Commit ad4168270e404f539af297b5f6c68c50b00784bd
1 parent
d3d8d79a
Exists in
master
and in
29 other branches
api: consider admin role when querying visible organizations for person
Showing
2 changed files
with
62 additions
and
11 deletions
Show diff stats
app/models/organization.rb
| @@ -8,11 +8,28 @@ class Organization < Profile | @@ -8,11 +8,28 @@ class Organization < Profile | ||
| 8 | :display => %w[compact] | 8 | :display => %w[compact] |
| 9 | } | 9 | } |
| 10 | 10 | ||
| 11 | + # An Organization is considered visible to a given person if one of the | ||
| 12 | + # following conditions are met: | ||
| 13 | + # 1) The user is an environment administrator. | ||
| 14 | + # 2) The user is an administrator of the organization. | ||
| 15 | + # 3) The user is a member of the organization and the organization is | ||
| 16 | + # visible. | ||
| 17 | + # 4) The user is not a member of the organization but the organization is | ||
| 18 | + # visible, public and enabled. | ||
| 11 | scope :visible_for_person, lambda { |person| | 19 | scope :visible_for_person, lambda { |person| |
| 12 | - joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'') | 20 | + joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id" |
| 21 | + AND "role_assignments"."resource_type" = \'Profile\') OR ( | ||
| 22 | + "role_assignments"."resource_id" = "profiles"."environment_id" AND | ||
| 23 | + "role_assignments"."resource_type" = \'Environment\' )') | ||
| 24 | + .joins('LEFT JOIN "roles" ON "role_assignments"."role_id" = "roles"."id"') | ||
| 13 | .where( | 25 | .where( |
| 14 | - ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR | ||
| 15 | - (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true] | 26 | + ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) |
| 27 | + OR | ||
| 28 | + ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR | ||
| 29 | + ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND | ||
| 30 | + ( profiles.visible = ? ) )', | ||
| 31 | + 'profile_admin', 'environment_administrator', Profile.name, person.id, | ||
| 32 | + Profile.name, person.id, true, true, true] | ||
| 16 | ).uniq | 33 | ).uniq |
| 17 | } | 34 | } |
| 18 | 35 |
test/unit/organization_test.rb
| @@ -479,23 +479,57 @@ class OrganizationTest < ActiveSupport::TestCase | @@ -479,23 +479,57 @@ class OrganizationTest < ActiveSupport::TestCase | ||
| 479 | 479 | ||
| 480 | should 'fetch organizations there are visible for a user' do | 480 | should 'fetch organizations there are visible for a user' do |
| 481 | person = create_user('some-person').person | 481 | person = create_user('some-person').person |
| 482 | + admin = create_user('some-admin').person | ||
| 483 | + env_admin = create_user('env-admin').person | ||
| 484 | + | ||
| 482 | o1 = fast_create(Organization, :public_profile => true , :visible => true ) | 485 | o1 = fast_create(Organization, :public_profile => true , :visible => true ) |
| 486 | + o1.add_admin(admin) | ||
| 483 | o1.add_member(person) | 487 | o1.add_member(person) |
| 488 | + | ||
| 484 | o2 = fast_create(Organization, :public_profile => true , :visible => true ) | 489 | o2 = fast_create(Organization, :public_profile => true , :visible => true ) |
| 485 | o3 = fast_create(Organization, :public_profile => false, :visible => true ) | 490 | o3 = fast_create(Organization, :public_profile => false, :visible => true ) |
| 491 | + | ||
| 486 | o4 = fast_create(Organization, :public_profile => false, :visible => true) | 492 | o4 = fast_create(Organization, :public_profile => false, :visible => true) |
| 493 | + o4.add_admin(admin) | ||
| 487 | o4.add_member(person) | 494 | o4.add_member(person) |
| 495 | + | ||
| 488 | o5 = fast_create(Organization, :public_profile => true , :visible => false) | 496 | o5 = fast_create(Organization, :public_profile => true , :visible => false) |
| 489 | - o6 = fast_create(Organization, :public_profile => false, :visible => false) | 497 | + o5.add_admin(admin) |
| 498 | + o5.add_member(person) | ||
| 499 | + | ||
| 500 | + o6 = fast_create(Enterprise, :enabled => false, :visible => true) | ||
| 501 | + o6.add_admin(admin) | ||
| 502 | + | ||
| 503 | + o7 = fast_create(Organization, :public_profile => false, :visible => false) | ||
| 504 | + | ||
| 505 | + Environment.default.add_admin(env_admin) | ||
| 506 | + | ||
| 507 | + person_orgs = Organization.visible_for_person(person) | ||
| 508 | + admin_orgs = Organization.visible_for_person(admin) | ||
| 509 | + env_admin_orgs = Organization.visible_for_person(env_admin) | ||
| 510 | + | ||
| 511 | + assert_includes person_orgs, o1 | ||
| 512 | + assert_includes admin_orgs, o1 | ||
| 513 | + assert_includes env_admin_orgs, o1 | ||
| 514 | + | ||
| 515 | + assert_includes person_orgs, o2 | ||
| 516 | + assert_includes env_admin_orgs, o2 | ||
| 517 | + assert_not_includes person_orgs, o3 | ||
| 518 | + assert_includes env_admin_orgs, o3 | ||
| 519 | + | ||
| 520 | + assert_includes person_orgs, o4 | ||
| 521 | + assert_includes admin_orgs, o4 | ||
| 522 | + assert_includes env_admin_orgs, o4 | ||
| 523 | + | ||
| 524 | + assert_not_includes person_orgs, o5 | ||
| 525 | + assert_includes admin_orgs, o5 | ||
| 526 | + assert_includes env_admin_orgs, o5 | ||
| 490 | 527 | ||
| 491 | - organizations = Organization.visible_for_person(person) | 528 | + assert_not_includes person_orgs, o6 |
| 529 | + assert_includes admin_orgs, o6 | ||
| 492 | 530 | ||
| 493 | - assert_includes organizations, o1 | ||
| 494 | - assert_includes organizations, o2 | ||
| 495 | - assert_not_includes organizations, o3 | ||
| 496 | - assert_includes organizations, o4 | ||
| 497 | - assert_not_includes organizations, o5 | ||
| 498 | - assert_not_includes organizations, o6 | 531 | + assert_not_includes person_orgs, o7 |
| 532 | + assert_includes env_admin_orgs, o7 | ||
| 499 | end | 533 | end |
| 500 | 534 | ||
| 501 | end | 535 | end |