Explicitly shortcut "everything" for privileges

The seeds in the database have everything as the root of all features So this is not a problem in production But for tests, it is currently not possible to create this hierarchy and tricky to work around it. This change just admits that everything means everything and doesn't require complex feature checks to test user roles
kbrock · Jun 5, 2018 · 4b7b96c · 4b7b96c
1 parent 086c465
commit 4b7b96c
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/app/models/miq_user_role.rb b/app/models/miq_user_role.rb
@@ -30,7 +30,9 @@ def feature_identifiers
   # @param identifier [String] Product feature identifier to check if this role allows access to it
   #   Returns true when requested feature is directly assigned or a descendant of a feature
   def allows?(identifier:)
-    if feature_identifiers.include?(identifier)
+    # all features are children of "everything", so checking it isn't strictly necessary
+    # but it simplifies testing
+    if feature_identifiers.include?(MiqProductFeature::SUPER_ADMIN_FEATURE) || feature_identifiers.include?(identifier)
       true
     elsif (parent_identifier = MiqProductFeature.feature_parent(identifier))
       allows?(:identifier => parent_identifier)
@@ -107,13 +109,13 @@ def super_admin_user?
   end
 
   def report_admin_user?
-    allows_any?(:identifiers => [MiqProductFeature::SUPER_ADMIN_FEATURE, MiqProductFeature::REPORT_ADMIN_FEATURE])
+    allows?(:identifier => MiqProductFeature::REPORT_ADMIN_FEATURE)
   end
 
   alias admin_user? report_admin_user?
 
   def request_admin_user?
-    allows_any?(:identifiers => [MiqProductFeature::SUPER_ADMIN_FEATURE, MiqProductFeature::REQUEST_ADMIN_FEATURE])
+    allows?(:identifier => MiqProductFeature::REQUEST_ADMIN_FEATURE)
   end
 
   def self.default_tenant_role