ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix permission checks for available roles 

fixes CNVS-13848

test plan:
 * create a role that only has permission to create admins
 * in a subaccount, grant that role an additional permission
 * in the root account, add an admin to the role
 * log in as that admin
 * in both the root account and the subaccount, attempt to create
   an admin - it should only list your role in both cases

Change-Id: If9a2dd4952e432700c59a0d4ad5e76ffa822dd0f
Reviewed-on: https://gerrit.instructure.com/37408
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
This commit is contained in:
Cody Cutrer 2014-07-08 12:57:39 -06:00
parent da900438bb
commit b7a7cd4951
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/account.rb
View File

@ -663,7 +663,7 @@ class Account < ActiveRecord::Base
account_roles |= ['AccountAdmin']
account_roles |= self.parent_account.available_account_roles if self.parent_account
if user
account_roles.select! { |role| account_users.new.grants_right?(user, :create) }
account_roles.select! { |role| account_users.new(membership_type: role).grants_right?(user, :create) }
end
account_roles
end

4
app/views/accounts/settings.html.erb
View File

@ -637,7 +637,9 @@ acknowledge that you have read and agreed to the
<h2><%= t(:account_admins_title, "Account Admins") %></h2>
<ul class="admins_list user_list list admins">
<%= render :partial => 'account_user', :collection => @account_users %>
<%= render :partial => 'account_user', :object => nil %>
<% if can_do(@context, @current_user, :manage_account_memberships) %>
<%= render :partial => 'account_user', :object => nil %>
<% end %>
</ul>
<% if can_do(@context, @current_user, :manage_account_memberships) %>
<% js_bundle :user_lists %>

3
spec/models/account_user_spec.rb
View File

@ -146,7 +146,8 @@ describe AccountUser do
u2 = User.create!
au = Account.default.account_users.build(user: u2, membership_type: 'lesser')
au.grants_right?(@user, :create).should be_true
au = Account.default.account_users.build(user: u2, membership_type: 'AccountAdmin')
au.grants_right?(@user, :create).should be_false
end
end
end