mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-30 07:32:39 +01:00
Fixed not being able to remove all user roles
User roles would only be actioned if they existed in the form request, hence removal of all roles would have no data to action upon. This adds a placeholder 0-id role to ensure there is always role data to send, even when no roles are selected. This field value is latter filtered out. Added test to cover. Likely related to #3922.
This commit is contained in:
parent
559e392f1b
commit
0123d83fb2
@ -234,6 +234,8 @@ class UserRepo
|
||||
*/
|
||||
protected function setUserRoles(User $user, array $roles)
|
||||
{
|
||||
$roles = array_filter(array_values($roles));
|
||||
|
||||
if ($this->demotingLastAdmin($user, $roles)) {
|
||||
throw new UserUpdateException(trans('errors.role_cannot_remove_only_admin'), $user->getEditUrl());
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
|
||||
<div class="toggle-switch-list dual-column-content">
|
||||
<input type="hidden" name="{{ $name }}[0]" value="0">
|
||||
@foreach($roles as $role)
|
||||
<div>
|
||||
@include('form.custom-checkbox', [
|
||||
|
@ -274,4 +274,34 @@ class UserManagementTest extends TestCase
|
||||
$resp->assertSessionHasErrors(['language' => 'The language may not be greater than 15 characters.']);
|
||||
$resp->assertSessionHasErrors(['language' => 'The language may only contain letters, numbers, dashes and underscores.']);
|
||||
}
|
||||
|
||||
public function test_role_removal_on_user_edit_removes_all_role_assignments()
|
||||
{
|
||||
$user = $this->getEditor();
|
||||
|
||||
$this->assertEquals(1, $user->roles()->count());
|
||||
|
||||
// A roles[0] hidden fields is used to indicate the existence of role selection in the submission
|
||||
// of the user edit form. We check that field is used and emulate its submission.
|
||||
$resp = $this->asAdmin()->get("/settings/users/{$user->id}");
|
||||
$this->withHtml($resp)->assertElementExists('input[type="hidden"][name="roles[0]"][value="0"]');
|
||||
|
||||
$resp = $this->asAdmin()->put("/settings/users/{$user->id}", [
|
||||
'name' => $user->name,
|
||||
'email' => $user->email,
|
||||
'roles' => ['0' => '0'],
|
||||
]);
|
||||
$resp->assertRedirect("/settings/users");
|
||||
|
||||
$this->assertEquals(0, $user->roles()->count());
|
||||
}
|
||||
|
||||
public function test_role_form_hidden_indicator_field_does_not_exist_where_roles_cannot_be_managed()
|
||||
{
|
||||
$user = $this->getEditor();
|
||||
$resp = $this->actingAs($user)->get("/settings/users/{$user->id}");
|
||||
$html = $this->withHtml($resp);
|
||||
$html->assertElementExists('input[name="email"]');
|
||||
$html->assertElementNotExists('input[type="hidden"][name="roles[0]"]');
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user