mirror of
https://github.com/Unleash/unleash.git
synced 2025-09-05 17:53:12 +02:00
feat: Prevent editing of built in roles
This commit is contained in:
sighphyre
parent
a85ca86761
commit
bdf0d386d5
@ -26,6 +26,7 @@ import RoleInUseError from '../error/role-in-use-error';
|
|||||||
import { roleSchema } from '../schema/role-schema';
|
import { roleSchema } from '../schema/role-schema';
|
||||||
import { CUSTOM_ROLE_TYPE } from '../util/constants';
|
import { CUSTOM_ROLE_TYPE } from '../util/constants';
|
||||||
import { DEFAULT_PROJECT } from '../types/project';
|
import { DEFAULT_PROJECT } from '../types/project';
|
||||||
|
import InvalidOperationError from '../error/invalid-operation-error';
|
||||||
|
|
||||||
export const ALL_PROJECTS = '*';
|
export const ALL_PROJECTS = '*';
|
||||||
export const ALL_ENVS = '*';
|
export const ALL_ENVS = '*';
|
||||||
@ -411,7 +412,7 @@ export class AccessService {
|
|||||||
id: role.id,
|
id: role.id,
|
||||||
name: role.name,
|
name: role.name,
|
||||||
description: role.description,
|
description: role.description,
|
||||||
roleType: 'custom',
|
roleType: CUSTOM_ROLE_TYPE,
|
||||||
};
|
};
|
||||||
const rolePermissions = role.permissions;
|
const rolePermissions = role.permissions;
|
||||||
const newRole = await this.roleStore.update(baseRole);
|
const newRole = await this.roleStore.update(baseRole);
|
||||||
@ -450,11 +451,23 @@ export class AccessService {
|
|||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async validateRoleIsNotBuiltIn(roleId: number): Promise<void> {
|
||||||
|
const role = await this.store.get(roleId);
|
||||||
|
if (role.type !== CUSTOM_ROLE_TYPE) {
|
||||||
|
throw new InvalidOperationError(
|
||||||
|
'You can not change built in roles.',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
async validateRole(
|
async validateRole(
|
||||||
role: IRoleCreation,
|
role: IRoleCreation,
|
||||||
existingId?: number,
|
existingId?: number,
|
||||||
): Promise<IRoleCreation> {
|
): Promise<IRoleCreation> {
|
||||||
const cleanedRole = await roleSchema.validateAsync(role);
|
const cleanedRole = await roleSchema.validateAsync(role);
|
||||||
|
if (existingId) {
|
||||||
|
await this.validateRoleIsNotBuiltIn(existingId);
|
||||||
|
}
|
||||||
await this.validateRoleIsUnique(role.name, existingId);
|
await this.validateRoleIsUnique(role.name, existingId);
|
||||||
return cleanedRole;
|
return cleanedRole;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -756,3 +756,22 @@ test('Should be allowed move feature toggle to project when the user has access'
|
|||||||
projectOrigin.id,
|
projectOrigin.id,
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
test('Should not be allowed to edit a built in role', async () => {
|
||||||
|
expect.assertions(1);
|
||||||
|
|
||||||
|
const editRole = await accessService.getRoleByName(RoleName.EDITOR);
|
||||||
|
const roleUpdate = {
|
||||||
|
id: editRole.id,
|
||||||
|
name: 'NoLongerTheEditor',
|
||||||
|
description: 'Ha!',
|
||||||
|
};
|
||||||
|
|
||||||
|
try {
|
||||||
|
await accessService.updateRole(roleUpdate);
|
||||||
|
} catch (e) {
|
||||||
|
expect(e.toString()).toBe(
|
||||||
|
'InvalidOperationError: You can not change built in roles.',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user