mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
Merge pull request #1266 from Unleash/feat/block-deletion-of-root-roles
fix: Prevent deletion of built in roles
This commit is contained in:
commit
e164e3d835
@ -427,6 +427,8 @@ export class AccessService {
|
||||
}
|
||||
|
||||
async deleteRole(id: number): Promise<void> {
|
||||
await this.validateRoleIsNotBuiltIn(id);
|
||||
|
||||
const roleUsers = await this.getUsersForRole(id);
|
||||
|
||||
if (roleUsers.length > 0) {
|
||||
@ -455,7 +457,7 @@ export class AccessService {
|
||||
const role = await this.store.get(roleId);
|
||||
if (role.type !== CUSTOM_ROLE_TYPE) {
|
||||
throw new InvalidOperationError(
|
||||
'You can not change built in roles.',
|
||||
'You cannot change built in roles.',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -757,21 +757,68 @@ test('Should be allowed move feature toggle to project when the user has access'
|
||||
);
|
||||
});
|
||||
|
||||
test('Should not be allowed to edit a built in role', async () => {
|
||||
test('Should not be allowed to edit a root role', async () => {
|
||||
expect.assertions(1);
|
||||
|
||||
const editRole = await accessService.getRoleByName(RoleName.EDITOR);
|
||||
const roleUpdate = {
|
||||
id: editRole.id,
|
||||
name: 'NoLongerTheEditor',
|
||||
description: 'Ha!',
|
||||
description: '',
|
||||
};
|
||||
|
||||
try {
|
||||
await accessService.updateRole(roleUpdate);
|
||||
} catch (e) {
|
||||
expect(e.toString()).toBe(
|
||||
'InvalidOperationError: You can not change built in roles.',
|
||||
'InvalidOperationError: You cannot change built in roles.',
|
||||
);
|
||||
}
|
||||
});
|
||||
|
||||
test('Should not be allowed to delete a root role', async () => {
|
||||
expect.assertions(1);
|
||||
|
||||
const editRole = await accessService.getRoleByName(RoleName.EDITOR);
|
||||
|
||||
try {
|
||||
await accessService.deleteRole(editRole.id);
|
||||
} catch (e) {
|
||||
expect(e.toString()).toBe(
|
||||
'InvalidOperationError: You cannot change built in roles.',
|
||||
);
|
||||
}
|
||||
});
|
||||
|
||||
test('Should not be allowed to edit a project role', async () => {
|
||||
expect.assertions(1);
|
||||
|
||||
const ownerRole = await accessService.getRoleByName(RoleName.OWNER);
|
||||
const roleUpdate = {
|
||||
id: ownerRole.id,
|
||||
name: 'NoLongerTheEditor',
|
||||
description: '',
|
||||
};
|
||||
|
||||
try {
|
||||
await accessService.updateRole(roleUpdate);
|
||||
} catch (e) {
|
||||
expect(e.toString()).toBe(
|
||||
'InvalidOperationError: You cannot change built in roles.',
|
||||
);
|
||||
}
|
||||
});
|
||||
|
||||
test('Should not be allowed to delete a project role', async () => {
|
||||
expect.assertions(1);
|
||||
|
||||
const ownerRole = await accessService.getRoleByName(RoleName.OWNER);
|
||||
|
||||
try {
|
||||
await accessService.deleteRole(ownerRole.id);
|
||||
} catch (e) {
|
||||
expect(e.toString()).toBe(
|
||||
'InvalidOperationError: You cannot change built in roles.',
|
||||
);
|
||||
}
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user