Merge 08235a8da7 into 549ab089ee

app/serializers/initial_state_serializer.rb

@@ -10,7 +10,7 @@ class InitialStateSerializer < ActiveModel::Serializer
   attribute :critical_updates_pending, if: -> { object&.role&.can?(:view_devops) && SoftwareUpdate.check_enabled? }
 
   has_one :push_subscription, serializer: REST::WebPushSubscriptionSerializer
-  has_one :role, serializer: REST::RoleSerializer
+  has_one :role, serializer: REST::CredentialRoleSerializer
 
   def meta
     store = default_meta_store

app/serializers/rest/account_serializer.rb

@@ -30,15 +30,7 @@ class REST::AccountSerializer < ActiveModel::Serializer
     end
   end
 
-  class RoleSerializer < ActiveModel::Serializer
+  has_many :roles, serializer: REST::RoleSerializer, if: :local?
-    attributes :id, :name, :color
-
-    def id
-      object.id.to_s
-    end
-  end
-
-  has_many :roles, serializer: RoleSerializer, if: :local?
 
   class FieldSerializer < ActiveModel::Serializer
     include FormattingHelper

app/serializers/rest/admin/account_serializer.rb

@@ -11,7 +11,7 @@ class REST::Admin::AccountSerializer < ActiveModel::Serializer
 
   has_many :ips, serializer: REST::Admin::IpSerializer
   has_one :account, serializer: REST::AccountSerializer
-  has_one :role, serializer: REST::RoleSerializer
+  has_one :role, serializer: REST::CredentialRoleSerializer
 
   def id
     object.id.to_s

app/serializers/rest/credential_role_serializer.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class REST::CredentialRoleSerializer < REST::RoleSerializer
+  attributes :permissions
+
+  def permissions
+    object.computed_permissions.to_s
+  end
+end

app/serializers/rest/role_serializer.rb

@@ -6,8 +6,4 @@ class REST::RoleSerializer < ActiveModel::Serializer
   def id
     object.id.to_s
   end
-
-  def permissions
-    object.computed_permissions.to_s
-  end
 end

spec/serializers/rest/account_serializer_spec.rb

@@ -5,7 +5,7 @@ require 'rails_helper'
 describe REST::AccountSerializer do
   subject { serialized_record_json(account, described_class) }
 
-  let(:role)    { Fabricate(:user_role, name: 'Role', highlighted: true) }
+  let(:role)    { Fabricate(:user_role, name: 'Fancy User', highlighted: true) }
   let(:user)    { Fabricate(:user, role: role) }
   let(:account) { user.account }
 
@@ -20,15 +20,19 @@ describe REST::AccountSerializer do
   end
 
   context 'when the account has a highlighted role' do
-    let(:role) { Fabricate(:user_role, name: 'Role', highlighted: true) }
+    let(:role) { Fabricate(:user_role, name: 'Fancy User', highlighted: true) }
 
     it 'returns the expected role' do
-      expect(subject['roles'].first).to include({ 'name' => 'Role' })
+      expect(subject['roles'].first).to include({ 'name' => 'Fancy User' })
+    end
+
+    it 'does not expose the roles permissions' do
+      expect(subject['roles'].first).to_not include({ 'permissions' => role.computed_permissions.to_s })
     end
   end
 
   context 'when the account has a non-highlighted role' do
-    let(:role) { Fabricate(:user_role, name: 'Role', highlighted: false) }
+    let(:role) { Fabricate(:user_role, name: 'Fancy User', highlighted: false) }
 
     it 'returns empty roles' do
       expect(subject['roles']).to eq []

spec/serializers/rest/credential_account_serializer_spec.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe REST::CredentialAccountSerializer do
+  subject { serialized_record_json(account, described_class) }
+
+  let(:role)    { Fabricate(:user_role, name: 'Fancy User') }
+  let(:user)    { Fabricate(:user, role: role) }
+  let(:account) { user.account }
+
+  context 'when the account has a role' do
+    it 'returns the expected role' do
+      expect(subject['roles'].first).to include({ 'name' => 'Fancy User' })
+    end
+
+    it 'exposes the role permissions' do
+      expect(subject['roles'].first).to include({ 'permissions' => role.computed_permissions.to_s })
+    end
+  end
+end