Revision f54cb6a2
Added by Dominic Cleal over 7 years ago
app/models/concerns/taxonomix.rb | ||
---|---|---|
scope
|
||
when []
|
||
# If *no* taxable ids were found, then don't show any resources
|
||
scope.where(:id => [])
|
||
scope.where('1=0')
|
||
else
|
||
# We need to generate the WHERE part of the SQL query as a string,
|
||
# otherwise the default scope would set id on each new instance
|
test/controllers/hosts_controller_test.rb | ||
---|---|---|
}
|
||
}, set_session_user
|
||
end
|
||
new_host = Host.search_for('myotherfullhost').first
|
||
assert_equal new_host.environment, hostgroup.environment
|
||
assert_equal new_host.puppet_proxy, hostgroup.puppet_proxy
|
||
as_admin do
|
||
new_host = Host.search_for('myotherfullhost').first
|
||
assert new_host.environment.present?
|
||
assert_equal hostgroup.environment, new_host.environment
|
||
assert new_host.puppet_proxy.present?
|
||
assert_equal hostgroup.puppet_proxy, new_host.puppet_proxy
|
||
end
|
||
assert_redirected_to host_url(assigns['host'])
|
||
end
|
||
|
test/models/taxonomix_test.rb | ||
---|---|---|
end
|
||
end
|
||
|
||
test 'users can only see objects scoped to its current taxonomies' do
|
||
# Environment in organization 1 and location 1 cannot be seen by an user
|
||
# who is scoped to organization 1 and location 2
|
||
users(:one).organizations = [taxonomies(:organization1)]
|
||
users(:one).locations = [taxonomies(:location2)]
|
||
unreachable_env = FactoryGirl.create(
|
||
:environment,
|
||
:organizations => [taxonomies(:organization1)],
|
||
:locations => [taxonomies(:location1)])
|
||
context 'user with objects outside its current taxonomies' do
|
||
setup do
|
||
# Environment in organization 1 and location 1 cannot be seen by an user
|
||
# who is scoped to organization 1 and location 2
|
||
users(:one).organizations = [taxonomies(:organization1)]
|
||
users(:one).locations = [taxonomies(:location2)]
|
||
@unreachable_env = FactoryGirl.create(
|
||
:environment,
|
||
:organizations => [taxonomies(:organization1)],
|
||
:locations => [taxonomies(:location1)])
|
||
end
|
||
|
||
as_user(:one) do
|
||
assert_not_include Environment.all, unreachable_env
|
||
test 'via resource default scope' do
|
||
as_user(:one) do
|
||
assert_not_include Environment.all, @unreachable_env
|
||
end
|
||
end
|
||
|
||
context 'via resource association' do
|
||
setup do
|
||
@hg = FactoryGirl.create(:hostgroup, environment: @unreachable_env, locations: [taxonomies(:location2)], organizations: [taxonomies(:organization1)])
|
||
end
|
||
|
||
test 'via resource association with no reachable environments' do
|
||
as_user(:one) do
|
||
assert_empty Environment.all, "User should not see any environments for this test"
|
||
hg = Hostgroup.find(@hg.id)
|
||
refute hg.environment
|
||
assert_equal @unreachable_env.id, hg.environment_id
|
||
end
|
||
end
|
||
|
||
test 'via resource association with other reachable environments' do
|
||
# Create a reachable environment too, as scope_by_taxable_ids has a separate code path when
|
||
# one or more resources are visible to the user
|
||
FactoryGirl.create(:environment,
|
||
:organizations => [taxonomies(:organization1)],
|
||
:locations => [taxonomies(:location2)])
|
||
|
||
as_user(:one) do
|
||
hg = Hostgroup.find(@hg.id)
|
||
refute hg.environment
|
||
assert_equal @unreachable_env.id, hg.environment_id
|
||
end
|
||
end
|
||
end
|
||
end
|
||
end
|
Also available in: Unified diff
fixes #18662 - stop default scope being overridden by association
Ensure the Taxonomix empty default scope isn't overridden by association
scopes which (effectively) calls `.where(:id => ...)` and overrides the
value of :id set in this default scope. This occurs on Rails 5.0 which
merges the scopes more correctly/effectively than 4.2, and so invisible
resources became visible through the association getter.
Like the case where there is at least one visible resource, a string SQL
fragment is used instead to prevent it being overridden by ActiveRecord.
The host test now uses an admin user as it was testing that the host's
environment was nil (since hostgroup#environment now returns nil due to
the default scope), rather than a present value. This failed on 5.0 when
hostgroup#environment returned the invisible record.