Project

General

Profile

« Previous | Next » 

Revision f54cb6a2

Added by Dominic Cleal over 7 years ago

fixes #18662 - stop default scope being overridden by association

Ensure the Taxonomix empty default scope isn't overridden by association
scopes which (effectively) calls `.where(:id => ...)` and overrides the
value of :id set in this default scope. This occurs on Rails 5.0 which
merges the scopes more correctly/effectively than 4.2, and so invisible
resources became visible through the association getter.

Like the case where there is at least one visible resource, a string SQL
fragment is used instead to prevent it being overridden by ActiveRecord.

The host test now uses an admin user as it was testing that the host's
environment was nil (since hostgroup#environment now returns nil due to
the default scope), rather than a present value. This failed on 5.0 when
hostgroup#environment returned the invisible record.

View differences:

app/models/concerns/taxonomix.rb
scope
when []
# If *no* taxable ids were found, then don't show any resources
scope.where(:id => [])
scope.where('1=0')
else
# We need to generate the WHERE part of the SQL query as a string,
# otherwise the default scope would set id on each new instance
test/controllers/hosts_controller_test.rb
}
}, set_session_user
end
new_host = Host.search_for('myotherfullhost').first
assert_equal new_host.environment, hostgroup.environment
assert_equal new_host.puppet_proxy, hostgroup.puppet_proxy
as_admin do
new_host = Host.search_for('myotherfullhost').first
assert new_host.environment.present?
assert_equal hostgroup.environment, new_host.environment
assert new_host.puppet_proxy.present?
assert_equal hostgroup.puppet_proxy, new_host.puppet_proxy
end
assert_redirected_to host_url(assigns['host'])
end
test/models/taxonomix_test.rb
end
end
test 'users can only see objects scoped to its current taxonomies' do
# Environment in organization 1 and location 1 cannot be seen by an user
# who is scoped to organization 1 and location 2
users(:one).organizations = [taxonomies(:organization1)]
users(:one).locations = [taxonomies(:location2)]
unreachable_env = FactoryGirl.create(
:environment,
:organizations => [taxonomies(:organization1)],
:locations => [taxonomies(:location1)])
context 'user with objects outside its current taxonomies' do
setup do
# Environment in organization 1 and location 1 cannot be seen by an user
# who is scoped to organization 1 and location 2
users(:one).organizations = [taxonomies(:organization1)]
users(:one).locations = [taxonomies(:location2)]
@unreachable_env = FactoryGirl.create(
:environment,
:organizations => [taxonomies(:organization1)],
:locations => [taxonomies(:location1)])
end
as_user(:one) do
assert_not_include Environment.all, unreachable_env
test 'via resource default scope' do
as_user(:one) do
assert_not_include Environment.all, @unreachable_env
end
end
context 'via resource association' do
setup do
@hg = FactoryGirl.create(:hostgroup, environment: @unreachable_env, locations: [taxonomies(:location2)], organizations: [taxonomies(:organization1)])
end
test 'via resource association with no reachable environments' do
as_user(:one) do
assert_empty Environment.all, "User should not see any environments for this test"
hg = Hostgroup.find(@hg.id)
refute hg.environment
assert_equal @unreachable_env.id, hg.environment_id
end
end
test 'via resource association with other reachable environments' do
# Create a reachable environment too, as scope_by_taxable_ids has a separate code path when
# one or more resources are visible to the user
FactoryGirl.create(:environment,
:organizations => [taxonomies(:organization1)],
:locations => [taxonomies(:location2)])
as_user(:one) do
hg = Hostgroup.find(@hg.id)
refute hg.environment
assert_equal @unreachable_env.id, hg.environment_id
end
end
end
end
end

Also available in: Unified diff