Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't remove non-accessible roles when assigning new accessible roles #4609

Merged
merged 1 commit into from
Sep 9, 2022
Merged

Don't remove non-accessible roles when assigning new accessible roles #4609

merged 1 commit into from
Sep 9, 2022

Conversation

waiting-for-dev
Copy link
Contributor

Summary

When the current ability logged in assigned new roles to which they have access to a user, other non-accessible roles were removed. We're now ensuring that non-accessible roles are not touched.

It also fixes the roles being saved twice: once on the generic user#update and a second on #set_roles. Now, that only happens in the latter situation.

Fixes #4528

Checklist

Check out our PR guidelines for more details.

The following are mandatory for all PRs:

  • I have written a thorough PR description.
  • I have kept my commits small and atomic.
  • I have used clear, explanatory commit messages.

The following are not always needed (cross them out if they are not):

  • I have added automated tests to cover my changes.
  • [ ] I have attached screenshots to demo visual changes.
  • [ ] I have opened a PR to update the guides.
  • [ ] I have updated the readme to account for my changes.

@waiting-for-dev
Don't remove non-accessible roles when assigning new accessible roles
43340a7 
When the current ability logged in assigned new roles to which they have
access to a user, other non-accessible roles were removed. We're now
ensuring that non-accessible roles are not touched.

It also fixes the roles being saved twice: once on the generic
`user#update` and a second on `#set_roles`. Now, that only happens in
the latter situation.

Fixes solidusio#4528
@github-actions github-actions bot added changelog:solidus_backend Changes to the solidus_backend gem changelog:solidus_core Changes to the solidus_core gem labels Sep 8, 2022
@waiting-for-dev waiting-for-dev added Needs Backport security Report related to security issues labels Sep 8, 2022
@waiting-for-dev waiting-for-dev mentioned this pull request Sep 8, 2022
Closed
@waiting-for-dev waiting-for-dev added the type:bug Error, flaw or fault label Sep 8, 2022
kennyadsl
kennyadsl approved these changes Sep 8, 2022
View reviewed changes
Copy link
Member

@kennyadsl kennyadsl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. It's a nice use case for the service layer spike! 👍

@waiting-for-dev waiting-for-dev merged commit 14f179c into solidusio:master Sep 9, 2022
@waiting-for-dev waiting-for-dev deleted the waiting-for-dev/dont_remove_unauthorized_roles branch September 9, 2022 03:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elia elia elia left review comments

@jarednorman jarednorman jarednorman approved these changes

@kennyadsl kennyadsl kennyadsl approved these changes

@aldesantis aldesantis Awaiting requested review from aldesantis

Assignees
No one assigned
Labels
changelog:solidus_backend Changes to the solidus_backend gem changelog:solidus_core Changes to the solidus_core gem security Report related to security issues type:bug Error, flaw or fault
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Admin with limited role edit permissions can remove any role from a user (unknowingly)
4 participants
@waiting-for-dev @elia @kennyadsl @jarednorman