Merge branch 'master' of github.com:fatfreecrm/fat_free_crm

CHANGELOG.md

@@ -4,12 +4,24 @@ It does not matter how slowly you go as long as you do not stop.
 First they ignore you, then they laugh at you, then they fight you,
 then you win. –- Mahatma Gandhi
 
-Unreleased (0.15.0-beta.3)
+Unreleased (0.15.0)
 ---------------------------------------------------------------------
 This release upgrades to rails 5.0.0
- - Fixes #500 - Upgrade rails
- - Fixes #554 - Upgrade authlogic
- - A variety of other minor gem upgrades
+ - #500 - Upgrade rails
+ - #554 - Upgrade authlogic
+ - #614 - Rails5 warnings
+ - #643 Use FixtureSet instead of Fixtures module 
+ - #642 Cleanup: Use Ruby style guide syntax for arrays
+ - #640 Speed up builds with Bootsnap
+ - #639 Code cleanup: Remove block-end comments (extracted from Rubocop PR) 
+ - #637 Replace render :text with render :plain (Rails 5.1 prep) 
+ - #636 Upgrade Migrations (preparation for Rails 5.1) 
+ - #635 Fix alias_method_chain via @johnnyshields 
+ - #632 Fix Travis CI chrome runs; Travis now requiring Chrome as an addon 
+ - #628 Security Update on 2017-11-29 
+ - #626 Use headless Chrome browser for feature testing 
+ - #623 Fix license Rake task 
+ - #617 Bundle Update on 2017-07-19 
 
 Thu Feb 23, 2017 (0.15.0-beta.2)
 ---------------------------------------------------------------------

CONTRIBUTORS → CONTRIBUTORS.md

@@ -16,7 +16,7 @@ translations to the Fat Free CRM:
   * Codemis
   * Craig Ulliott (USA)
   * Daniel Jabbour (USA)
-  * Daniel O'Connor
+  * Daniel O'Connor (@CloCkWeRX)
   * David Cornu
   * David Keita
   * Dirk Kelly (Australia)
@@ -38,6 +38,7 @@ translations to the Fat Free CRM:
   * James Zhang (China)
   * Jan Schulz-Hofen
   * Jim Gay (USA)
+  * Johnny Shields (@jonnyshields)
   * Josef Chmel
   * Jose Luis Gordo Romero (Spain)
   * Joseph Near

app/models/users/permission.rb

@@ -23,5 +23,7 @@ class Permission < ActiveRecord::Base
   validates_presence_of :user_id, unless: :group_id?
   validates_presence_of :group_id, unless: :user_id?
 
+  validates_uniqueness_of :user_id, scope: %i[group_id asset_id asset_type]
+
   ActiveSupport.run_load_hooks(:fat_free_crm_permission, self)
 end

lib/fat_free_crm/permissions.rb

@@ -44,7 +44,7 @@ def #{model}_ids=(value)
               permissions_to_remove = Permission.where(
                 #{model}_id: self.#{model}_ids - value,
                 asset_id: self.id,
-                asset_type: self.class
+                asset_type: self.class.name
               )
               permissions_to_remove.each {|p| (permissions.delete(p); p.destroy)}
               (value - self.#{model}_ids).each {|id| permissions.build(:#{model}_id => id)}
@@ -69,7 +69,7 @@ def access=(value)
       def remove_permissions
         # we don't use dependent => :destroy so must manually remove
         if id && self.class
-          permissions_to_remove = Permission.where(asset_id: id, asset_type: self.class.to_s).to_a
+          permissions_to_remove = Permission.where(asset_id: id, asset_type: self.class.name).to_a
         else
           permissions_to_remove = []
         end

lib/tasks/ffcrm/demo.rake

@@ -10,7 +10,7 @@ namespace :ffcrm do
       # Load fixtures
       require 'active_record/fixtures'
       Dir.glob(FatFreeCRM.root.join('db', 'demo', '*.{yml,csv}')).each do |fixture_file|
-        ActiveRecord::Fixtures.create_fixtures(FatFreeCRM.root.join('db/demo'), File.basename(fixture_file, '.*'))
+        ActiveRecord::FixtureSet.create_fixtures(FatFreeCRM.root.join('db/demo'), File.basename(fixture_file, '.*'))
       end
 
       def create_version(options)

spec/lib/permissions_spec.rb

@@ -137,4 +137,30 @@
       entity.save_with_model_permissions(model)
     end
   end
+
+  describe 'remove_permissions' do
+    context 'with a new record' do
+      before :each do
+        @entity = UserWithPermission.new
+      end
+      it 'should have no relationships to destroy' do
+        expect(@entity.remove_permissions).to eq []
+      end
+    end
+
+    context 'with an existing record' do
+      before :each do
+        @entity = UserWithPermission.create
+
+        @permission1 = Permission.create(user_id: 1, group_id: 1, asset_id: @entity.id, asset_type: 'UserWithPermission')
+        @permission2 = Permission.create(user_id: 1, group_id: 2, asset_id: @entity.id, asset_type: 'UserWithPermission')
+      end
+      it 'should remove the related permissions' do
+        current = Permission.all.count
+
+        expect(@entity.remove_permissions.length).to eq 2
+        expect(Permission.all.count).to eq(current - 2)
+      end
+    end
+  end
 end

spec/models/users/permission_spec.rb

@@ -45,4 +45,12 @@
     expect(p.errors['user_id']).to eq(["can't be blank"])
     expect(p.errors['group_id']).to eq(["can't be blank"])
   end
+
+  it 'should not allow duplicate records with (user_id, group_id, asset_type, asset_ids) the same' do
+    permission1 = Permission.create(user_id: 1, group_id: 1, asset_id: 1, asset_type: 'UserWithPermission')
+    permission2 = Permission.new(user_id: 1, group_id: 1, asset_id: 1, asset_type: 'UserWithPermission')
+
+    expect(permission1).to be_valid
+    expect(permission2).not_to be_valid
+  end
 end