allow granting any permission to the default role
This commit is contained in:
parent
f7de445e44
commit
e97bc99dc2
|
@ -13,3 +13,4 @@ You probably don't want to run this fork, but it's provided here for transparenc
|
||||||
- Setting LOCAL_HTTPS to `false` always has an effect, even in production (useful for darknet instances)
|
- Setting LOCAL_HTTPS to `false` always has an effect, even in production (useful for darknet instances)
|
||||||
- WebP has been brought back. Animated WebPs posted/uploaded locally still get converted to static WebPs though.
|
- WebP has been brought back. Animated WebPs posted/uploaded locally still get converted to static WebPs though.
|
||||||
- User IPs are anonymized
|
- User IPs are anonymized
|
||||||
|
- Any permission can be granted to the default role
|
||||||
|
|
|
@ -89,7 +89,6 @@ class UserRole < ApplicationRecord
|
||||||
|
|
||||||
validate :validate_permissions_elevation
|
validate :validate_permissions_elevation
|
||||||
validate :validate_position_elevation
|
validate :validate_position_elevation
|
||||||
validate :validate_dangerous_permissions
|
|
||||||
validate :validate_own_role_edition
|
validate :validate_own_role_edition
|
||||||
|
|
||||||
before_validation :set_position
|
before_validation :set_position
|
||||||
|
@ -179,8 +178,4 @@ class UserRole < ApplicationRecord
|
||||||
def validate_position_elevation
|
def validate_position_elevation
|
||||||
errors.add(:position, :elevated) if defined?(@current_account) && @current_account.user_role.position < position
|
errors.add(:position, :elevated) if defined?(@current_account) && @current_account.user_role.position < position
|
||||||
end
|
end
|
||||||
|
|
||||||
def validate_dangerous_permissions
|
|
||||||
errors.add(:permissions_as_keys, :dangerous) if everyone? && Flags::DEFAULT & permissions != permissions
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
%label= t('simple_form.labels.user_role.permissions_as_keys')
|
%label= t('simple_form.labels.user_role.permissions_as_keys')
|
||||||
%span.hint= t('simple_form.hints.user_role.permissions_as_keys')
|
%span.hint= t('simple_form.hints.user_role.permissions_as_keys')
|
||||||
|
|
||||||
- (@role.everyone? ? UserRole::Flags::CATEGORIES.slice(:invites) : UserRole::Flags::CATEGORIES).each do |category, permissions|
|
- UserRole::Flags::CATEGORIES.each do |category, permissions|
|
||||||
%h4= t(category, scope: 'admin.roles.categories')
|
%h4= t(category, scope: 'admin.roles.categories')
|
||||||
|
|
||||||
= f.input :permissions_as_keys, collection: permissions, wrapper: :with_block_label, include_blank: false, label_method: lambda { |privilege| safe_join([t("admin.roles.privileges.#{privilege}"), content_tag(:span, t("admin.roles.privileges.#{privilege}_description"), class: 'hint')]) }, required: false, as: :check_boxes, collection_wrapper_tag: 'ul', item_wrapper_tag: 'li', label: false, hint: false, disabled: permissions.filter { |privilege| UserRole::FLAGS[privilege] & current_user.role.computed_permissions == 0 }
|
= f.input :permissions_as_keys, collection: permissions, wrapper: :with_block_label, include_blank: false, label_method: lambda { |privilege| safe_join([t("admin.roles.privileges.#{privilege}"), content_tag(:span, t("admin.roles.privileges.#{privilege}_description"), class: 'hint')]) }, required: false, as: :check_boxes, collection_wrapper_tag: 'ul', item_wrapper_tag: 'li', label: false, hint: false, disabled: permissions.filter { |privilege| UserRole::FLAGS[privilege] & current_user.role.computed_permissions == 0 }
|
||||||
|
|
Reference in New Issue