1
0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-30 07:32:39 +01:00

Fixed not being able to remove all user roles

User roles would only be actioned if they existed in the form request,
hence removal of all roles would have no data to action upon.
This adds a placeholder 0-id role to ensure there is always role data to
send, even when no roles are selected. This field value is latter
filtered out.

Added test to cover.

Likely related to #3922.
This commit is contained in:
Dan Brown 2022-12-16 17:44:13 +00:00
parent 559e392f1b
commit 0123d83fb2
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
3 changed files with 33 additions and 0 deletions

View File

@ -234,6 +234,8 @@ class UserRepo
*/
protected function setUserRoles(User $user, array $roles)
{
$roles = array_filter(array_values($roles));
if ($this->demotingLastAdmin($user, $roles)) {
throw new UserUpdateException(trans('errors.role_cannot_remove_only_admin'), $user->getEditUrl());
}

View File

@ -1,5 +1,6 @@
<div class="toggle-switch-list dual-column-content">
<input type="hidden" name="{{ $name }}[0]" value="0">
@foreach($roles as $role)
<div>
@include('form.custom-checkbox', [

View File

@ -274,4 +274,34 @@ class UserManagementTest extends TestCase
$resp->assertSessionHasErrors(['language' => 'The language may not be greater than 15 characters.']);
$resp->assertSessionHasErrors(['language' => 'The language may only contain letters, numbers, dashes and underscores.']);
}
public function test_role_removal_on_user_edit_removes_all_role_assignments()
{
$user = $this->getEditor();
$this->assertEquals(1, $user->roles()->count());
// A roles[0] hidden fields is used to indicate the existence of role selection in the submission
// of the user edit form. We check that field is used and emulate its submission.
$resp = $this->asAdmin()->get("/settings/users/{$user->id}");
$this->withHtml($resp)->assertElementExists('input[type="hidden"][name="roles[0]"][value="0"]');
$resp = $this->asAdmin()->put("/settings/users/{$user->id}", [
'name' => $user->name,
'email' => $user->email,
'roles' => ['0' => '0'],
]);
$resp->assertRedirect("/settings/users");
$this->assertEquals(0, $user->roles()->count());
}
public function test_role_form_hidden_indicator_field_does_not_exist_where_roles_cannot_be_managed()
{
$user = $this->getEditor();
$resp = $this->actingAs($user)->get("/settings/users/{$user->id}");
$html = $this->withHtml($resp);
$html->assertElementExists('input[name="email"]');
$html->assertElementNotExists('input[type="hidden"][name="roles[0]"]');
}
}