Add support for editing labelling of one's own role (#18812)

Still disallow edition of rank or permissions
This commit is contained in:
Claire 2022-07-17 13:37:30 +02:00 committed by GitHub
parent 05e39dc619
commit ecb3bb3256
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 11 deletions

View file

@ -90,6 +90,7 @@ class UserRole < ApplicationRecord
validate :validate_permissions_elevation validate :validate_permissions_elevation
validate :validate_position_elevation validate :validate_position_elevation
validate :validate_dangerous_permissions validate :validate_dangerous_permissions
validate :validate_own_role_edition
before_validation :set_position before_validation :set_position
@ -165,6 +166,12 @@ class UserRole < ApplicationRecord
self.position = -1 if everyone? self.position = -1 if everyone?
end end
def validate_own_role_edition
return unless defined?(@current_account) && @current_account.user_role.id == id
errors.add(:permissions_as_keys, :own_role) if permissions_changed?
errors.add(:position, :own_role) if position_changed?
end
def validate_permissions_elevation def validate_permissions_elevation
errors.add(:permissions_as_keys, :elevated) if defined?(@current_account) && @current_account.user_role.computed_permissions & permissions != permissions errors.add(:permissions_as_keys, :elevated) if defined?(@current_account) && @current_account.user_role.computed_permissions & permissions != permissions
end end

View file

@ -10,7 +10,7 @@ class UserRolePolicy < ApplicationPolicy
end end
def update? def update?
role.can?(:manage_roles) && role.overrides?(record) role.can?(:manage_roles) && (role.overrides?(record) || role.id == record.id)
end end
def destroy? def destroy?

View file

@ -8,6 +8,7 @@
.fields-group .fields-group
= f.input :name, wrapper: :with_label = f.input :name, wrapper: :with_label
- unless current_user.role.id == @role.id
.fields-group .fields-group
= f.input :position, wrapper: :with_label, input_html: { max: current_user.role.position - 1 } = f.input :position, wrapper: :with_label, input_html: { max: current_user.role.position - 1 }
@ -21,6 +22,8 @@
%hr.spacer/ %hr.spacer/
- unless current_user.role.id == @role.id
.field-group .field-group
.input.with_block_label .input.with_block_label
%label= t('simple_form.labels.user_role.permissions_as_keys') %label= t('simple_form.labels.user_role.permissions_as_keys')

View file

@ -45,5 +45,7 @@ en:
permissions_as_keys: permissions_as_keys:
dangerous: include permissions that are not safe for the base role dangerous: include permissions that are not safe for the base role
elevated: cannot include permissions your current role does not possess elevated: cannot include permissions your current role does not possess
own_role: cannot be changed with your current role
position: position:
elevated: cannot be higher than your current role elevated: cannot be higher than your current role
own_role: cannot be changed with your current role