ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixes #6079 changes account admin role default permissions 

Change-Id: Ifcb7619a02d6fddcc025e88fb727d86bbccdfcc8
Reviewed-on: https://gerrit.instructure.com/6450
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
This commit is contained in:
Rob Orton 2011-10-25 12:41:02 -06:00 committed by Brian Palmer
parent 3a7b9dc239
commit 85fccf6cc8
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/role_override.rb
View File

@ -299,12 +299,11 @@ class RoleOverride < ActiveRecord::Base
:label => lambda { t('permissions.manage_role_overrides', "Manage permissions") },
:account_only => true,
:true_for => %w(AccountAdmin),
:available_to => %w(AccountAdmin AccountMembership)
:available_to => %w(AccountMembership)
},
:manage_account_memberships => {
:label => lambda { t('permissions.manage_account_memberships', "Add/remove other admins for the account") },
:available_to => [
'AccountAdmin',
'AccountMembership'
],
:true_for => [
@ -315,7 +314,6 @@ class RoleOverride < ActiveRecord::Base
:manage_account_settings => {
:label => lambda { t('permissions.manage_account_settings', "Manage account-level settings") },
:available_to => [
'AccountAdmin',
'AccountMembership'
],
:true_for => [

6
spec/models/user_spec.rb
View File

@ -507,6 +507,12 @@ describe User do
@admin2.grants_right?(@admin1, nil, :become_user).should be_false
end
it "should not allow account admin to modify admin privileges of other account admins" do
RoleOverride.readonly_for(Account.default, :manage_role_overrides, 'AccountAdmin').should be_true
RoleOverride.readonly_for(Account.default, :manage_account_memberships, 'AccountAdmin').should be_true
RoleOverride.readonly_for(Account.default, :manage_account_settings, 'AccountAdmin').should be_true
end
it "should grant become_user for users in multiple accounts to site admins but not account admins" do
user = user_with_pseudonym(:username => 'nobody1@example.com')
@account2 = Account.create!