allow granting any permission to the default role

6 months ago · e97bc99dc2
parent f7de445e44
commit e97bc99dc2
3 changed files with 2 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -13,3 +13,4 @@ You probably don't want to run this fork, but it's provided here for transparenc
 - Setting LOCAL_HTTPS to `false` always has an effect, even in production (useful for darknet instances)
 - WebP has been brought back. Animated WebPs posted/uploaded locally still get converted to static WebPs though.
 - User IPs are anonymized
+- Any permission can be granted to the default role
--- a/app/models/user_role.rb
+++ b/app/models/user_role.rb
@ -89,7 +89,6 @@ class UserRole < ApplicationRecord

  validate :validate_permissions_elevation
  validate :validate_position_elevation
-  validate :validate_dangerous_permissions
  validate :validate_own_role_edition

  before_validation :set_position
@ -179,8 +178,4 @@ class UserRole < ApplicationRecord
  def validate_position_elevation
    errors.add(:position, :elevated) if defined?(@current_account) && @current_account.user_role.position < position
  end
-
-  def validate_dangerous_permissions
-    errors.add(:permissions_as_keys, :dangerous) if everyone? && Flags::DEFAULT & permissions != permissions
-  end
 end
--- a/app/views/admin/roles/_form.html.haml
+++ b/app/views/admin/roles/_form.html.haml
@ -29,7 +29,7 @@
        %label= t('simple_form.labels.user_role.permissions_as_keys')
        %span.hint= t('simple_form.hints.user_role.permissions_as_keys')

-      - (@role.everyone? ? UserRole::Flags::CATEGORIES.slice(:invites) : UserRole::Flags::CATEGORIES).each do |category, permissions|
+      - UserRole::Flags::CATEGORIES.each do |category, permissions|
        %h4= t(category, scope: 'admin.roles.categories')

        = f.input :permissions_as_keys, collection: permissions, wrapper: :with_block_label, include_blank: false, label_method: lambda { |privilege| safe_join([t("admin.roles.privileges.#{privilege}"), content_tag(:span, t("admin.roles.privileges.#{privilege}_description"), class: 'hint')]) }, required: false, as: :check_boxes, collection_wrapper_tag: 'ul', item_wrapper_tag: 'li', label: false, hint: false, disabled: permissions.filter { |privilege| UserRole::FLAGS[privilege] & current_user.role.computed_permissions == 0 }