1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-02-09 00:18:00 +01:00

fix: Prevent deletion of built in roles

This commit is contained in:
sighphyre 2022-01-14 10:30:34 +02:00
parent c1826ca79a
commit bfcad65cdc
2 changed files with 53 additions and 4 deletions

View File

@ -427,6 +427,8 @@ export class AccessService {
} }
async deleteRole(id: number): Promise<void> { async deleteRole(id: number): Promise<void> {
await this.validateRoleIsNotBuiltIn(id);
const roleUsers = await this.getUsersForRole(id); const roleUsers = await this.getUsersForRole(id);
if (roleUsers.length > 0) { if (roleUsers.length > 0) {
@ -455,7 +457,7 @@ export class AccessService {
const role = await this.store.get(roleId); const role = await this.store.get(roleId);
if (role.type !== CUSTOM_ROLE_TYPE) { if (role.type !== CUSTOM_ROLE_TYPE) {
throw new InvalidOperationError( throw new InvalidOperationError(
'You can not change built in roles.', 'You cannot change built in roles.',
); );
} }
} }

View File

@ -757,21 +757,68 @@ test('Should be allowed move feature toggle to project when the user has access'
); );
}); });
test('Should not be allowed to edit a built in role', async () => { test('Should not be allowed to edit a root role', async () => {
expect.assertions(1); expect.assertions(1);
const editRole = await accessService.getRoleByName(RoleName.EDITOR); const editRole = await accessService.getRoleByName(RoleName.EDITOR);
const roleUpdate = { const roleUpdate = {
id: editRole.id, id: editRole.id,
name: 'NoLongerTheEditor', name: 'NoLongerTheEditor',
description: 'Ha!', description: '',
}; };
try { try {
await accessService.updateRole(roleUpdate); await accessService.updateRole(roleUpdate);
} catch (e) { } catch (e) {
expect(e.toString()).toBe( expect(e.toString()).toBe(
'InvalidOperationError: You can not change built in roles.', 'InvalidOperationError: You cannot change built in roles.',
);
}
});
test('Should not be allowed to delete a root role', async () => {
expect.assertions(1);
const editRole = await accessService.getRoleByName(RoleName.EDITOR);
try {
await accessService.deleteRole(editRole.id);
} catch (e) {
expect(e.toString()).toBe(
'InvalidOperationError: You cannot change built in roles.',
);
}
});
test('Should not be allowed to edit a project role', async () => {
expect.assertions(1);
const ownerRole = await accessService.getRoleByName(RoleName.OWNER);
const roleUpdate = {
id: ownerRole.id,
name: 'NoLongerTheEditor',
description: '',
};
try {
await accessService.updateRole(roleUpdate);
} catch (e) {
expect(e.toString()).toBe(
'InvalidOperationError: You cannot change built in roles.',
);
}
});
test('Should not be allowed to delete a project role', async () => {
expect.assertions(1);
const ownerRole = await accessService.getRoleByName(RoleName.OWNER);
try {
await accessService.deleteRole(ownerRole.id);
} catch (e) {
expect(e.toString()).toBe(
'InvalidOperationError: You cannot change built in roles.',
); );
} }
}); });