mirror of
https://github.com/Unleash/unleash.git
synced 2025-02-09 00:18:00 +01:00
fix: Prevent deletion of built in roles
This commit is contained in:
parent
c1826ca79a
commit
bfcad65cdc
@ -427,6 +427,8 @@ export class AccessService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async deleteRole(id: number): Promise<void> {
|
async deleteRole(id: number): Promise<void> {
|
||||||
|
await this.validateRoleIsNotBuiltIn(id);
|
||||||
|
|
||||||
const roleUsers = await this.getUsersForRole(id);
|
const roleUsers = await this.getUsersForRole(id);
|
||||||
|
|
||||||
if (roleUsers.length > 0) {
|
if (roleUsers.length > 0) {
|
||||||
@ -455,7 +457,7 @@ export class AccessService {
|
|||||||
const role = await this.store.get(roleId);
|
const role = await this.store.get(roleId);
|
||||||
if (role.type !== CUSTOM_ROLE_TYPE) {
|
if (role.type !== CUSTOM_ROLE_TYPE) {
|
||||||
throw new InvalidOperationError(
|
throw new InvalidOperationError(
|
||||||
'You can not change built in roles.',
|
'You cannot change built in roles.',
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -757,21 +757,68 @@ test('Should be allowed move feature toggle to project when the user has access'
|
|||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Should not be allowed to edit a built in role', async () => {
|
test('Should not be allowed to edit a root role', async () => {
|
||||||
expect.assertions(1);
|
expect.assertions(1);
|
||||||
|
|
||||||
const editRole = await accessService.getRoleByName(RoleName.EDITOR);
|
const editRole = await accessService.getRoleByName(RoleName.EDITOR);
|
||||||
const roleUpdate = {
|
const roleUpdate = {
|
||||||
id: editRole.id,
|
id: editRole.id,
|
||||||
name: 'NoLongerTheEditor',
|
name: 'NoLongerTheEditor',
|
||||||
description: 'Ha!',
|
description: '',
|
||||||
};
|
};
|
||||||
|
|
||||||
try {
|
try {
|
||||||
await accessService.updateRole(roleUpdate);
|
await accessService.updateRole(roleUpdate);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
expect(e.toString()).toBe(
|
expect(e.toString()).toBe(
|
||||||
'InvalidOperationError: You can not change built in roles.',
|
'InvalidOperationError: You cannot change built in roles.',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
test('Should not be allowed to delete a root role', async () => {
|
||||||
|
expect.assertions(1);
|
||||||
|
|
||||||
|
const editRole = await accessService.getRoleByName(RoleName.EDITOR);
|
||||||
|
|
||||||
|
try {
|
||||||
|
await accessService.deleteRole(editRole.id);
|
||||||
|
} catch (e) {
|
||||||
|
expect(e.toString()).toBe(
|
||||||
|
'InvalidOperationError: You cannot change built in roles.',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
test('Should not be allowed to edit a project role', async () => {
|
||||||
|
expect.assertions(1);
|
||||||
|
|
||||||
|
const ownerRole = await accessService.getRoleByName(RoleName.OWNER);
|
||||||
|
const roleUpdate = {
|
||||||
|
id: ownerRole.id,
|
||||||
|
name: 'NoLongerTheEditor',
|
||||||
|
description: '',
|
||||||
|
};
|
||||||
|
|
||||||
|
try {
|
||||||
|
await accessService.updateRole(roleUpdate);
|
||||||
|
} catch (e) {
|
||||||
|
expect(e.toString()).toBe(
|
||||||
|
'InvalidOperationError: You cannot change built in roles.',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
test('Should not be allowed to delete a project role', async () => {
|
||||||
|
expect.assertions(1);
|
||||||
|
|
||||||
|
const ownerRole = await accessService.getRoleByName(RoleName.OWNER);
|
||||||
|
|
||||||
|
try {
|
||||||
|
await accessService.deleteRole(ownerRole.id);
|
||||||
|
} catch (e) {
|
||||||
|
expect(e.toString()).toBe(
|
||||||
|
'InvalidOperationError: You cannot change built in roles.',
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user