Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Commit

Permalink
Portus admins are always team owners
Browse files Browse the repository at this point in the history
This commit forces that whenever a Portus admin gets added into a team, it will
have owner privileges. Moreover, this commit also forbids demoting a Portus
admin from being an owner.

Fixes #977

Signed-off-by: Miquel Sabaté Solà <[email protected]>
  • Loading branch information
mssola committed Jul 13, 2016
1 parent 8532207 commit 2db13a3
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 1 deletion.
23 changes: 23 additions & 0 deletions app/controllers/team_users_controller.rb
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
# TeamUsersController manages the creation/removal/update of members of a team.
class TeamUsersController < ApplicationController
before_action :set_team_user
before_action :promoted_owner, only: [:create, :update]
before_action :only_owner, only: [:update, :destroy]
after_action :verify_authorized

respond_to :js

# POST /team_users
def create
# Promote this user if it is a Portus admin.
@team_user.role = TeamUser.roles[:owner] if @promoted_role

if @team_user.errors.empty? && @team_user.save
@team_user.create_activity!(:add_member, current_user)
respond_with @team_user
Expand All @@ -18,6 +22,13 @@ def create

# PATCH/PUT /team_users/1
def update
# Send an error if an admin was about to get demoted.
if @promoted_role
@team_user.errors.add(:user, "cannot be demoted because it's a Portus admin")
respond_with @team_user.errors, status: :unprocessable_entity
return
end

team_user_params = params.require(:team_user).permit(:role)

old_role = @team_user.role
Expand Down Expand Up @@ -68,6 +79,18 @@ def set_team_user
authorize @team_user
end

# Sets the @promoted_role instance variable if a Portus admin is going to be
# set a role other than owner.
def promoted_owner
return if @team_user.user.nil?

tu = params.require(:team_user).permit(:role)
role = TeamUser.roles[tu["role"]]

return if role == TeamUser.roles[:owner] || !@team_user.user.admin?
@promoted_role = true
end

# Responds with an error if the client is trying to remove the only owner of
# the team through either the update or the destroy methods.
def only_owner
Expand Down
6 changes: 5 additions & 1 deletion app/views/team_users/create.js.erb
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,11 @@
$('#float-alert p').html("<%= escape_javascript(@team_user.errors.full_messages.join('<br/>')) %>");
<% else %>
$("<%= escape_javascript(render @team_user) %>").appendTo("#team_users");
$('#float-alert p').html("New user added to the team");
<% if @promoted_role %>
$('#float-alert p').html("New user added to the team (promoted to owner because it is a Portus admin).");
<% else %>
$('#float-alert p').html("New user added to the team");
<% end %>
$('#add_team_user_form').fadeOut();
$('#add_team_user_btn i').addClass("fa-chevron-down")
$('#add_team_user_btn i').removeClass("fa-chevron-up")
Expand Down
22 changes: 22 additions & 0 deletions spec/controllers/team_users_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,16 @@
expect(assigns(:team_user).errors).to be_empty
end

it "does not allow an admin to be demoted" do
user = create(:admin)
team.owners << user

put :update, id: team.team_users.find_by(user: user).id,
team_user: { role: "contributor" }, format: "js"
expect(response.status).to eq 422
expect(team.owners.exists?(user.id)).to be true
end

it "forces a page reload when the current user changes his role" do
user = create(:user)
team.owners << user
Expand All @@ -76,6 +86,18 @@
expect(team.owners.exists?(new_user.id)).to be true
end

it "sets admins as owners always" do
new_user = create(:admin)
post :create,
team_user: {
team: team.name,
user: new_user.username,
role: TeamUser.roles["viewer"]
},
format: "js"
expect(team.owners.exists?(new_user.id)).to be true
end

it "returns an error if the user is not found" do
post :create,
team_user: { team: team.name, user: "ghost", role: TeamUser.roles["owner"] },
Expand Down
15 changes: 15 additions & 0 deletions spec/features/teams_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@

describe "teams#show" do
let!(:another) { create(:user) }
let!(:another_admin) { create(:admin) }

before :each do
visit team_path(team)
Expand Down Expand Up @@ -143,6 +144,20 @@
expect(page).to have_content("Contributor")
end

scenario "An admin can only be added as a team owner", js: true do
find("#add_team_user_btn").click
wait_for_effect_on("#add_team_user_form")
find("#team_user_role").select "Contributor"
find("#team_user_user").set another_admin.username
find("#add_team_user_form .btn").click

wait_for_ajax
wait_for_effect_on("#float-alert")

expect(page).to have_content("New user added to the team (promoted to")
expect(page).to have_content("Owner")
end

scenario "New team members have to exist on the system", js: true do
find("#add_team_user_btn").click
wait_for_effect_on("#add_team_user_form")
Expand Down

0 comments on commit 2db13a3

Please sign in to comment.