Revision 4ec71610
Added by Marek Hulán almost 9 years ago
| app/helpers/layout_helper.rb | ||
|---|---|---|
|
private
|
||
|
|
||
|
def authorized_associations(associations)
|
||
|
associations.included_modules.include?(Authorizable) ? associations.authorized : associations
|
||
|
if associations.included_modules.include?(Authorizable)
|
||
|
if associations.respond_to?(:klass)
|
||
|
associations.authorized(authorized_associations_permission_name(associations.klass), associations.klass)
|
||
|
else
|
||
|
associations.authorized(authorized_associations_permission_name(associations), associations)
|
||
|
end
|
||
|
else
|
||
|
associations
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def authorized_associations_permission_name(klass)
|
||
|
Permission.find_by_name("view_#{klass.to_s.underscore.pluralize}").try(:name)
|
||
|
end
|
||
|
end
|
||
| app/models/concerns/taxonomix.rb | ||
|---|---|---|
|
|
||
|
next if (User.current.nil? || User.current.send("#{assoc}").empty?) || (!new_record? && !self.send("#{key}_changed?"))
|
||
|
|
||
|
allowed = taxonomy.authorized("assign_#{assoc}", taxonomy).pluck(:id).to_set
|
||
|
allowed = taxonomy.authorized("assign_#{assoc}", taxonomy).pluck(:id).to_set.union(self.send("#{key}_was"))
|
||
|
tried = self.send(key).to_set
|
||
|
|
||
|
if tried.empty? || !tried.subset?(allowed)
|
||
| test/unit/taxonomix_test.rb | ||
|---|---|---|
|
visible.each { |env| assert_includes taxable_ids, env.id }
|
||
|
invisible.each { |env| refute_includes taxable_ids, env.id }
|
||
|
end
|
||
|
|
||
|
test "validation does not prevent taxonomy association if user does not have permissions of already assigned taxonomies" do
|
||
|
filter = FactoryGirl.create(:filter, :search => 'name ~ visible*')
|
||
|
filter.permissions = Permission.where(:name => [ 'view_organizations', 'assign_organizations' ])
|
||
|
role = FactoryGirl.create(:role)
|
||
|
role.filters = [ filter ]
|
||
|
|
||
|
user = FactoryGirl.create(:user)
|
||
|
user.roles = [ role ]
|
||
|
org1 = FactoryGirl.create :organization, :name => 'visible1'
|
||
|
org2 = FactoryGirl.create :organization, :name => 'visible2'
|
||
|
org3 = FactoryGirl.create :organization, :name => 'hidden'
|
||
|
user.organizations = [ org1 ]
|
||
|
|
||
|
resource = FactoryGirl.create(:domain, :organizations => [ org1, org3 ])
|
||
|
assert_includes resource.organizations, org3
|
||
|
|
||
|
as_user user do
|
||
|
resource.organization_ids = [ org1, org2, org3 ].map(&:id)
|
||
|
assert resource.save!
|
||
|
end
|
||
|
|
||
|
assert_includes resource.organizations, org1
|
||
|
assert_includes resource.organizations, org2
|
||
|
assert_includes resource.organizations, org3
|
||
|
end
|
||
|
end
|
||
Also available in: Unified diff
Fixes #11187 - explicitly pass resource_type and permission to check