Browse Source

allow granting any permission to the default role

main
Kay Faraday 1 week ago
parent
commit
e97bc99dc2
  1. 1
      README.md
  2. 5
      app/models/user_role.rb
  3. 2
      app/views/admin/roles/_form.html.haml

1
README.md

@ -13,3 +13,4 @@ You probably don't want to run this fork, but it's provided here for transparenc
- Setting LOCAL_HTTPS to `false` always has an effect, even in production (useful for darknet instances)
- WebP has been brought back. Animated WebPs posted/uploaded locally still get converted to static WebPs though.
- User IPs are anonymized
- Any permission can be granted to the default role

5
app/models/user_role.rb

@ -89,7 +89,6 @@ class UserRole < ApplicationRecord
validate :validate_permissions_elevation
validate :validate_position_elevation
validate :validate_dangerous_permissions
validate :validate_own_role_edition
before_validation :set_position
@ -179,8 +178,4 @@ class UserRole < ApplicationRecord
def validate_position_elevation
errors.add(:position, :elevated) if defined?(@current_account) && @current_account.user_role.position < position
end
def validate_dangerous_permissions
errors.add(:permissions_as_keys, :dangerous) if everyone? && Flags::DEFAULT & permissions != permissions
end
end

2
app/views/admin/roles/_form.html.haml

@ -29,7 +29,7 @@
%label= t('simple_form.labels.user_role.permissions_as_keys')
%span.hint= t('simple_form.hints.user_role.permissions_as_keys')
- (@role.everyone? ? UserRole::Flags::CATEGORIES.slice(:invites) : UserRole::Flags::CATEGORIES).each do |category, permissions|
- UserRole::Flags::CATEGORIES.each do |category, permissions|
%h4= t(category, scope: 'admin.roles.categories')
= f.input :permissions_as_keys, collection: permissions, wrapper: :with_block_label, include_blank: false, label_method: lambda { |privilege| safe_join([t("admin.roles.privileges.#{privilege}"), content_tag(:span, t("admin.roles.privileges.#{privilege}_description"), class: 'hint')]) }, required: false, as: :check_boxes, collection_wrapper_tag: 'ul', item_wrapper_tag: 'li', label: false, hint: false, disabled: permissions.filter { |privilege| UserRole::FLAGS[privilege] & current_user.role.computed_permissions == 0 }

Loading…
Cancel
Save