1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-08-20 21:08:15 -07:00

Compare commits

...

5 commits

Author SHA1 Message Date
Emelia Smith
1ab5bd66fb
Merge 08235a8da7 into 549ab089ee 2024-07-31 11:08:53 +00:00
Emelia Smith
08235a8da7
WIP 2024-07-27 17:40:54 +02:00
Emelia Smith
48fafc7389
Fix specs 2024-07-27 17:31:14 +02:00
Emelia Smith
becc24a3b1
Add spec to ensure Account Serializer doesn't expose the permissions associated with a role 2024-07-27 17:26:48 +02:00
Emelia Smith
3d08ea81a9
Reuse REST::RoleSerializer in REST::AccountSerializer 2024-07-27 17:21:04 +02:00
7 changed files with 41 additions and 19 deletions

View file

@ -10,7 +10,7 @@ class InitialStateSerializer < ActiveModel::Serializer
attribute :critical_updates_pending, if: -> { object&.role&.can?(:view_devops) && SoftwareUpdate.check_enabled? }
has_one :push_subscription, serializer: REST::WebPushSubscriptionSerializer
has_one :role, serializer: REST::RoleSerializer
has_one :role, serializer: REST::CredentialRoleSerializer
def meta
store = default_meta_store

View file

@ -30,15 +30,7 @@ class REST::AccountSerializer < ActiveModel::Serializer
end
end
class RoleSerializer < ActiveModel::Serializer
attributes :id, :name, :color
def id
object.id.to_s
end
end
has_many :roles, serializer: RoleSerializer, if: :local?
has_many :roles, serializer: REST::RoleSerializer, if: :local?
class FieldSerializer < ActiveModel::Serializer
include FormattingHelper

View file

@ -11,7 +11,7 @@ class REST::Admin::AccountSerializer < ActiveModel::Serializer
has_many :ips, serializer: REST::Admin::IpSerializer
has_one :account, serializer: REST::AccountSerializer
has_one :role, serializer: REST::RoleSerializer
has_one :role, serializer: REST::CredentialRoleSerializer
def id
object.id.to_s

View file

@ -0,0 +1,9 @@
# frozen_string_literal: true
class REST::CredentialRoleSerializer < REST::RoleSerializer
attributes :permissions
def permissions
object.computed_permissions.to_s
end
end

View file

@ -6,8 +6,4 @@ class REST::RoleSerializer < ActiveModel::Serializer
def id
object.id.to_s
end
def permissions
object.computed_permissions.to_s
end
end

View file

@ -5,7 +5,7 @@ require 'rails_helper'
describe REST::AccountSerializer do
subject { serialized_record_json(account, described_class) }
let(:role) { Fabricate(:user_role, name: 'Role', highlighted: true) }
let(:role) { Fabricate(:user_role, name: 'Fancy User', highlighted: true) }
let(:user) { Fabricate(:user, role: role) }
let(:account) { user.account }
@ -20,15 +20,19 @@ describe REST::AccountSerializer do
end
context 'when the account has a highlighted role' do
let(:role) { Fabricate(:user_role, name: 'Role', highlighted: true) }
let(:role) { Fabricate(:user_role, name: 'Fancy User', highlighted: true) }
it 'returns the expected role' do
expect(subject['roles'].first).to include({ 'name' => 'Role' })
expect(subject['roles'].first).to include({ 'name' => 'Fancy User' })
end
it 'does not expose the roles permissions' do
expect(subject['roles'].first).to_not include({ 'permissions' => role.computed_permissions.to_s })
end
end
context 'when the account has a non-highlighted role' do
let(:role) { Fabricate(:user_role, name: 'Role', highlighted: false) }
let(:role) { Fabricate(:user_role, name: 'Fancy User', highlighted: false) }
it 'returns empty roles' do
expect(subject['roles']).to eq []

View file

@ -0,0 +1,21 @@
# frozen_string_literal: true
require 'rails_helper'
describe REST::CredentialAccountSerializer do
subject { serialized_record_json(account, described_class) }
let(:role) { Fabricate(:user_role, name: 'Fancy User') }
let(:user) { Fabricate(:user, role: role) }
let(:account) { user.account }
context 'when the account has a role' do
it 'returns the expected role' do
expect(subject['roles'].first).to include({ 'name' => 'Fancy User' })
end
it 'exposes the role permissions' do
expect(subject['roles'].first).to include({ 'permissions' => role.computed_permissions.to_s })
end
end
end