Add support for editing labelling of one's own role (#18812)
Still disallow edition of rank or permissionsgh/stable
parent
05e39dc619
commit
ecb3bb3256
|
@ -90,6 +90,7 @@ class UserRole < ApplicationRecord
|
||||||
validate :validate_permissions_elevation
|
validate :validate_permissions_elevation
|
||||||
validate :validate_position_elevation
|
validate :validate_position_elevation
|
||||||
validate :validate_dangerous_permissions
|
validate :validate_dangerous_permissions
|
||||||
|
validate :validate_own_role_edition
|
||||||
|
|
||||||
before_validation :set_position
|
before_validation :set_position
|
||||||
|
|
||||||
|
@ -165,6 +166,12 @@ class UserRole < ApplicationRecord
|
||||||
self.position = -1 if everyone?
|
self.position = -1 if everyone?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def validate_own_role_edition
|
||||||
|
return unless defined?(@current_account) && @current_account.user_role.id == id
|
||||||
|
errors.add(:permissions_as_keys, :own_role) if permissions_changed?
|
||||||
|
errors.add(:position, :own_role) if position_changed?
|
||||||
|
end
|
||||||
|
|
||||||
def validate_permissions_elevation
|
def validate_permissions_elevation
|
||||||
errors.add(:permissions_as_keys, :elevated) if defined?(@current_account) && @current_account.user_role.computed_permissions & permissions != permissions
|
errors.add(:permissions_as_keys, :elevated) if defined?(@current_account) && @current_account.user_role.computed_permissions & permissions != permissions
|
||||||
end
|
end
|
||||||
|
|
|
@ -10,7 +10,7 @@ class UserRolePolicy < ApplicationPolicy
|
||||||
end
|
end
|
||||||
|
|
||||||
def update?
|
def update?
|
||||||
role.can?(:manage_roles) && role.overrides?(record)
|
role.can?(:manage_roles) && (role.overrides?(record) || role.id == record.id)
|
||||||
end
|
end
|
||||||
|
|
||||||
def destroy?
|
def destroy?
|
||||||
|
|
|
@ -8,8 +8,9 @@
|
||||||
.fields-group
|
.fields-group
|
||||||
= f.input :name, wrapper: :with_label
|
= f.input :name, wrapper: :with_label
|
||||||
|
|
||||||
.fields-group
|
- unless current_user.role.id == @role.id
|
||||||
= f.input :position, wrapper: :with_label, input_html: { max: current_user.role.position - 1 }
|
.fields-group
|
||||||
|
= f.input :position, wrapper: :with_label, input_html: { max: current_user.role.position - 1 }
|
||||||
|
|
||||||
.fields-group
|
.fields-group
|
||||||
= f.input :color, wrapper: :with_label, input_html: { placeholder: '#000000' }
|
= f.input :color, wrapper: :with_label, input_html: { placeholder: '#000000' }
|
||||||
|
@ -21,17 +22,19 @@
|
||||||
|
|
||||||
%hr.spacer/
|
%hr.spacer/
|
||||||
|
|
||||||
.field-group
|
- unless current_user.role.id == @role.id
|
||||||
.input.with_block_label
|
|
||||||
%label= t('simple_form.labels.user_role.permissions_as_keys')
|
|
||||||
%span.hint= t('simple_form.hints.user_role.permissions_as_keys')
|
|
||||||
|
|
||||||
- (@role.everyone? ? UserRole::Flags::CATEGORIES.slice(:invites) : UserRole::Flags::CATEGORIES).each do |category, permissions|
|
.field-group
|
||||||
%h4= t(category, scope: 'admin.roles.categories')
|
.input.with_block_label
|
||||||
|
%label= t('simple_form.labels.user_role.permissions_as_keys')
|
||||||
|
%span.hint= t('simple_form.hints.user_role.permissions_as_keys')
|
||||||
|
|
||||||
= f.input :permissions_as_keys, collection: permissions, wrapper: :with_block_label, include_blank: false, label_method: lambda { |privilege| safe_join([t("admin.roles.privileges.#{privilege}"), content_tag(:span, t("admin.roles.privileges.#{privilege}_description"), class: 'hint')]) }, required: false, as: :check_boxes, collection_wrapper_tag: 'ul', item_wrapper_tag: 'li', label: false, hint: false, disabled: permissions.filter { |privilege| UserRole::FLAGS[privilege] & current_user.role.computed_permissions == 0 }
|
- (@role.everyone? ? UserRole::Flags::CATEGORIES.slice(:invites) : UserRole::Flags::CATEGORIES).each do |category, permissions|
|
||||||
|
%h4= t(category, scope: 'admin.roles.categories')
|
||||||
|
|
||||||
%hr.spacer/
|
= f.input :permissions_as_keys, collection: permissions, wrapper: :with_block_label, include_blank: false, label_method: lambda { |privilege| safe_join([t("admin.roles.privileges.#{privilege}"), content_tag(:span, t("admin.roles.privileges.#{privilege}_description"), class: 'hint')]) }, required: false, as: :check_boxes, collection_wrapper_tag: 'ul', item_wrapper_tag: 'li', label: false, hint: false, disabled: permissions.filter { |privilege| UserRole::FLAGS[privilege] & current_user.role.computed_permissions == 0 }
|
||||||
|
|
||||||
|
%hr.spacer/
|
||||||
|
|
||||||
.actions
|
.actions
|
||||||
= f.button :button, @role.new_record? ? t('admin.roles.add_new') : t('generic.save_changes'), type: :submit
|
= f.button :button, @role.new_record? ? t('admin.roles.add_new') : t('generic.save_changes'), type: :submit
|
||||||
|
|
|
@ -45,5 +45,7 @@ en:
|
||||||
permissions_as_keys:
|
permissions_as_keys:
|
||||||
dangerous: include permissions that are not safe for the base role
|
dangerous: include permissions that are not safe for the base role
|
||||||
elevated: cannot include permissions your current role does not possess
|
elevated: cannot include permissions your current role does not possess
|
||||||
|
own_role: cannot be changed with your current role
|
||||||
position:
|
position:
|
||||||
elevated: cannot be higher than your current role
|
elevated: cannot be higher than your current role
|
||||||
|
own_role: cannot be changed with your current role
|
||||||
|
|
Reference in New Issue