Skip to content
Permalink
Browse files

Fixes issue #2608 - missing default permission ("admin.trigger")

Zammad's permission model supports fine-grained permissions
so that, e.g, a user may be allowed to modify triggers but not channels.
Permissions are assigned to roles, which are then assigned to users.

A set of default permissions is provided in `db/seeds/permissions.rb`;
these are the permissions that appear in the admin interface
when creating a new role and selecting which permissions it grants.

Somehow, we forgot to include the "admin.trigger" permission in this
default set, and no one noticed until earlier this year.

Zammad Community: https://community.zammad.org/t/2584
  • Loading branch information...
rlue authored and thorsteneckel committed Oct 29, 2019
1 parent f204b89 commit 54d590491e75743f3e745b578bb1dd9300a662df
@@ -85,6 +85,7 @@ RSpec/FilePath:
- 'spec/db/migrate/issue_2345_es_attachment_max_size_in_mb_setting_lower_default_spec.rb'
- 'spec/db/migrate/issue_2368_add_indices_to_histories_and_tickets_spec.rb'
- 'spec/db/migrate/issue_2541_fix_notification_email_without_body_spec.rb'
- 'spec/db/migrate/issue_2608_missing_trigger_permission_spec.rb'
- 'spec/lib/import/base_factory_spec.rb'

# Offense count: 60
@@ -0,0 +1,13 @@
class Issue2608MissingTriggerPermission < ActiveRecord::Migration[5.2]
def up
return if !Setting.find_by(name: 'system_init_done')

Permission.create_if_not_exists(
name: 'admin.trigger',
note: 'Manage %s',
preferences: {
translations: ['Triggers']
},
)
end
end
@@ -80,6 +80,13 @@
translations: ['SLA']
},
)
Permission.create_if_not_exists(
name: 'admin.trigger',
note: 'Manage %s',
preferences: {
translations: ['Triggers']
},
)
Permission.create_if_not_exists(
name: 'admin.scheduler',
note: 'Manage %s',
@@ -0,0 +1,23 @@
require 'rails_helper'

RSpec.describe Issue2608MissingTriggerPermission, type: :db_migration do
let(:name) { 'admin.trigger' }

context 'when "admin.trigger" permission already exists' do
before { Permission.find_or_create_by(name: name) }

it 'does nothing' do
expect { migrate }.not_to change(Permission, :count)
end
end

context 'when "admin.trigger" permission does not exist' do
before { Permission.find_by(name: name)&.destroy }

it 'creates it' do
expect { migrate }
.to change(Permission, :count).by(1)
.and change { Permission.exists?(name: name) }.to(true)
end
end
end

0 comments on commit 54d5904

Please sign in to comment.
You can’t perform that action at this time.