Skip to content

Commit

Permalink
Treat empty values for member permissions IDs better
Browse files Browse the repository at this point in the history
  • Loading branch information
@mayorova
mayorova committed Nov 14, 2024
1 parent 7a4fdb5 commit 06db7c6
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
5 changes: 2 additions & 3 deletions app/models/user/permissions.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@ module User::Permissions
extend ActiveSupport::Concern

ATTRIBUTES = %I[role member_permission_ids member_permission_service_ids].freeze
# The value that can be used for setting the member permission service ids to empty array
EMPTY_VALUE = "[]"

included do
has_many :member_permissions, dependent: :destroy, autosave: true
Expand Down Expand Up @@ -60,7 +58,8 @@ def member_permission_ids=(roles)

def member_permission_service_ids=(service_ids)
if service_ids.is_a? Array
service_ids = (service_ids.compact_blank - [EMPTY_VALUE]).map(&:to_i)
# remove all non-integer values
service_ids = service_ids.map { Integer(_1, exception: false) }.compact_blank
member_permission = services_member_permission || member_permissions.build(admin_section: :services)
member_permission.service_ids = service_ids & existing_service_ids
elsif service_ids.blank?
Expand Down
8 changes: 7 additions & 1 deletion test/unit/user/permissions_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ class User::PermissionsTest < ActiveSupport::TestCase
assert_equal 1, user.admin_sections.size

# all values have the same effect
[[], [""], ["[]"]].each do |service_ids_empty_value|
[[], [""], ["[]"], ["xyz"]].each do |service_ids_empty_value|
user.update(member_permission_service_ids: service_ids_empty_value)
assert_not user.has_access_to_service?(42)
assert_equal Set[:partners, :services], user.admin_sections
Expand All @@ -93,6 +93,12 @@ class User::PermissionsTest < ActiveSupport::TestCase
assert_equal Set[:partners, :services], user.admin_sections
assert_equal [42], user.member_permission_service_ids
end

# if 0 is a valid service_id, it can be set as an allowed service
user.stubs(:existing_service_ids).returns([0, 42])
user.update(member_permission_service_ids: ['0'])
assert user.has_access_to_service?(0)
assert_equal [0], user.member_permission_service_ids
end

test 'member_permission_service_ids= filters the services list before saving' do
Expand Down

0 comments on commit 06db7c6

Please sign in to comment.