create_rooms", value: role.can_create_rooms.to_s, enabled: true)
role.role_permissions.create(name: "send_promoted_email", value: role.send_promoted_email.to_s, enabled: true)
role.role_permissions.create(name: "send_demoted_email", value: role.send_demoted_email.to_s, enabled: true)
role.role_permissions.create(name: "can_edit_site_settings", value: role.can_edit_site_settings.to_s,
enabled: true)
role.role_permissions.create(name: "can_edit_roles", value: role.can_edit_roles.to_s, enabled: true)
role.role_permissions.create(name: "can_manage_users", value: role.can_manage_users.to_s, enabled: true)
end
remove_column :roles, :can_create_rooms
remove_column :roles, :send_promoted_email
remove_column :roles, :send_demoted_email
remove_column :roles, :can_edit_site_settings
remove_column :roles, :can_edit_roles
remove_column :roles, :can_manage_users
end
end

18
db/schema.rb
View File

@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2019_07_26_153012) do
ActiveRecord::Schema.define(version: 2019_08_22_134205) do
create_table "features", force: :cascade do |t|
t.integer "setting_id"
@@ -33,15 +33,19 @@ ActiveRecord::Schema.define(version: 2019_07_26_153012) do
t.index ["provider"], name: "index_invitations_on_provider"
end
create_table "role_permissions", force: :cascade do |t|
t.string "name"
t.string "value", default: ""
t.boolean "enabled", default: false
t.integer "role_id"
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.index ["role_id"], name: "index_role_permissions_on_role_id"
end
create_table "roles", force: :cascade do |t|
t.string "name"
t.integer "priority", default: 9999
t.boolean "can_create_rooms", default: false
t.boolean "send_promoted_email", default: false
t.boolean "send_demoted_email", default: false
t.boolean "can_edit_site_settings", default: false
t.boolean "can_edit_roles", default: false
t.boolean "can_manage_users", default: false
t.string "colour"
t.string "provider"
t.datetime "created_at", null: false

24
spec/controllers/admins_controller_spec.rb
View File

@@ -398,7 +398,8 @@ describe AdminsController, type: :controller do
it "should fail if a user attempts to edit a role with a higher priority than their own" do
Role.create(name: "test1", priority: 1, provider: "greenlight")
new_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight", can_edit_roles: true)
new_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight")
new_role2.update_permission("can_edit_roles", "true")
new_role3 = Role.create(name: "test3", priority: 3, provider: "greenlight")
user_role = Role.find_by(name: "user", provider: "greenlight")
@@ -418,7 +419,8 @@ describe AdminsController, type: :controller do
it "should fail if a user attempts to edit a role with a higher priority than their own" do
Role.create(name: "test1", priority: 1, provider: "greenlight")
new_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight", can_edit_roles: true)
new_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight")
new_role2.update_permission("can_edit_roles", "true")
new_role3 = Role.create(name: "test3", priority: 3, provider: "greenlight")
user_role = Role.find_by(name: "user", provider: "greenlight")
@@ -465,7 +467,8 @@ describe AdminsController, type: :controller do
it "should fail to update a role with a lower priority than the user" do
new_role1 = Role.create(name: "test1", priority: 1, provider: "provider1")
new_role2 = Role.create(name: "test2", priority: 2, provider: "provider1", can_edit_roles: true)
new_role2 = Role.create(name: "test2", priority: 2, provider: "provider1")
new_role2.update_permission("can_edit_roles", "true")
user_role = Role.find_by(name: "user", provider: "greenlight")
user_role.priority = 3
@@ -483,7 +486,8 @@ describe AdminsController, type: :controller do
end
it "should fail to update if there is a duplicate name" do
new_role = Role.create(name: "test2", priority: 1, provider: "provider1", can_edit_roles: true)
new_role = Role.create(name: "test2", priority: 1, provider: "provider1")
new_role.update_permission("can_edit_roles", "true")
@request.session[:user_id] = @admin.id
@@ -494,7 +498,8 @@ describe AdminsController, type: :controller do
end
it "should update role permisions" do
new_role = Role.create(name: "test2", priority: 1, provider: "provider1", can_edit_roles: true)
new_role = Role.create(name: "test2", priority: 1, provider: "provider1")
new_role.update_permission("can_edit_roles", "true")
@request.session[:user_id] = @admin.id
@@ -503,10 +508,10 @@ describe AdminsController, type: :controller do
new_role.reload
expect(new_role.name).to eq("test")
expect(new_role.can_edit_roles).to eq(false)
expect(new_role.get_permission("can_edit_roles")).to eq(false)
expect(new_role.colour).to eq("#45434")
expect(new_role.can_manage_users).to eq(true)
expect(new_role.send_promoted_email).to eq(false)
expect(new_role.get_permission("can_manage_users")).to eq(true)
expect(new_role.get_permission("send_promoted_email")).to eq(false)
expect(response).to redirect_to admin_roles_path(selected_role: new_role.id)
end
end
@@ -538,7 +543,8 @@ describe AdminsController, type: :controller do
end
it "should successfully delete the role" do
new_role = Role.create(name: "test2", priority: 1, provider: "provider1", can_edit_roles: true)
new_role = Role.create(name: "test2", priority: 1, provider: "provider1")
new_role.update_permission("can_edit_roles", "true")
@request.session[:user_id] = @admin.id

2
spec/controllers/rooms_controller_spec.rb
View File

@@ -66,7 +66,7 @@ describe RoomsController, type: :controller do
it "should render cant_create_rooms if user doesn't have permission to create rooms" do
user_role = @user.highest_priority_role
user_role.can_create_rooms = false
user_role.update_permission("can_create_rooms", "false")
user_role.save!
@request.session[:user_id] = @user.id

10
spec/controllers/users_controller_spec.rb
View File

@@ -308,7 +308,7 @@ describe UsersController, type: :controller do
user_role = user.highest_priority_role
user_role.can_manage_users = true
user_role.update_permission("can_manage_users", "true")
user_role.save!
@@ -331,7 +331,7 @@ describe UsersController, type: :controller do
user_role = user.highest_priority_role
user_role.can_manage_users = true
user_role.update_permission("can_manage_users", "true")
user_role.save!
@@ -354,7 +354,8 @@ describe UsersController, type: :controller do
@request.session[:user_id] = admin.id
tmp_role1 = Role.create(name: "test1", priority: 1, provider: "greenlight", send_promoted_email: true)
tmp_role1 = Role.create(name: "test1", priority: 1, provider: "greenlight")
tmp_role1.update_permission("send_promoted_email", "true")
tmp_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight")
params = random_valid_user_params
@@ -374,7 +375,8 @@ describe UsersController, type: :controller do
admin.add_role :admin
tmp_role1 = Role.create(name: "test1", priority: 1, provider: "greenlight", send_demoted_email: true)
tmp_role1 = Role.create(name: "test1", priority: 1, provider: "greenlight")
tmp_role1.update_permission("send_demoted_email", "true")
user.roles << tmp_role1
user.save!