Add support for editing labelling of one's own role (#18812)

Still disallow edition of rank or permissions
2 years ago · 0e504e67f3
parent e0fcd2d2b3
commit 0e504e67f3
4 changed files with 23 additions and 11 deletions
--- a/app/models/user_role.rb
+++ b/app/models/user_role.rb
@ -90,6 +90,7 @@ class UserRole < ApplicationRecord
  validate :validate_permissions_elevation
  validate :validate_position_elevation
  validate :validate_dangerous_permissions
+  validate :validate_own_role_edition

  before_validation :set_position

@ -165,6 +166,12 @@ class UserRole < ApplicationRecord
    self.position = -1 if everyone?
  end

+  def validate_own_role_edition
+    return unless defined?(@current_account) && @current_account.user_role.id == id
+    errors.add(:permissions_as_keys, :own_role) if permissions_changed?
+    errors.add(:position, :own_role) if position_changed?
+  end
+
  def validate_permissions_elevation
    errors.add(:permissions_as_keys, :elevated) if defined?(@current_account) && @current_account.user_role.computed_permissions & permissions != permissions
  end
--- a/app/policies/user_role_policy.rb
+++ b/app/policies/user_role_policy.rb
@ -10,7 +10,7 @@ class UserRolePolicy < ApplicationPolicy
  end

  def update?
-    role.can?(:manage_roles) && role.overrides?(record)
+    role.can?(:manage_roles) && (role.overrides?(record) || role.id == record.id)
  end

  def destroy?
--- a/app/views/admin/roles/_form.html.haml
+++ b/app/views/admin/roles/_form.html.haml
@ -8,6 +8,7 @@
    .fields-group
      = f.input :name, wrapper: :with_label

+    - unless current_user.role.id == @role.id
      .fields-group
        = f.input :position, wrapper: :with_label, input_html: { max: current_user.role.position - 1 }

@ -21,6 +22,8 @@

    %hr.spacer/

+  - unless current_user.role.id == @role.id
+
    .field-group
      .input.with_block_label
        %label= t('simple_form.labels.user_role.permissions_as_keys')
--- a/config/locales/activerecord.en.yml
+++ b/config/locales/activerecord.en.yml
@ -45,5 +45,7 @@ en:
            permissions_as_keys:
              dangerous: include permissions that are not safe for the base role
              elevated: cannot include permissions your current role does not possess
+              own_role: cannot be changed with your current role
            position:
              elevated: cannot be higher than your current role
+              own_role: cannot be changed with your current role