Bug Fix: ensure only permissions on the correct asset are removed.

fatfreecrm · Jul 27, 2012 · b3eeaa0 · b3eeaa0
1 parent c8a064c
commit b3eeaa0
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/lib/fat_free_crm/permissions.rb b/lib/fat_free_crm/permissions.rb
@@ -58,7 +58,7 @@ def #{model}_ids=(value)
             else
               value.map!{|c| c.split(',')} if value.map{|v| v.to_s.include?(',')}.any? # fix for a bug in "Chosen" which gives values like ["", "1,2,3"] 
               value = value.flatten.reject(&:blank?).uniq.map(&:to_i)
-              permissions_to_remove = Permission.find_all_by_#{model}_id_and_asset_id(self.#{model}_ids - value, self.id)
+              permissions_to_remove = Permission.find_all_by_#{model}_id_and_asset_id_and_asset_type(self.#{model}_ids - value, self.id, self.class)
               permissions_to_remove.each {|p| (permissions.delete(p); p.destroy)}
               (value - self.#{model}_ids).each {|id| permissions.build(:#{model}_id => id)}
             end
@@ -81,7 +81,7 @@ def access=(value)
       #--------------------------------------------------------------------------
       def remove_permissions
         # we don't use dependent => :destroy so must manually remove
-        permissions_to_remove = Permission.find_all_by_asset_id(self.id)
+        permissions_to_remove = Permission.find_all_by_asset_id_and_asset_type(self.id, self.class)
         permissions_to_remove.each {|p| (permissions.delete(p); p.destroy)}
       end
 

diff --git a/spec/lib/permissions_spec.rb b/spec/lib/permissions_spec.rb
@@ -92,13 +92,13 @@
     it "should delete all permissions if access is set to Public" do
       perm = FactoryGirl.create(:permission, :user_id => 1, :asset => @entity)
       perm.should_receive(:destroy)
-      Permission.should_receive(:find_all_by_asset_id).with(@entity.id).and_return([perm])
+      Permission.should_receive(:find_all_by_asset_id_and_asset_type).with(@entity.id, @entity.class).and_return([perm])
       @entity.update_attribute(:access, 'Public')
     end
     it "should delete all permissions if access is set to Private" do
       perm = FactoryGirl.create(:permission, :user_id => 1, :asset => @entity)
       perm.should_receive(:destroy)
-      Permission.should_receive(:find_all_by_asset_id).with(@entity.id).and_return([perm])
+      Permission.should_receive(:find_all_by_asset_id_and_asset_type).with(@entity.id, @entity.class).and_return([perm])
       @entity.update_attribute(:access, 'Private')
     end
     it "should not remove permissions if access is set to Shared" do